User Consent in the Digital Age: Understanding Consent Mode V2.2

Cookie, GPDR, Regulations, Technology

Privacy regulations and user consent are becoming increasingly important.

Google introduced Google Consent Mode V1 in September 2020, the first version of the tool, designed to help companies manage the objectives arising from business growth and user privacy.

Version 2 of Google Consent Mode was created to align with the new Digital Markets Act (DMA), which has been in force since March 2024.

Google Consent Mode is a specific solution provided by Google and is designed to help websites that use Google products, such as Google Ads and Google Analytics, adapt to privacy and user consent regulations.

However, the need to obtain user consent to collect and use their data is not unique to Google. It is a general requirement on the internet, especially in regions that have strict privacy regulations, such as the General Data Protection Regulation (GDPR) in Europe.

In mid-April 2018, the final version of the IAB Tech Lab’s GDPR Transparency and Consent Framework or Consent Mode was released. A set of technical specifications designed to help the digital advertising industry interpret and comply with EU rules on data protection and privacy.

So while Google Consent Mode is a Google-specific implementation, the concept of requesting and respecting user consent is standard practice on the internet to comply with privacy laws.

Before we get into more technical issues or legislation, it’s important to start by finding out what cookies are and how they work.

In this article we’ll take a simple look at this topic before moving on to the subject everyone is talking about how to implement Google Consent Mode V.2, which will be the subject of a new article.

1. What Cookies are

Colourful image of several cookies with rainbow sprinkles, suspended in mid-air in a web browser against a gradient background of bluish-green to deep pink. small pieces of candy float around the brightly decorated cookies. — Colourful image of several cookies with rainbow sprinkles, suspended in mid-air in a web browser

1.1 What are cookies and how do they work?

Imagine you’re in a bakery and you order a chocolate cake with whipped cream. The waitress makes a note of your order on a piece of paper, writing down your name and what you ordered. The next time you visit the bakery, she’ll look at the paper and know which cake you like, without having to ask again.

Let’s think of another scenario: you go into a shop and take a trolley to do your shopping. At the entrance to the shop, you receive a small ticket with a unique number that identifies you as a customer. Each time you put a product in the trolley, your ticket number is registered with the product. So when you go to the checkout, the shop knows which products you have taken and can calculate the total value of your purchase without checking the products you have taken.

Cookies work in a similar way. They are small text files that a website stores on your computer or mobile device when you visit it. Each cookie contains a unique number that identifies your browser and can store information such as:

The pages you have visited on the website
The products you have added to your basket
Your language and region preferences
Your login information

When you return to the same website, the cookie is sent back to the site. This allows the site to recognise you and personalise your experience, such as:

Showing the products you have recently viewed
Remembering your shopping basket
Keeping you logged in to your account

1.2 Types of cookies and their purposes

There are different types of cookies, each with a specific purpose:

Session cookies: These are temporary and are deleted when you close your browser. They are used to store information about your current visit to the website, such as what you have added to your shopping basket or what you have viewed on a page.
Permanent or persistent cookies: They remain on your device until you manually delete them or they expire. They are used to store information that you have already provided to the website and that you want to be remembered, such as your username and password, or to track your activities over time on different websites.
Third-party cookies: These are cookies set by other websites or services in addition to the website you are visiting. They are often used for online advertising and tracking.

1.3 Impact of cookies on user privacy

Cookies can be useful for improving the web browsing experience. However, they can also pose a risk to user privacy, as they can be used to collect information about you without your knowledge or consent.

Some of the privacy concerns related to cookies include:

Online tracking: Companies may use cookies to track your online activity across different websites. This can be used to create a detailed profile of your interests and browsing habits and to target you with advertising according to your profile.
Selling personal data: Companies can sell the data collected by cookies to other companies. This can lead to misuse of personal data.
Malware: Cookies can also be infected with malware, which can damage devices or steal your data.

In 2018, the European Union implemented the General Data Protection Regulation (GDPR), which aims to give users more control over their personal data. The GDPR requires websites to obtain explicit consent from users before storing cookies on their devices.

2. New Cookie-Free Internet Rules

A laptop screen displaying the neon text "stop cookies" with vibrant pink and blue lighting, symbolising the user consent. Spread across the front are several cookies trying to enter the computer — Cookies trying to enter the computer

2.1 Approaching the end of third-party cookies

The web industry is constantly evolving, and one of the most significant upcoming changes is the end of third-party cookies.

