Consent Mode – what is it and how do you customise a page?

Consent Mode is a technology that allows websites to dynamically adjust how user data is collected and used based on individual preferences. The introduction of this mechanism enables site owners to not only increase user trust, but also to comply with the growing number of data privacy regulations.

From this article you will learn:

What is Consent Mode?
Which regulations are important in the context of Consent Mode?
What are the penalties for not implementing Consent Mode?
How does Consent Mode work?
What are Consent Management Platforms and how do I choose them?
What should the cookie window look like?
What are the challenges of Consent Mode?

Consent Mode is a mechanism available for implementation by, among others, Cookiebot and compatible with technologies such as Google Analytics 4 and Google Ads. It helps companies to better manage user consent requests. This is particularly important for companies operating in the European Union, where strict data privacy regulations such as the General Data Protection Regulation (GDPR, short for General Data Protection Regulation, known as RODO in Poland) apply.

At Consent Mode, the user’s consent to tracking and data collection is important in the context of the operation of the website and affects the way the website functions. If he or she does not consent to the collection of certain data, analytics and advertising tools will work in a limited way to respect this decision. The aim is to balance business needs with users’ privacy rights and expectations.

Consent Mode is a mechanism designed to help companies comply with various data privacy regulations, such as the General Data Protection Regulation in the European Union, the California Consumer Privacy Act in the United States or other local laws. These regulations require users to give informed and unambiguous consent to the processing of their personal data. Consent Mode allows websites to set different levels of consent so that data collection can be tailored to users’ expressed preferences.

Many privacy laws recommend or require the minimisation of data collection. This means that companies should only collect data that is actually needed for defined purposes. With Consent Mode, if a user does not consent to data collection for marketing purposes, analytics and advertising tools can be configured to collect only the minimum amount of information. By setting precise settings in Consent Mode, companies can better inform users about how their data will be used, which is in line with the spirit and letter of the law.

The obligation to implement mechanisms such as Consent Mode depends not only on the jurisdiction, but also on the type of data collected and processed. If your website collects data from users, particularly sensitive data or data for advertising and analytics, then consent mechanisms are required.

Virtually every activity of a website involves the collection and processing of personal data and user behaviour data, which is subject to privacy regulations. Their use without a proper consent mechanism can violate users’ privacy rights and lead to serious legal consequences. Consent Mode needs to be implemented, especially if your website:

uses Google Ads,
includes a Facebook pixel,
acquires contacts for a newsletter,
uses cookies for remarketing.

However, it is worth remembering that when using tools from different providers, such as Google or Facebook, the consent mechanism should be compatible with each of them. It should also clearly inform the user about what data is being collected and for what purpose. Also, your site’s privacy policy should refer to each of the tools your company uses.

It is also worth noting that even if your site is hosted in one country but is accessible to users from other countries with different privacy regulations, it is best practice to implement a consent mechanism that complies with different jurisdictions and displays messages in the user’s language.

Sites that do not collect personal data or only use it in a non-intrusive way (for example, only for technical purposes) may not need such sophisticated consent mechanisms. If in doubt, it is best to consult lawyers specialised in data protection and privacy.

Failure to comply with the General Data Privacy Regulation (GDPR) and cookie consent can lead to various types of sanctions. For violations of the GDPR, companies can be fined up to €20 million or up to 4% of global annual turnover – whichever is higher. Sanctions can be imposed for a variety of breaches, including the improper collection and processing of personal data, which includes the mismanagement of cookies and other tracking technologies.

However, this is not the only consequence. Improper management of cookie consent can also negatively affect a company’s image and customer trust, which can be as damaging as financial penalties in the long term.

The operation of Consent Mode can be divided into an action due to the user and the website owner. In the former case, Consent Mode is practically unnoticeable, while in the latter it requires some action.

From the user’s perspective, Consent Mode acts as a mechanism that respects and implements the user’s privacy choices on a website. When a user first visits a website, he or she is confronted with a dialogue box informing him or her of the use of cookies. These are small sets of data stored in users’ browsers that can be used for purposes such as tracking website interactions, recording user preferences or personalising advertising.

In a dialog box, the user can select which types of cookies they wish to accept. After reviewing the available options, by clicking on the appropriate button, he or she agrees or rejects the various types of cookies. If the user chooses to accept all of them, all functions will work, enabling tracking and personalisation of experiences, advertising and content. If, on the other hand, he or she only consents to certain types of cookies, Consent Mode will adapt the operation of the site to respect these choices. The main goal of the process is to give the user maximum transparency and control over how data is collected and used.

With Consent Mode, companies can still collect some basic analytics even if the user does not give full consent. This allows for a certain level of optimisation and analysis without infringing on the user’s rights. It also helps to prioritise in the context of different types of cookies. For example, if analytics cookies are more important to the site owner than marketing cookies, this can be taken into account in the configuration.

Implementing Consent Mode on a website is a process that requires both technical understanding and compliance with privacy laws. It usually requires some technical configuration, such as placing appropriate tags on the site or integrating with existing content management systems (CMS) or analytics platforms. It can be complicated, but it is an effort that has long-term benefits. Here are some steps and recommendations that can help you through the process:

Planning and analysis

Before implementing Consent Mode on your website, you need to understand the legal regulations that affect how data is collected and processed on the website. In addition, it is worth consulting lawyers and privacy experts to understand exactly which elements need to be included in the consent mechanism on your site. An expert can help you identify the types of data you collect and advise you on how to process it in compliance with applicable law.

