GA4 + Consent Mode v2 for SMBs: a practical, privacy‑safe setup

To stay privacy‑safe and keep useful analytics, deploy a compliant consent banner, enable Consent Mode v2, and configure GA4 around business events—so you honor choices while retaining modeled insights.

What to implement (order matters)

• Determine scope: Do you have traffic from the EEA/UK? If yes, Consent Mode v2 applies to Google tags
• Consent banner (CMP): Use a compliant banner that captures and stores consent for ads and analytics, and passes states to tags
• Consent Mode v2: Set consent states (ad_user_data, ad_personalization, analytics_storage, ad_storage); default to denied until granted
• Tagging: Implement via gtag or GTM; ensure tags fire in “consent denied” mode with limited pings for modeling
• GA4 configuration: Define key events as conversions (booked consult, purchase), enable Google Signals only with consent, and link Google Ads if applicable

How modeling works (and what it isn’t)

• When users decline consent, Google fills gaps with aggregated, privacy‑safe modeled conversions
• Modeled data won’t equal raw data; treat it as directional for optimization—not exact accounting

Operational guardrails

• Don’t block essential site functions for non‑consenting users
• Keep PII out of URLs and analytics
• Document your data flows and access; give least‑privilege permissions

30‑day checklist

• Week 1: Confirm EEA/UK exposure; select/validate a CMP; inventory current tags
• Week 2: Implement banner and Consent Mode v2; verify consent states and tag behavior
• Week 3: Map GA4 events to business outcomes; mark conversions; connect Google Ads if you run it
• Week 4: QA reports; compare consented vs modeled data; document governance and update your privacy policy

FAQs

• Do I need a consent banner if I don’t advertise?
  If you collect analytics or use third‑party tags in the EEA/UK, you likely need a consent mechanism. Consult counsel for your specific case.
• Will Consent Mode v2 hurt performance?
  Expect some loss of observed data; modeled conversions help maintain optimization. Prioritize first‑party data quality.
• Can I ignore this if I’m US‑only?
  If you truly have no EEA/UK users, scope may be limited. Many sites still receive international traffic—check your analytics.

Sources

• Google — EU user consent policy: https://www.google.com/about/company/user-consent-policy/
• Google Analytics — Consent Mode (overview): https://support.google.com/analytics/answer/9976101
• Google Tag Platform — Consent implementation guide: https://developers.google.com/tag-platform/security/guides/consent
• IAB Europe — TCF v2.2 overview: https://iabeurope.eu/tcf-2-2/