10 April 2024

Why Australian business should care about Consent Mode

Handshake with paw

In summary

  • Consent mode gives website visitors a degree of control over the data a business is allowed to collect and the cookies they allow to be set.
  • Google has taken steps to enforce compliance or restrict feature use for products or businesses who don’t meet new consent requirements. This applies to any site that has visitors from the European region.
  • With the Australian Privacy Act 1988 under review, Australian businesses should be looking at consent management now to get ahead of the game.

Consent mode is a practice that allows businesses to seek permission from website visitors and configure tracking tags and scripts based on those preferences.

The concept of consent mode was created in response to European legislation regarding the collection and use of user information with respect to privacy. It falls under the broader GDPR framework.

Over the last couple of months we’ve had multiple clients ask for assistance with getting to grips with consent mode and what it means for their business and marketing operations.

The catalyst for these discussions can be traced back to an announcement late last year that Google would begin enforcing policies around the use (or lack thereof) of consent mode when sending data back to GMP (Google Marketing Platform).

The challenge for local businesses in Australia is that many are not fully aware of what consent mode is or why it’s required.

During the course of our discussions with multiple clients we have gone through an educational piece to help them get to grips with what’s happening, but also help them plan for any future changes so as to minimise the impact to their day to day marketing operations and objectives.

Until recently consent mode was only required to be set up and configured for businesses operating in the European Union.

However Google has now broadened consent mode requirements to extend beyond business operating strictly within the European Union borders, to any business that serves European visitors more generally, so that includes Australian websites that target European audiences for example.

Non compliance with consent requirements will lead to limitations imposed on product features and sharing of data between GMP products. This in turn will limit the effectiveness of your marketing activities specifically for European audiences.

At the time of writing this mostly applies to:

  • Ability to re-target users within the European Economic Area (EEA) and include them in audience lists.
  • Ability to report on conversions from visitors within the EEA

Stage 1 - Build or adopt a consent management platform

There are a couple of ways to implement consent mode:

  1. Custom build: you can build your own custom overlay that provides users with options and preference controls that consent to different forms of data collection and tracking user activity. The downside to going down the custom route and building your own from scratch is you’ll need to invest the time, effort and expense associated with understanding the legislation and configuration choices that need to be provided, then build and implement this interface out to suit your requirements.

  2. Consent management platform: the more common option is to look at a consent management pre-built template, otherwise known as a consent management platform (CMP). These roughly fall into 2 sub-categories:

    1. Free and open source options: while these sound good at first. Louder’s testing found many of these lacked important features or were difficult to implement.

    2. Paid versions: these are often easier to implement and customise, with better overall support. While there is a modest ongoing cost, it may save you money in the long run.

There are a couple of ways to implement consent mode, you can either build your own custom overlay that provides users with options and preference controls that consent to different forms of data collection and tracking user activity.

However the downside to going down the custom route and building your own from scratch is you’ll need to invest the time, effort and expense associated with understanding the legislation and configuration choices that need to be provided, then build and implement this interface out to suit your requirements.

The other and more common option is to look at a consent management pre-built template, otherwise known as a consent management platform (CMP). These roughly fall into 2 sub-categories of free / open source or paid options. The free and open source options sound good at first, but in our experience we found many of them to be lacking, difficult to configure and implement.

Where as the paid versions are often more polished with better overall support and easier to configure customise presentation and get running. However perhaps the biggest drawback of some of these paid CMPs is that you pay via an ongoing monthly subscription service. Whilst the cost is modest, it’s still another fee on top of other costs associated with running your online business.

Stage 2 - Configure tags to respect consent management preferences

Once you’ve implemented a consent management platform, you’ll need to configure your analytics and marketing tags to respect a visitors selected tracking preferences. If you’re using Google Tag Manager as your tag management solution (TMS), you’ll basically need to add consent based trigger conditions to your existing tags. Whilst it’s not necessarily a difficult task to perform technically speaking, it can take time to configure and test that your tags are behaving correctly according to user selected preferences.

Tags in GTM can have consent options configured that only allow them to fire when specific consent choices have been made. You can see these settings within their own Consent Settings expandable accordion.

GTM consent mode setting

Stage 3 - Validate tags only fire when they comply with user choice

Once you’re done configuring your tags to fire under appropriate consent configurations, you’ll want to validate that your tags comply with these settings by running through different test scenarios.

Let’s have a look at a website using a consent mode overlay (also known as a cookie banner) to ask users to accept or reject certain types of cookies. Depending on user selection tracking of activity in some products may only be possible if users accept cookies that relate to that product area.

consent-banner-example

Further configuration options are available for selection under the manage cookies link, which looks like this:

Cookie preferences example

For this particular website, they have given you the option to opt-in to specific categories of cookies.

  1. Essential

  2. Functional

  3. Analytics and Performance

  4. Targeting and Advertising

However some consent management platforms provide much more granular breakdowns. An example can be seen on the CookieBot website (which is a popular consent management platform), and their consent configuration UI provides a much more detailed view of cookies used with a description of why they are used.

Cookie preferences in detail

The level of granularity to provide may come back to legislation you’re trying to comply with in different countries or regions. As some countries have stricter requirements than others around user consent choices and the presentation of a cookie banner more generally. To determine exactly what options to apply and to which audiences it’s best to consult with your legal/policy experts in your business to help you determine which options to provide and how much granularity details to go with it.

Yes. Whilst there is a fair bit of work in configuring consent mode and setting up a cookie banner, there are some potential benefits.

  • In Google Analytics (GA4) modelled behavioural and conversion data is only available once you send consent signals to the platform. Google is acutely aware that measurement is getting harder in 2024 and beyond and GA4 has been built under the assumption that some activity or user groups are simply not going to be able to be measured via traditional tracking methods and therefore is using AI tools to help model or predict user behaviour when these gaps in observable user activity occur.

  • Giving users choice about how data is collected, stored and processed when they engage with your business can help build trust and demonstrate that you’re taking steps to protect their information.

Although we’ve talked about Google related products so far, mostly because consent mode has been a Google driven initiative, there is no reason why you cannot apply consent rules and management framework to other tags such as a Meta Pixel tag which supports consent via it’s own API calls.

What can we expect going forward?

Until recent years in Australia, we’ve been somewhat isolated from up-to-date privacy legislation and it’s impact on measurement, particularly when compared to the European and North American markets. Local privacy legislation hasn’t been updated to provide the same rigour and guidance around permit-able usage of cookies, trackers and the transmission and handling of user data when compared with legislation such as Europe’s GDRP and California’s CCPA.

However, the Australian Privacy Act 1988 is currently under review, in light of recent high profile data breaches (see the Optus and Medibank Data Breaches). We believe it won’t be too long before local Australian business faces similar legislative frameworks.

Louder’s recommendation

Act now to prepare for the upcoming changes to privacy legislation. If your business website has visitors from the European region, you may be impacted already. By addressing the impact of the pending changes, you’ll put your business in a position where you’ll be able to adapt much more quickly to future changes.

Start having conversations internally at your company around modelled user behaviour and evaluate it’s accuracy and above all get more comfortable with some degree of ambiguity in measuring campaign performance and how to mitigate their impacts.

Get in touch

Need helping implementing consent mode? Louder is here to help. Get in touch with Louder today.

About Gavin Doolan

Gavin specialises in web analytics technology and integration. In his spare time, he enjoys restoring vintage cars, gardening, spending time with the family and walking his dog, Datsun.