The tension between personal data protection and advertising performance reaches its peak in 2026. In Europe, the GDPR has required prior consent for any non-essential data collection since 2018, and Morocco's Law 09-08 has imposed comparable obligations since 2009. Yet reality on the ground shows that a majority of sites in emerging markets still lack a compliant consent banner. Those that have installed one see 40 to 65% of visitors reject cookies, creating a black hole in their advertising data. Consent Mode v2, introduced by Google, offers an elegant solution: respect the user's choice while recovering conversion signals through statistical modeling.
What is Consent Mode v2?
Consent Mode v2 is a Google framework that adapts the behavior of Google tags (Analytics, Ads, Floodlight) based on the consent given by the user. When a visitor refuses cookies, instead of collecting nothing, Consent Mode sends anonymized pings (without any user identifier) to Google. Those pings allow Google to statistically model the missing conversions using the patterns observed across users who did accept cookies.
Version 2 introduces two additional signals compared to the original release: ad_user_data (consent to share user data with advertising platforms) and ad_personalization (consent for remarketing and personalized audiences). Without these two signals sent to Google, your Google Ads campaigns lose access to remarketing, similar audiences and a significant part of algorithmic optimization.
Regulatory framework: GDPR and Law 09-08
For European audiences, the GDPR — enforced by each country's data protection authority (CNIL in France, ICO in the UK, AEPD in Spain, etc.) — requires informed and prior consent before storing non-essential cookies, with fines up to 4% of global revenue. In Morocco, Law 09-08 is administered by the CNDP (National Commission for the Control of Personal Data Protection) and mirrors the GDPR on many points. It requires the informed and prior consent of the data subject before any processing of personal data. In practice, any site must display a consent banner before dropping tracking cookies (Google Analytics, Meta Pixel, etc.). Non-compliance can lead to fines of up to 300,000 MAD in Morocco, and significantly larger penalties under the GDPR.
In 2026, regulators are stepping up their audits, particularly for e-commerce sites and lead generation platforms. Companies operating across Europe and Morocco must therefore deploy a compliant CMP (Consent Management Platform). The question is no longer whether you must be compliant — it is how to be compliant without sacrificing advertising performance. That is exactly what Consent Mode v2 is for. For more information on our legal notice and compliance posture, see the dedicated page.
Basic vs advanced mode: detailed comparison
| Criterion | Basic mode | Advanced mode |
|---|---|---|
| Data collected without consent | None | Anonymized pings (no cookie) |
| Conversion modeling | Not available | Yes (Google models the missing ones) |
| Signal recovery | 0% (refusal = zero data) | 60-85% via modeling |
| Compliance level | Maximum (no collection) | High (pings without identifier) |
| Google Ads impact | -30 to -50% signals | -5 to -15% signals |
| Remarketing | Disabled without consent | Modeled audiences available |
Basic mode is the most conservative option: without consent, no data is sent to Google. This is the highest level of compliance, but at the cost of massive data loss. Advanced mode, which we recommend, sends anonymized pings even without consent. These pings contain no personal identifier — no cookie, no stored IP address — but allow Google to model the behavior of non-consenting visitors based on the patterns of consenting ones. Neither the CNDP in Morocco nor the European regulators have explicitly ruled against cookieless pings, and the prevailing legal consensus considers them compatible with both GDPR and Law 09-08.
Implementation via GTM Server-Side in 3 steps
Step 1: Install and configure the CMP
Choose a CMP (Consent Management Platform) certified as a Google CMP Partner. Three proven options for international deployments: Cookiebot (from 90 MAD/month, the most complete), CookieYes (free up to 100 pages, ideal to get started) and Axeptio (150 MAD/month, best French-language UX). Install the CMP through GTM using the vendor's official template. Configure the copy in the languages relevant to your audience (English, French, Arabic, etc.). Define cookie categories (analytics, marketing, functional) with clear descriptions aligned with GDPR and Law 09-08 requirements.
Step 2: Configure the consent signals in GTM
Inside your web GTM container, create a Consent Initialization tag that runs before all others. This tag sets the default state of consent signals: analytics_storage=denied, ad_storage=denied, ad_user_data=denied, ad_personalization=denied. When the user accepts through the CMP, the signals are updated in real time and the tags fire normally. If you use GTM Server-Side, the consent signals are forwarded to the server container, which respects them before sending data to downstream platforms. The data.webotic.ma platform details our technical approach.
Step 3: Verify the GA4 consent report
After deployment, go to GA4 > Admin > Data streams > Consent settings. Verify that the signals are being received correctly. The consent report shows the overall acceptance rate and breakdowns by country. On international projects we manage, we typically see an average acceptance rate of around 58% on properly configured sites (non-intrusive banner, clear copy in the local language). Also verify in Google Ads > Tools > Diagnostics that the ad_user_data and ad_personalization signals are active. Without those signals, Google displays a warning inside your account.
The Webotic strategy: maximize data while staying compliant
Our approach combines three pillars for our international clients. The first pillar is Consent Mode v2 in advanced mode, which recovers 60 to 85% of lost signals through modeling. The second pillar is GTM Server-Side, which recovers data blocked by ad blockers and ITP independently of cookie consent. The third pillar is Meta CAPI, which sends conversions directly through the server-side API to bypass browser-side limitations.
By combining these three layers, our clients recover on average 92% of total conversion signals, versus 55 to 65% with classic tracking. The difference translates directly into performance: CPAs drop by 25 to 35% and ROAS rises proportionally. This strategy fully respects GDPR and Law 09-08 because personal data is only collected with explicit consent. Anonymized pings and server-side requests contain no personal identifier.
Concrete impact on Google Ads campaigns
Across a panel of 15 Google Ads accounts managed by Webotic, rolling out advanced Consent Mode v2 delivered measurable results from the third week onwards. Reported conversions increased by 38% on average. CPA dropped 22% thanks to improved Smart Bidding optimization. The modeled conversion rate reached 12 to 18% of total conversions, filling the gap created by cookie refusals. Remarketing audiences, which had lost 40% of their volume, recovered 70% of that loss through modeling.
The impact is particularly visible on Performance Max and Smart Shopping campaigns, whose algorithms rely heavily on conversion signal volume. A Rabat-based e-commerce advertiser saw ROAS climb from 2.8x to 4.1x after activating advanced Consent Mode v2 together with GTM Server-Side.
Consent Mode v2 is not a compromise — it is a multiplier. By combining advanced mode with GTM Server-Side and Meta CAPI, you fully respect GDPR and Law 09-08 while recovering more than 90% of your conversion signals. If your site still lacks a compliant CMP, the absolute priority is to install one this week. The entry cost is 0 MAD with CookieYes and the impact on your Google Ads performance will be visible from the third week.