Third-party cookies, as mentioned above, are cookies set by websites other than the one you are visiting. They are often used for tracking and online advertising, which can raise concerns about users’ privacy

For many years, third-party cookies were the basis of online advertising. Companies used these cookies to track users across different websites and create detailed profiles of their interests and browsing habits.

Based on these profiles, companies could target personalised ads to users, increasing the likelihood that they would click on the ads and make purchases.

However, third-party cookies have also raised serious concerns about data privacy. As mentioned earlier, companies can use these cookies to collect large amounts of personal data without users’ knowledge or consent, and this can lead to the misuse of personal data, such as selling it to other companies or serving invasive adverts.

In response to these concerns, many web browsers, such as Chrome, Firefox and Safari, are starting to block third-party cookies by default which means that companies will no longer be able to use these cookies to track users across different websites.

2.2 Impact on online advertising and tracking

The end of third-party cookies will have a significant impact on online advertising. Companies will need to find new ways of targeting adverts to users without using third-party cookies.

Some of the alternatives being explored include:

Contextual advertising: adverts that are displayed based on the content of the page the user is viewing.
Interest-based advertising: Adverts are targeted based on the interests the user has previously shown.
Location-based advertising: Adverts are targeted based on the user’s geographical location.

The end of third-party cookies will also have an impact on online tracking. Companies will not be able to use third-party cookies to track users across different websites and it will make it more difficult for companies to follow user behaviour and measure the effectiveness of their marketing campaigns.

2.3 New possibilities for data collection

With the end of third-party cookies, companies are looking for new ways to collect user data ethically and transparently. Some of the alternatives being explored include:

First-Party Data: This is information collected directly by a company about its own customers or users. This data is obtained through direct interactions with consumers, such as registrations on websites, purchases made, and satisfaction surveys, among others.

Second-Party Data: This is data that another entity has collected, but which is accessible by another company – either through purchase or collaboration.

Aggregated data: This is anonymous information collected and summarised from various sources. This process involves collecting and grouping data into a compact and comprehensible format and cannot be used to identify specific individuals.

By using these alternatives, companies can collect user data more ethically and transparently, respecting the privacy of users.

3. Consent Mode V2.2

Illustration of a giant smartphone displaying a consent tick box. It is surrounded by icons and miniature people in various activities symbolising the user consent mode to cookies — Illustration of a giant smartphone displaying a consent tick box for user consent.

3.1 Overview of Consent Mode v2.2 and its Objectives

The IAB Tech Lab’s Consent Mode v2.2 was launched on 16 May 2023. However, the implementation date was postponed from 30 September 2023 to 20 November 2023 to give companies more time to adapt to the changes introduced in version 2.2 of the Transparency & Consent Framework.

This is a new initiative by IAB Europe that aims to standardise the way websites obtain and manage user consent for the use of cookies and other tracking technologies. The main objective of Consent Mode v2.2 is to:

Protect user privacy: Consent Mode v2.2 gives users more control over their personal data and how it is used.
Improve transparency: Consent Mode v2.2 requires websites to provide clear and concise information about how cookies and other tracking technologies are used.
Simplify consent management: Consent Mode v2.2 standardises the way websites obtain and manage user consent, making the process easier for websites and users.

3.2 Implementing Consent Mode v2.2 in WordPress

There are several ways to implement Consent Mode v2.2 in WordPress. One of the most popular options is to use a plugin such as the IAB Consent Management Platform. This plugin integrates into your WordPress website and provides an easy-to-use interface for managing user consent.

When implementing Consent Mode v2.2, you need to:

Create a cookie policy: The cookie policy should explain how you use cookies and other tracking technologies.
Configure the consent management plugin: The consent management plugin will display a banner to users when they visit your website. This banner will ask users to consent to the use of cookies and other tracking technologies.
Manage user preferences: The consent management plugin will store users’ consent preferences. You can use this information to personalise the user experience on your website.

3.3 Managing user consent and user preferences

Consent Mode v2.2 allows websites to store users’ consent preferences. This means that users don’t need to consent again each time they visit your website.

It also allows websites to provide users with access to their consent information, making it easier for users to see what data they have consented to share and how that data is being used.

