The entry into force of the RODO regulation has entailed far-reaching changes in the approach to processing personal data of Internet users. Data controllers must pay attention not only to what data they process, but also for what purpose they do so and how long the personal data is processed. As the RODO unifies data processing rules across the European Union and the EEA, it has become necessary for web browser vendors to design appropriate compliance mechanisms to ensure the security of running websites. Such a mechanism is Consent Mode introduced by Google already a nice few years ago. A lot has changed since then, and today we have Consent Mode v2. We explain, What exactly is Consent Mode and why using it is so important.

What will you learn from this article?

1. What Consent Mode is and why it is essential.
2. Who is required to implement the consent mode.
3. Using CMP managers significantly simplifies the tasks incumbent on the data controller.
4. Responsible use of cookies serves to protect privacy while achieving marketing goals.

What are cookies, or what is all the fuss about?

A company offering its products through an online store does not have magical ways to collect data about its customers. For this purpose, cookies (so-called "cookies") are used. Technically, these are small text files that a website saves on the user's device used to connect to the server. They are used to remember different kinds of parameters, such as user preferences or login data. Cookies can be classified into several types:

1. in view of its source - first-party and third-party cookies,
2. because of the life cycle - session cookies and persistent cookies,
3. in view of the need for - cookies necessary for the proper functioning of the site and others,
4. by type - Analytical, marketing, performance and website functionality cookies are distinguished.

You probably use cookies on your website, even if you don't realize it. The snag is that The European Union recognizes that cookies may store personal information, such as an IP address, a user's name, unique identifier or email address. The key to legally managing users' consents is that they are given a choice about which cookies they agree to.

Why is it important to manage user data consent?

Before discussing exactly what Consent Mode is and how it works, it is worth embedding it in a concrete reality, namely the RODO Regulation (GDPR). The EU legislator starts from the premise that as far as possible user data should not be processed, and if a data processing operation takes place, it must not only be justified, but also minimized. Of course, the purpose of websites is to process as much personal data as possible. After all, they serve analytical, sales and consumer profiling purposes. However, the current form of the regulation favors the restriction of data processing. This follows directly from Article 5 of the RODO, which introduces the principles:

1. Legality, fairness and transparency of processing,
2. limitation of the purpose of processing,
3. data minimization,
4. correctness of data management,
5. data storage limitations,
6. integrity and confidentiality.

Of course, you may ask why all this. The fundamental purpose of RODO is to minimize the processing of data that can be used illegally, such as sending pushy sales offers or even extorting a loan. While RODO delineates the limits of data processing from the legal side, Consent Mode is Google's more "technical" response to specific regulations. It allows the user to consent to the use of cookies of a certain type. The implementation of Consent Mode is thus intended to allow informed choice of the data that will be processed.

A brief history of Consent Mode

The implementation of Google's Consent Mode is not as novel as it might seem. In the original version of Consent Mode 1.0 introduced in 2020, Google made a first attempt to find the golden mean between the marketing needs of online businesses and user privacy. This Google consent mode came in two variants:

1. basic,
2. advanced.

In basic mode, tags collected information only after consent was given. In advanced mode, data was sent regardless of the user's consent, but without passing any cookies. This was known as Cookie Less Tracking. This allowed programs such as Google Analytics 4, Google Ads, Conversion Linker and Floodlight to retain functionality for conversion modeling.

From a legal point of view, such a solution posed a real risk, because in Cookie Less Tracking mode, a user visiting the site still had to connect to Google's servers, revealing his IP address. For this reason, it was recommended to use Basic Mode, which generally proved to be sufficient, and only required initialization and updatee of Consent Mode flags.

Consent Mode 1.0 was based on so-called consent signals, each of which corresponded to a specific area of data processing. These signals corresponded to particular classes of cookies. The original version of Consent Mode distinguished four types of signals. Google's updated mechanism added two more.

How does Consent Mode work?

Google's introduction of Consent Mode 2.0 allows Google Ads and GA4 tags to be dynamically adjusted based on user preferences. At the same time, however, even despite the lack of consent for analytics or advertising cookies, limited data is collected. It can be said that lack of consent results in GA receiving only technical information to monitor behavior. The data has only informational functions. Consent, on the other hand, results in the GA receiving the data necessary to "train" the algorithms.

The first version of the signals included:

1. ad_storage - allowed the collection and storage of data necessary to deliver personalized ads based on user actions,
2. ad_user_data - is used to send user data for advertising purposes,
3. ad_personalization - allows personalization of ads,
4. analytics_storage - collects statistical data.

The implementation of Google Consent Mode 2.0 raises the need to implement two more signals:

1. ad_user_data - contains information about whether the user has consented to the processing of personal data,
2. ad_personalization - Enables personalized remarketing ads.

Types of Consent mode v2

The new version of Consent Mode also maintains two modes - Basic Consent Mode and Advanced Consent Mode. By design, Basic Consent Mode works well for small businesses where data collection needs are simple. It is devoid of overly extensive customization capabilities. Advanced mode requires careful implementation and configuration, and will primarily benefit larger companies that need access to more detailed user data. It allows for further-reaching configuration.

If a user does not consent to cookies analytics_storage stops collecting analytics data, while ad_storage, ad_user_data, and ad_personalisation stop collecting ad-related data.

Consent Mode in PrestaShop. What do you need to know?

PrestaShop has been equipped with the ability to implement a customizable PrestaShop Cookie Banner, which requires the user's activity to consent to selected or all types of cookies. Implementing the consent mode does not require any programming knowledge and skills and you only need to pay for it once.

