Skip to main
← All articles

Consent Mode v2 on Shopify: The Practical Guide

What Google's Consent Mode v2 is, why it's mandatory in the EEA, how it works with server-side tracking, and how to configure it correctly on Shopify.

· 7 min read · The Walityk Team

Since March 2024, Google requires Consent Mode v2 from any advertiser targeting the European Economic Area (EEA). Without it, your remarketing audiences dry up and your imported conversions get rejected. Yet many Shopify stores configure it wrong — or not at all.

Here’s what you need to understand, without the jargon.

Consent Mode is a mechanism through which your site tells Google the user’s consent state, via four signals:

  • ad_storage — permission to store advertising data (ad cookies).
  • analytics_storage — permission to store analytics data.
  • ad_user_data — permission to send user data for advertising purposes.
  • ad_personalization — permission to use that data for personalization (remarketing).

The last two signals (ad_user_data and ad_personalization) are the v2 addition, now made mandatory.

Two modes

  • Basic: no Google tag loads until consent is granted. You lose 100% of the data from users who decline.
  • Advanced: tags load but send cookieless pings when consent is denied. Google then models the missing conversions. This is the mode that best preserves your data.

Why it’s mandatory

Without valid v2 consent signals:

  • Your remarketing audiences in Google Ads stop filling for EEA traffic.
  • Importing conversions (Enhanced Conversions, GA4) may be rejected.
  • You expose yourself to GDPR risk: sending data without a legal basis is a violation.

So it’s not just a technical checkbox: it’s both a performance requirement and a compliance requirement.

The client-side-only trap

On a classic Shopify store, Consent Mode is wired browser-side through the CMP. The problem: between the CMP blocking scripts, ad blockers, and ITP, the consent signal and the events arrive inconsistently. A common outcome: events sent without a clear consent signal, or signals never transmitted at all.

How server-side fixes this

With server-side tracking, the consent signal travels with the event to your first-party endpoint, then is applied deterministically before anything is sent to the platforms:

  • If ad_user_data is denied, no user data goes to the ad APIs — full stop.
  • If consent is granted, events leave enriched and deduplicated.
  • In cookieless mode, you can route only to GA4 with gcs=G100 (the “consent denied” signal) to feed modeling without setting a single cookie.

This is exactly the logic implemented by Walityk: consent is deny by default, buffered until the user decides, then applied server-side. No advertising event leaves without a legal basis.

Configuring it correctly on Shopify

  1. Wire up a real CMP that supports Consent Mode v2 (most serious banners do). It must emit all four signals.
  2. Verify that ad_user_data and ad_personalization are actually transmitted — not just ad_storage/analytics_storage.
  3. Enable server-side so the signal is applied reliably and your events survive ad blockers.
  4. Test live: a good tool shows you events arriving in real time with their consent state, no Tag Assistant needed.

In short

Consent Mode v2 is not optional for selling in the EEA. Misconfigured, it costs you audiences and conversions; configured well server-side, it preserves your data while staying compliant.

To see how Walityk applies consent end to end, browse the documentation or the Shopify install.