4: Legally Mandatory Pages

3D illustration of a secure data centre with a key called "gdpr", surrounded by digital symbols and networks in a dark, futuristic interface. the key rests on a metal plate with the word "data" visible. Symbolising the GDPR — GDPR – Privacy Policy

4.1 Cookies Policy: structure, content and legal requirements

Talking about cookies, modes of consent and data protection, I couldn’t fail to mention the pages we must create on our websites to fulfil all these obligations.

The Cookie Policy is a mandatory page on any website that collects or uses cookies. It should contain clear and precise information about the cookies the website uses, including:

What types of cookies are used
What cookies are used for
How users can manage their consents
How users can contact the website about their cookies

The Cookie Policy should be easily accessible from every page of the website.

It is common to include a link to the Cookie Policy in the footer of the website, but some create a section in the menu just for legal documents.

4.2 Terms of Service and Privacy Policy: importance and integration

The Terms of Service define the rules and conditions for using the website, while the Privacy Policy describes how the website collects, uses and protects user data.

It is important to integrate the Cookie Policy with the Terms of Service and Privacy Policy. This can be done by creating a single document that addresses all three topics or by including links to each page from the others.

When it comes to e-commerce, another document that should be included on the website is the document that describes and details the terms of sale.

The Terms of Service or Terms and Conditions page can also include all the conditions of sale.

Another page that can be integrated into the Terms of Service is the Terms of Liability page, which is not compulsory but can be important to create, especially on blog or artist websites, and can also include some copyright information.

4.3 Tools and resources for creating legal pages

There are several tools and resources available to help webmasters create legal pages for their sites. Some of the most popular options include:

Cookie policy generators: Online tools that can automatically generate a Cookie Policy based on the information on your website. Some consent mode management plugins include this functionality, keeping the page up to date even if there are changes to the cookies created.
Templates for terms of service and privacy notices: Various pre-written documents can be customised to suit your site and, as with the cookie policy, some consent management plugins also generate these pages.
Legal consultants: Professionals who can help you create legal pages that are compatible with applicable laws and regulations. This is always the most advisable option, especially when it comes to e-commerce.

Regardless of the tool used, any of these pages should be very well-structured and easy for the user to consult.

Whenever possible, include a summary of the various points with links to each one, such as a table of contents.

Conclusion

The Consent Mode is a topic that will never be exhausted. We’ve tried to give a comprehensive overview of privacy regulations and user consent on the internet, focusing on IAB Tech Lab’s Consent Mode V2.2 not only because it was born before Google’s Consent Mode but also because IAB Tech Lab is a non-profit consortium that develops key technology and standards to enable growth and trust in the digital media ecosystem.

The GDPR Transparency and Consent Framework is one of the IAB Tech Lab’s initiatives to support companies in complying with the EU’s General Data Protection Regulation (GDPR).

We took a brief look at Google’s V2 Consent Mode, which will be discussed in more detail in a future article.

We defined the concepts of cookies, the need to obtain user consent, the impact of the new cookie-free internet rules and the implications for e-commerce.

Although there are other platforms for creating websites, we have also focussed on providing some guidelines for implementing Consent Mode in WordPress.

We cannot fail to emphasise the importance of legal pages such as the Cookies Policy, the Terms of Service and the Privacy Policy.

If you liked this article, follow us on social media and get in touch with any questions about this article or any topic you’d like to see covered.

Thank you for your attention

You can find out more about these topics at:

IAB Tech Lab:

National Data Protection Commission (CNPD)

General Data Protection Regulation (GDPR)

A colourful digital image featuring a money wheel with nine web development platform logos and an "SEO" icon arranged in a circle. The logos include WordPress, WooCommerce, Squarespace, Magento, Drupal, Wix, Shopify, Joomla and Webflow. What is the best CMS for SEO?

Choosing the Best CMS for SEO: Comparing 9 of the Best Platforms

Cristina Coelho

A hacker attacking cybersecurity, wearing a hood and mask, sits in front of a laptop with code on the screen, illuminated by the glow of a digital data display in a dark room

Cybersecurity in E-commerce: An Essential Issue for the Success of Your Business

Soraia Silva

I want to send you a message

Author

Cristina Coelho

Consultant and specialist in fulfilment and e-fulfilment.
Specialised in e-commerce in its various forms.
Qualified trainer.
Academic degree in Electronic Engineering and Telecommunications from the Instituto dos Pupilos do Exército and a postgraduate qualification in SME Management from Nova SBE.
Trained in SEO and Digital Marketing at the Marco Gouveia Digital Marketing and Community School.

ship4you.com