Choice of tools

When implementing Consent Mode on your site, choosing the right consent management tool is key. You can use dedicated platforms like CookieBot, which is a tool recommended by many marketing agencies, OneTrust, CookieConsent or TrustArc – these offer comprehensive consent management solutions and are frequently updated to comply with the latest regulations.

A tool worth choosing when using Google applications is CookieBot, a platform for managing users’ consent to the use of cookies and other tracking technologies on websites, which is also completely dignified with Google’s requirements and tools. It automatically scans the site to identify all cookies and tracking technologies used. It then generates an information window (a so-called cookie banner) for users, where they can give their consent to different types of cookies. In doing so, CookieBot helps site owners to comply with privacy laws.

Importantly, CookieBot can (and should) be linked to Google Tag Manager. The integration of both solutions involves several steps:

If you have not already done so, register and create an account on the CookieBot platform.
After logging into the CookieBot dashboard, configure your cookie consent settings. Here you will also find the script code to add to your site.
Log in to your Google Tag Manager account and select the relevant site where you want to integrate CookieBot.
Create a new tag in GTM and select “Custom HTML” as the tag type.
Copy the pre-generated script code from the CookieBot panel and paste it into the ‘HTML’ section of the tag configuration in GTM.
Set the trigger for the tag; generally selecting ‘All Pages’ or the specific page you want CookieBot to appear on.
Once you have completed the configuration and added the tag, publish the changes to GTM to activate CookieBot on your site.
Once published, visit your site and ensure that CookieBot is working as expected.
Regularly check that everything is working as expected and that the site is compliant with current regulations.

Whatever you choose, make sure the tool you select can be integrated with other systems you use, such as CMS or e-commerce platforms, to ensure consistency and efficiency in data management.

User information

Both the information window about cookies and the current privacy policy are key elements in the implementation of Consent Mode. The information window should be understandable and easy to navigate so that users can make informed choices. At the same time, it is necessary to update the privacy policy to reflect any changes related to the new way of collecting and processing data.

Monitoring and updates

Regular audits are key to maintaining compliance and ensuring that the consent mechanisms on the site are working properly. They help to identify potential problems and prevent breaches of the law. In addition, they allow you to stay abreast of evolving regulations and adapt Consent Mode as new requirements emerge or changes to existing legislation occur.

When implementing Consent Mode on your website, it is also worth bearing in mind the following:

Ensure that the mechanism complies with applicable law.
The consent mechanism should be easy for users to understand and use.
Be careful when storing and processing data; only disclose information for which you have consent.
Improper implementation can lead to problems such as inappropriate data collection or privacy breaches.

Integrating Consent Management Platforms (CMPs, user consent management tools) with Consent Mode helps maintain regulatory compliance and offers users more transparency and control over their data. Consents collected and managed by CMPs can be passed to Consent Mode mechanisms, which then adjusts the operation of the site and tools according to these choices.

Examples of CMPs include:

Cookiebot
OneTrust,
CookieConsent,
TrustArc,
Quantcast,
Tealium.

The platform you choose should be compatible with other tools you use, such as CMS systems, analytics tools or e-commerce platforms. Equally important are the ability to customise the look and function of the consent window and the visual identity of your site, as well as an intuitive user interface and ease of consent management.

Also, the availability of technical support and documentation to help resolve any problems can be an important factor in your choice. It is also worth considering the cost of the tool and choosing one that fits the size and needs of your business. Remember, too, that choosing the right consent management platform is key to ensuring legal compliance and optimising the user experience on your site.

The cookie information window (also known as the cookie banner or cookie dialog box) is crucial in informing users about how and why your website uses cookies and other tracking technologies. It is also the place where users can give their consent to various types of data processing. Here are some elements that such a window should contain:

Basic information
- Purpose – an explanation of why the website uses cookies. This could be for analytical purposes, marketing purposes, functional purposes, etc.
- Types of cookies – a brief description of the different types of cookies used on the site (e.g. essential, performance or marketing cookies).
Consent options
- Choice – an option for the user to indicate which types of cookies they agree to.
- Rejection option – the user should be able to reject all or some cookies, except those that are absolutely necessary for the functioning of the site.
More information
- Privacy policy – link to the site’s full privacy policy, which contains more information on data processing.
  - How to manage cookies – instructions or link to instructions on how users can manage their cookie settings in their browsers.
Action buttons
- Accept all – a button that allows the user to accept all cookies.
- Apply selection – a button that saves the user’s individual preferences.

Consent Mode must be integrated with the cookie information window in order to practically apply the user’s choices and for the whole mechanism to function correctly. After the user selects his or her preferences in the dialog box, Consent Mode dynamically adjusts the way the website collects and processes data according to these preferences.

It is worth emphasising that the cookie box itself is only one element that makes up the overall consent and data privacy management strategy.

Implementing and managing Consent Mode can present several challenges:

Implementing Consent Mode often requires advanced technical skills to properly integrate various components such as tags, scripts and consent management platforms.
Consent Mode has an important impact on analytics, as it can, for example, reduce the volume of traffic visible in reports if users do not allow tracking.
Maintaining compliance with dynamically changing regulations can be difficult, especially for companies operating in different markets with different privacy laws.
Not all consent management platforms are compatible with Consent Mode, which can complicate integration.
Consent interfaces that are too complicated or unclear may discourage users, negatively affecting their experience on the site.
Restrictions on data collection due to user choices can affect the quality of analytics data, which can be a challenge for marketing and analytics efforts.
Implementing and managing Consent Mode can generate additional costs, both one-off (implementation) and ongoing (maintenance and updates).
Users need to be properly informed about how and why their data is collected and used, which requires clear and understandable communication.

Despite these challenges, proper implementation of Consent Mode is key to compliance and building trust among users.