Fix: Consent Mode v2 not deployed for EEA traffic

Your account is serving impressions to users in the European Economic Area, but Consent Mode v2 (advanced or basic) is not deployed. Since 2024-03-06, Google enforces this as a precondition for remarketing, conversion modeling, and ad personalization features on EEA traffic [1][2]. The audit flagged this finding because campaign geo targeting and landing-page locale indicate EEA exposure, yet your tags are not sending the four required consent signals.

Why this matters

Google's enforcement of Consent Mode v2 is not advisory. As of 2024-03-06, accounts serving EEA users without a valid consent signal lose access to remarketing list population, audience-based bidding, and Google's conversion modeling layer for unconsented traffic [1][2]. In July 2025 Google began issuing notices to non-compliant accounts stating that personalized ads, non-personalized ads, remarketing, and conversion tracking functionality would be disabled outright [8]. This is the second enforcement wave — the first cut measurement features; the second cuts ad delivery itself.

The business impact compounds. Smart Bidding strategies (tCPA, tROAS, Max Conv Value) lean on conversion signal to optimize; once a material share of EEA conversions go unrecorded because consent signals are missing, bid models drift, CPA inflates, and the learning phase resets every time you adjust budgets by more than 20%. Performance Max and Demand Gen suffer hardest because their audience signals and value-based bidding rely on remarketing eligibility. If your audit also flagged broken Conversion Tracking or missing Enhanced Conversions, Consent Mode v2 is the prerequisite to fix — the others cannot recover signal that Google refuses to accept.

Geographic scope is broader than "EEA only". UK GDPR (Data Protection Act 2018) and PECR enforce the same consent-before-tracking rule the EEA does; the ICO has issued guidance treating Consent Mode v2 as an acceptable technical control. Switzerland's revised Federal Act on Data Protection (nFADP, in force 2023-09-01) creates equivalent obligations, and Switzerland sits inside the scope of Google's EU User Consent Policy alongside the EEA and UK [10]; per vendor reporting, Google began enforcing this against Swiss traffic from mid-2024 [5][6]. Even accounts targeted outside the EEA are at risk if user-geo impressions land in these regions — Google evaluates by user geo at impression time, not by campaign targeting. Any non-zero EEA / UK / CH impression share puts you in scope; once that share exceeds ~5%, the business impact on bidding and measurement becomes material rather than cosmetic.

How to verify the issue

1. Open Google Ads. Navigate to Goals → Conversions → Summary, click into any Google Ads website conversion action, then open the Diagnostics tab. Look for the line "Consent mode status for EEA users". Healthy accounts show "Reading and recording consent statuses" with a green status [7]. (Older account UIs still surface this under Tools → Conversions; Google migrated most accounts to the Goals menu through 2024-2025.)
2. Open the consent overview in Google Tag Manager: Admin → Container Settings → enable "Consent Overview", then return to the container and click the shield icon next to Tags. Every tag firing on EEA traffic should have a "Consent Settings" entry. Tags marked "Not set" leak data and will be rejected by Google [4].
3. Run Google Tag Assistant on a representative landing page. Load the page with a clean browser, dismiss the CMP banner with "Reject all", then inspect the earliest Consent event. Confirm all four parameters — ad_storage, analytics_storage, ad_user_data, ad_personalization — are present and set to "Denied" by default. Accept the banner and verify the next Consent event updates them to "Granted" [7].
4. Cross-check campaign exposure: Reports → Predefined reports → Geographic → User location. Filter to EEA countries plus UK and Switzerland. Any non-zero impression share in these regions puts you in scope; once that share crosses ~5%, modeling and remarketing degradation moves from soft (silent measurement loss) to material (bid models drift, CPA inflates).

How to fix it

Plan 4-8 hours of implementation work plus a 48-hour to 2-week validation window. Coordinate with whoever owns your CMP (Consent Management Platform) and tagging.

