We live(d) in a cookie world. Now, we need to get ready for things to change. The first step? Understanding the implications of cookie consent, then we’ll show you how to add cookie consent to your website.
Tracking is getting harder
Higher user expectations for ad privacy are driving both additional privacy regulations and technology changes that restrict user-level tracking.
What marketers have to contend with:
- The loss of third-party cookies (coming 2024 to Chrome)
- Shorter conversion windows
- Loss of app to web tracking
- Increased privacy regulations
- The rise of ad-blockers
All these changes ultimately reduce the amount of data we can collect and therefore limit our visibility on users.
Regulations across the world
If you operate internationally, you have to respect multiple regulations.
Without doing a deep dive into GDPR, you might be surprised to learn that cookies are only mentioned once across the GDPR’s 88 pages.
What does it say?
Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses,
cookie identifiers or other identifiers such as radio frequency identification tags.This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.
Data governance requires dedication
Having a cookie solution in place does not make you compliant. It is not a one-and-done thing. Regulations keep changing. You must keep up to date with them!
Cookies fall under the Privacy and Electronic Communications Regulations
Under PECR we must:
- Receive users’ consent before you use any cookies except strictly necessary cookies
- Provide accurate and specific information about the data each cookie tracks and its purpose in plain language before consent is received
- Document and store consent received from users
- Allow users to access your service even if they refuse to allow the use of certain cookies
- Make it as easy for users to withdraw their consent as it was for them to give their consent in the first place
Types of cookies
Based on their duration, provenance, and purpose, you need to adapt how you use cookies.
- Duration: Session, Persistent
- Provenance: First-Party, Third-Party
- Purpose: Strictly necessary, Preferences, Statistics, Marketing
You can do this easier by using one of the consent management platforms below. In the following examples we’ll use OneTrust to implement cookie consent.
Cookie consent implications: closing the gap
Some of Google Marketing Platform solutions to minimise impacts include:
- Enhanced Conversions
- Conversion Modelling
- Privacy Sandbox
- Consent Mode
Let’s narrow in on Conversion Modeling and Consent Mode. By setting up a OneTrust property, for example, we’ll be able to unlock these two features.
First, we want to unlock Consent Mode to get better insights. This is recommended by Google for the most accurate modelling.
How to add cookie consent to your website
Adding a cookie consent banner to your website means a loss of data/visibility, but we can still track users who allow it. Based on the consent response of the user we’ll either be able to track their activity across your website or not.
The impact
You can evaluate the impact of adding cookie consent to your website and how many people opt-in or opt-out on purpose in Google Analytics 4 and Google Ads.
Google Analytics
- Use the OneTrust report, for example, to evaluate the amount of data lost
- In GA4, change reporting identity at a property level to see the difference between Modeled Data and Observed Data
- 2023 release: Conversion modeling of GA4 will integrate with Google Ads
Google Ads
- Use the OneTrust report to evaluate the amount of data lost
- Modelled conversions are reported with the same granularity as observed conversions
- 2024 release: When conversion modeling goes live, you’ll be able to view your conversion modeling uplift on “domain x country level” in the Diagnostics tab
Deploying consent mode: best practices
Consent mode enables you to measure conversions while respecting user consent.
- User navigates to your site and indicates consent status (for ads and/or analytics storage).
- Consent mode will tell Google tags whether they have permission to use cookies for ads and analytics.
- When the user does not consent, the relevant Google tags will adjust their behaviour to help observe conversions without using associated cookies. When the user consents, Google will observe data as normal.
- With modelling, Google surfaces the most accurate data in your account to enable better reporting and optimisation
Consent types
Google and third-party tags adjust their storage behaviour based on a consent state of either granted or denied.
- Ad_storage: Enables storage, such as cookies, related to advertising
- Analytics_storage: Enables storage, such as cookies, related to analytics (for example, visit duration)
- Functionality_storage: Enables storage that supports the functionality of the website or app such as language settings
- Personalization_storage: Enables storage related to personalisation such as video recommendations
- Security_storage: Enables storage related to security such as authentication functionality, fraud prevention, and other user protection
The first two types, Ad_storage and Analytics_storage, are the most important for marketers.
Conversion Modelling
Conversion modelling can help fill in blanks in media measurement at times when it’s not possible to observe the path between ad interactions and conversions.
Modelled conversions will appear in the “Conversions” column and be reflected in all downstream reports that use this data.
Minimum required:
- Consent mode implemented
- Daily ad click threshold of 700 ad clicks over a 7 day period, per country and domain grouping
Read more about consent mode modelling.
GA4 Behaviour Modeling
Behavioural modelling compensates for the absence of cookies through the use of models for users and sessions data, which are trained on observable data to give a more complete picture.
Behavioural modelling starts from the date a given property becomes eligible.
Minimum required:
- Consent mode implemented
- The property collects at least 1,000 events per day with analytics_storage=’denied’ for at least 7 days
- The property has at least 1,000 daily users sending events with analytics_storage=’granted’ for at least 7 of the previous 28 days
Learn more about GA4 Behavioural Modeling for Consent Mode.
How to add cookie consent to your website with OneTrust
OneTrust is a provider of privacy management software platforms. Let’s learn how to add cookie consent to your website with OneTrust Cookie Consent.
OneTrust cookie consent helps companies stay compliant with privacy and security laws like ePrivacy (cookie Law), GDPR, CCPA and others by providing a centralised platform to track data and automate privacy processes.
- Implement digital tracking governance
- Detect all cookies, tags, trackers, pixels, beacons, and more across your website
- Customise out-of-the-box consent banners according to your brand and regional needs
- Easily deploy banners across domains with pre-built MarTech integrations
- Demonstrate compliance with global privacy laws
- Installed via Google Tag Manager
- Configured by site/language = multiple licences per region
7 steps for creating a GDPR cookie-compliant banner with OneTrust
- Scan the site
- Create cookie compliance templates
- Categorise the cookies
- Create and assign geolocation rule groups
- Define vendors
- Implement the cookie consent script
- Block scripts and cookie creation based on user’s consent
Need help implementing cookie consent across your website? Speak to an expert.
