What does Google Analytics do in consent mode without cookies

With the so-called “Consent Mode”, Google Analytics can also be used without cookies. But how does it work and which data is then retained?

Google Analytics reacts with a consent mode to the consent hurdle required by data protection law. This extension, called “Consent Mode” in English, introduces new settings with which you can use Google Analytics without cookies. What does this consent mode do?

Google Analytics and data protection

Google Analytics has had a problem at least since the introduction of the General Data Protection Regulation. In fact, several. It begins with the transmission of the IP address when the script is called. The storage of a personal ID in a cookie and the transfer of data to the USA are also problematic. The creation of user profiles in Google Analytics is also criticized.

Google Analytics and data protection, © NETPROFIT

Google Analytics’ consent mode

Google Analytics offers for gtag.js and Google Analytics 4 a consent mode at. This is currently still in the beta stage. There is the option analytics_storage = ‘denied’. Google Analytics then does not read or write its own analytics cookies. Combined with ad_storage = ‘denied’, Google Ads does not read or write any corresponding cookies. Google then only sends so-called “pings” to Google Analytics for basic measurement and modeling purposes.

These types of pings are sent from all pages on a website that have implemented Google Analytics, and also when events are logged,

it says on the Google Analytics Support Blog.

Do you also integrate the Analytics Script from your own server (allowed) and pay attention to IP anonymization with gtag.js (active by default with Google Analytics 4), the data protection issue looks much better:

gtag.js with Google Analytics
gtag.js bei Google Analytics, © NETPROFIT

The script on your own server eliminates the need to send data to Google. Thanks to the strict consent mode, no cookie and no personal ID are set. This also significantly eases data transmission to the USA. The user profile formation is also at least significantly limited, although this can only be assessed to a limited extent from the outside.

Depending on the consideration of data protection law, this constellation could also be seen as permissible without the reservation of consent.

Which data is provided by the consent mode and which is not

The decisive factor is which statistical data these “pings” provide and which not. The consent mode is intended to enable basic statistical data up to a consent in statistical / marketing cookies. If this data is sufficient for you, you can deliver the statistics code permanently in consent mode. This may save you the cookie consent.

For a comparison, Google Analytics 4 is ruled out because the database is not based on sessions, but rather user behavior and events. But the so-called Universal Analytics with gtag.js and analytics.js can be compared:

gtag.ja with Consent Mode
gtag.js with Consent Mode (click on the picture to get a larger view), © NETPROFIT
analytics.js without cookies
analytics.js without cookies (click on the picture to get a larger view), © NETPROFIT

Values ​​such as sessions and pages per session seem quite comparable. The discrepancy becomes clearer when it comes to page views.

The major discrepancies in data on user behavior are problematic. This is where the reduced ping reaches its limits. Bounce rate and session duration are important, but not reliable for evaluations and improvements.

The statistical data in the consent mode should therefore not be sufficient for most website operators. As an option up to consent to the “full-fledged” code, it is a solution. In order not to dilute the strongly deviating values, users should be recorded separately with consent, if necessary via their own property.

Alternatives to the consent mode

The option remains to not statistically record users until they have given their consent. If you take data protection seriously, optically and practically rejecting cookies must be at least as easy as consent. There are also consent blockers for browsers. The approval rates are then manageable despite consent optimization.

Many do not know that you can also use analytics.js without cookies. This does not work with the consent mode, but with the storage tag: none: Google Analytics then does not set a cookie with the user ID (“ClientID”). You have to assign this yourself.

This is useful to set a pseudonymized, non-reversible value. You can anonymize the IP address, combine it with the domain and an externally unknown, so-called salt, and hash this value using a strong encryption process. This also prevents cross-domain tracking. If you want to go further, you can add a user agent, browser language and a time component for static IP addresses. The Bavarian State Office for Data Protection as well as the data protection officer and lawyer Martin Erlewein consider such a solution to be data protection compliant.

There is also more than just Google Analytics. Alternatives such as Open Web Analytics, Matomo / Piwik, Statify, Clicky, etracker Analytics, Mapp Intelligence, Adobe Analytics etc. often offer advantages in the area of ​​data protection. Therefore, a change can make sense despite the changeover effort and missing legacy data.

What’s next with cookies?

The 2017 ePrivacy Regulation is not in sight, despite recent efforts by the Portuguese Presidency. Nevertheless, there has recently been movement in the subject. This also comes from Google (“Building a more private web”). Google will soon block third-party cookies with its own Chrome browser and work with a “privacy sandbox”. Google itself then wants to use “Federated Learning of Cohorts” (Floc) to classify users – above all to keep advertising revenues high. This collection, based on grouped cohort data, is somewhat more anonymous. However, Google does not want to start this in the data protection-sensitive EU for the time being.

In Germany that could hardly have been noticed until now Telecommunication Telemedia Data Protection Act (TTDSG) Create facts and prohibit all (technically unnecessary) cookies. The topic of cookies will therefore occupy us increasingly. Therefore, it makes sense to deal with cookies and website statistics in good time. If you proactively avoid cookies, you can follow the development more relaxed and make decisions and change in peace.


Source: OnlineMarketing.de by onlinemarketing.de.

*The article has been translated based on the content of OnlineMarketing.de by onlinemarketing.de. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!