Sultan Kautsar

Founder of Rayatiga | GTM Expert

Let's work together
Sultan Kautsar / Consent Mode v2

Consent Mode v2

Privacy regulation and data quality are usually treated as opposites — tighten one, lose the other. Most sites "handle" consent by dropping a cookie banner on top of their existing tags and calling it compliant. The tracking either still fires when it shouldn't, or it stops firing entirely and half your data disappears the moment someone clicks "reject." Neither is actually solving the problem.

Consent Mode v2 done properly isn't a banner. It's a signaling layer between your site, Google Tag Manager, and Google's platforms — and getting it right is what lets you stay compliant without flying blind.

What proper implementation actually means

Why it matters

Get this wrong in one direction and you're non-compliant, exposed to fines and platform penalties that can turn off your ad accounts overnight. Get it wrong in the other direction and you're technically safe but flying without instruments — your reporting undercounts conversions, your bidding algorithms start optimizing on incomplete signals, and nobody notices until performance quietly degrades for reasons that don't show up anywhere.

The regulation isn't going away, and neither is the expectation that your data holds up. The businesses that get ahead of this are the ones treating consent as an architecture decision, not a legal checkbox bolted on after launch.

How I approach it

  1. Audit your current consent setup — what signals exist, what's actually respected by your tags, and where compliance and data integrity are quietly working against each other.
  2. Map your regulatory footprint — where your users actually are, and what that legally requires versus what's just best practice.
  3. Architect the consent signal flow in Google Tag Manager, wired into your CMP and every downstream tag, tested against every consent state a user can land in.
  4. Configure conversion modeling so declined consent doesn't mean lost visibility, just modeled visibility.
  5. Validate and document, so what's compliant today stays compliant as tags get added later by someone who isn't me.

This sits right alongside GA4 and Google Ads conversion tracking — consent architecture is the layer that decides whether the data underneath either of those can be trusted at all.

Privacy compliance and data integrity aren't actually in tension. They're only in tension when nobody's architected the system properly. Let's fix that.