Using the Consent Management Platform in PrestaShop has benefits for both users and the administrator. Users define the scope of their consents with a single click without intrusive messages. In turn, the site owner receives comprehensive information about the status of user consents, which are automatically grouped. The data collection process can also be modified by customizing the appearance, content and placement of messages. You can reach out to Cookie Manager Pro, or Consent Manager, for example, to comply with current laws. Using them is intuitive and integration with the site is simple.

The modules are compatible with Consent Mode V2 and allow dynamic submission of consents to Google Tag Manager (GTM) and other tools for implementing tags on a website without interfering with its source code.

Consent Mode integration vs manual consent configuration

If you implement Consent Mode on your site, tags will be automatically configured based on the user's explicit consent. By minimizing the actions a site visitor has to complete, you reduce the risk that he or she will "get tired" of all the mechanics and actually make a purchase from the store. In addition, thanks to the Smart-Tags feature, it is possible to hide specific codes in the functional buttons of the page, so the site looks clearer, and you take care of optimizing advertising campaigns.

What do store owners gain by including the CMP module?

If you choose to enable Consent Mode on your website, you are assured of user tracking in compliance with RODO and the Digital Markets Act regulation, but also other data protection regulations, such as Canada's CPPA or Switzerland's FADP. If you address your business to foreign customers, you don't have to worry about incompatibility with legal standards.

The ability to precisely manage consents and create automatic logs of these consents gathers material that will allow you to demonstrate that you have applied the principle of accountability, if necessary. This means being able to safely conduct advertising activities and collect analytical data.

Taking advantage of the consent manager means not only maintaining compliance with EU regulations, but also improving Google PageSpeed metrics. The loading efficiency of a website is crucial from a business perspective. After all, no potential customer wants to wait for the online store they visit to load all the necessary functions that are simply supposed to work.

What is the effect of not implementing the consent mode?

A company that chooses not to implement Google's new mechanisms risks a lot:

1. blocked audience lists in Google Ads,
2. Stopping remarketing activities,
3. A roadblock to measuring the effectiveness of marketing campaigns,
4. High financial penalties imposed by the regulator,
5. Lawsuits by individual users related to the unlawful processing of their personal data.

In essence, it can be said that the site owner loses all the benefits of analyzing his site's traffic. Of course, you have to assume that not every user will consent to the collection of marketing data, or even with a refusal to consent to anything more than essential cookies. Nevertheless, ignoring the user's consent mode will land your company in real trouble, and not just from an online marketing standpoint.

How to effectively implement Google Consent mode V2 in PrestaShop store?

Enabling consent mode in your PrestaShop store is very simple. First of all, start by choosing the right module. This can be, for example, Cookie Manager Pro. Then you need to configure it by setting the banner appearance, message content settings and cookie groups. The last step is to integrate the manager with GTM and review the performance of Google tags for compatibility with the Consent Mode API.

It is worth remembering that the right to protect one's data also includes the need to formulate messages precisely. Therefore, it is on your side to formulate the concept of consent in such a way that the customer knows what he specifically agrees to and for what purpose. Otherwise, he will be able to accuse you that his consent was not fully informed.

It is a good practice to also download the privacy policy manager (PrestaShop Consents and Terms and Conditions Manager). It allows you to manage from one place:

1. consents,
2. privacy policy,
3. licenses,
4. warranty provisions,
5. mailing list,
6. newsletters.

And what actually should the user's consent be? The answer to this question is provided by Article 4(11) of the regulation, according to which the data subject must make a statement of intent:

1. entirely voluntarily - This means that next to the button with consent appears a button to deny consent,
2. after receiving the necessary information - An informed user is one who knows who will process his or her personal data, for what purpose, in what way and for how long,
3. plainly stated - a specific consent message must appear on the consent banner so that nothing has to be guessed or presumed,
4. in detail - different states of consent can be given for the different tools that the site and Google use to collect data about users,
5. in advance - implemented correctly Consent Mode relates to the consent previously given, without this data processing is not allowed,
6. which will be documented - The CMP manager records user decisions and activity data, so the site owner has proof that it processed the data based on the user's consent,
7. with the possibility of its cancellation - the ability to consent to the storage of cookies must always be revocable, moreover, revoking consent must not be more difficult than giving consent.

Proper implementation of Consent Mode V2 requires meeting all these requirements, so reaching for a ready-made manager makes the entrepreneur's task much easier. Before you choose a consent manager, first of all, make sure that it really allows you to meet all the assumptions of Google and RODO guidelines.

Summary

Implementing a user consent mode is a guarantee of operations that comply with data protection regulations. It's not just about paperwork. Practice shows that data protection regulators really do impose heavy financial penalties on entities that have neglected to implement Consent Mode. Just point to the TikTok service ($5.4 million penalty), Microsoft ($65 million penalty), or finally...Google itself ($162 million penalty). In each of these cases, user management of consents was hindered or applied incorrectly.

Taking care of Consent Mode privacy regulations at the same time allows you to keep your advertising campaigns effective. If you want to reach for a modern tool for managing consents, PrestaShop will be perfect for this. With the help of the tools available in it, you will meet legal requirements and build trust with your customers.

Today, the use of Google's services is essential to run a business that is growing rapidly online. If you want to make sure your operations are legitimate, using Cookie Consent Mode is an essential part of creating a successful business.

And, of course, we can help you implement it. If you need, contact us.