1. Pick a Google-certified CMP if you don't have one. Cookiebot, OneTrust, Usercentrics, iubenda, Termly, CookieHub, Didomi, and 40+ others are certified. Self-built banners are allowed but harder to maintain; if you self-build, you must implement the gtag consent API manually [4].
2. Decide advanced vs basic. Advanced is preferred for measurement quality — tags load with default-denied state, send cookieless pings before consent, and unlock advertiser-specific conversion modeling. Basic blocks tags entirely until consent and falls back to a coarser general model. Choose advanced unless legal requires basic [3].
3. Configure the four signals in your CMP. Map "advertising" / "marketing" consent toggles to ad_storage, ad_user_data, ad_personalization; map "analytics" / "statistics" to analytics_storage. Default state must be "Denied" for all four [4].
4. Update gtag defaults before any Google tag fires. If you self-manage the banner, the gtag('consent', 'default', ...) call must run synchronously in <head> before gtag.js loads. Region-specific defaults (e.g., denied for EEA + UK + CH, granted elsewhere) reduce data loss for non-affected geos [4].
5. Wire the update event. On banner accept, fire gtag('consent', 'update', { ad_storage: 'granted', ... }). Most certified CMPs do this automatically once you map signals; verify in Tag Assistant.
6. Republish GTM containers and clear CDN caches. Consent settings live in container config and tag config — both must be republished. If you use server-side GTM, redeploy the server container as well.
7. For non-EEA accounts with EEA traffic exposure, deploy advanced consent mode globally with region-specific defaults. This is the soft-signal fix — it costs nothing extra and protects measurement when EEA / UK / CH traffic share drifts above ~5%.

How to confirm the fix worked

• Tag Assistant shows all four consent parameters firing with correct default-denied and update-granted states
• Google Ads Diagnostics panel shows "Reading and recording consent statuses" within 48 hours (allow up to 2 weeks)
• GTM consent overview shows zero tags with "Not set" consent configuration on EEA traffic
• EEA conversion volume in the Conversions report stabilizes or recovers within 14 days (compare 14-day before vs 14-day after)
• Remarketing list populations resume growth on the Audience manager page
• If you migrated from no-consent to advanced consent mode, expect modeled conversions to appear within 7 full days of valid implementation across each country × domain grouping that meets Google's threshold of 700 ad clicks averaged daily over a 7-day window [9]

If the diagnostics panel still shows yellow or red status after 14 days, re-run Tag Assistant on multiple EEA-geo VPN sessions — a partial deploy (e.g., consent on the main domain but not on a checkout subdomain) is the most common failure mode.

This finding is the gating dependency for the entire measurement stack on EEA traffic. Until Consent Mode v2 is live, Enhanced Conversions, Data-Driven Attribution, and remarketing-based bidding signals are partially or fully blocked. Co-occurring findings — "Enhanced Conversions not enabled", "remarketing audiences not growing", "Smart Bidding learning phase stuck" — typically resolve downstream once consent signals flow. Fix this first; everything else compounds on top.

Related rules + concepts

• Consent Mode v2 — concept overview
• EEA conversion drop — root cause
• Enhanced Conversions
• Modeled Conversions

Sources

1. Google Ads Help — About consent mode. https://support.google.com/google-ads/answer/10000067 (accessed 2026-05-25)
2. Google Tag Manager Help — Updates to consent mode for traffic in European Economic Area (EEA). https://support.google.com/tagmanager/answer/13695607 (accessed 2026-05-25)
3. Google Ads Help — Set up consent mode. https://support.google.com/google-ads/answer/14009635 (accessed 2026-05-25)
4. Google for Developers — Set up consent mode on websites. https://developers.google.com/tag-platform/security/guides/consent (accessed 2026-05-25)
5. Usercentrics — What are Google's New Consent Requirements for Switzerland?. https://usercentrics.com/knowledge-hub/google-consent-requirements-switzerland/ (accessed 2026-05-25)
6. Cookiebot — Google's March Deadline for Consent Mode & Ads Privacy Compliance. https://www.cookiebot.com/en/googles-consent-mode-deadline-ads-privacy-compliance/ (accessed 2026-05-25)
7. Google Ads Help — Verify consent mode implementation. https://support.google.com/google-ads/answer/14218557 (accessed 2026-05-25)
8. Search Engine Land — Google cuts conversion tracking in EU over consent mode non-compliance. https://searchengineland.com/google-cuts-conversion-tracking-eu-consent-mode-459606 (2025-07)
9. Google Ads Help — About consent mode modeling. https://support.google.com/google-ads/answer/10548233 (accessed 2026-05-25)
10. Google — EU user consent policy. https://support.google.com/google-ads/answer/9028179 (accessed 2026-05-25)