Google Consent Mode v2 in Switzerland: Implementation Guide

What is Google Consent Mode v2?

Google Consent Mode v2 (GCM v2) is a mechanism introduced by Google that allows your Google tags (Google Analytics, Google Ads, Floodlight, etc.) to adapt their behaviour based on the consent choices made by your visitors. Rather than fully blocking tags when consent is refused, GCM v2 lets Google collect aggregated, anonymised data for modelling purposes — while still respecting the user's decision.

Announced in November 2023, this major update became mandatory for advertisers using Google's personalisation and remarketing features from March 2024. It introduces two new consent signals on top of the two that already existed.

The 4 Consent Signals of GCM v2

Google Consent Mode v2 revolves around four distinct consent parameters:

1. ad_storage

Controls the storage of advertising-related cookies (e.g. Google Ads conversion cookies). If denied, no advertising cookies are written.

2. analytics_storage

Manages Google's analytics cookies (Google Analytics 4, Universal Analytics). When denied, sessions are not associated with a persistent identifier.

3. ad_user_data (new in v2)

Determines whether the user's behavioural data can be sent to Google for advertising purposes. This signal specifically concerns remarketing lists and customer match.

4. ad_personalization (new in v2)

Controls whether Google can use user data for ad personalisation (remarketing, similar audiences). A denial prevents the creation of personalised advertising profiles.

All four signals must be correctly configured in your GCM v2 implementation to meet Google's requirements.

Basic Mode vs Advanced Mode: What's the Difference?

Basic Mode: tags only fire if consent is granted. No data is transmitted upon refusal. A simpler solution, but you lose all visibility into non-consented conversions.

Advanced Mode: tags load from the first page view in a restricted capacity. Google can collect anonymous signals (without personal identifiers) even without consent, then model missing conversions. This mode requires your privacy policy to explicitly mention this collection of aggregated data.

For most Swiss businesses running active Google Ads campaigns, Advanced Mode offers a better balance between compliance and marketing performance.

Is GCM v2 Mandatory for Swiss Websites?

The short answer: yes, if you use Google Ads with remarketing or if you target users in the European Economic Area (EEA).

Here is the precise situation:

• If you use Google Ads for remarketing, similar audiences, or personalisation: Google requires GCM v2 to be in place. Without it, your remarketing features will be disabled.
• If you target users in the EU/EEA: the European data regulation (GDPR) and Google's advertising policies make GCM v2 essential.
• If you only use Google Analytics without advertising: GCM v2 is still very strongly recommended for compliance, even if it is not formally mandatory.

Swiss Context: the nFADP

Switzerland's revised Federal Act on Data Protection (nFADP), in force since 1 September 2023, imposes transparency and consent requirements similar to the GDPR for certain data processing activities. While the nFADP is not the GDPR, it requires:

• Clear information about the purposes of personal data processing
• Free, specific, informed, and unambiguous consent for non-necessary processing
• A straightforward way to withdraw consent at any time

GCM v2, combined with an nFADP-compliant consent banner, allows you to meet these requirements while maintaining the performance of your Google campaigns.

How GCM v2 and the nFADP Interact

The nFADP and GCM v2 are complementary, but it is important to understand how they relate to each other:

What GCM v2 does for you: it signals your users' consent choices to Google, allowing your tags to operate appropriately according to those choices.

What the nFADP additionally requires:

1. A consent banner presenting clear options (accept/refuse/customise)
2. An up-to-date privacy policy mentioning the use of Google Analytics, Google Ads, and Advanced Consent Mode if applicable
3. A consent audit log to prove compliance in the event of an investigation
4. The ability to withdraw consent as easily as it was granted

Important: GCM v2 alone is not sufficient for nFADP compliance. It must be embedded within a comprehensive consent management strategy using a suitable CMP (Consent Management Platform).

Technical Implementation of GCM v2

Via Google Tag Manager (GTM)

The most common method for Swiss websites using GTM:

Step 1: Create the default consent tag

Create a custom HTML tag that runs first (highest priority):

<script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}

  // Default parameters: everything denied
  gtag('consent', 'default', {
    'ad_storage': 'denied',
    'analytics_storage': 'denied',
    'ad_user_data': 'denied',
    'ad_personalization': 'denied',
    'wait_for_update': 500
  });
</script>

Step 2: Update consent from your CMP

Once the user has made their choices, send the update:

gtag('consent', 'update', {
  'ad_storage': userAcceptedAds ? 'granted' : 'denied',
  'analytics_storage': userAcceptedAnalytics ? 'granted' : 'denied',
  'ad_user_data': userAcceptedAds ? 'granted' : 'denied',
  'ad_personalization': userAcceptedAds ? 'granted' : 'denied'
});

Via gtag.js Directly

If you are not using GTM, integrate directly into your code:

<!-- In the <head>, before any other Google scripts -->
<script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
  gtag('consent', 'default', {
    'ad_storage': 'denied',
    'analytics_storage': 'denied',
    'ad_user_data': 'denied',
    'ad_personalization': 'denied'
  });
</script>
<script async src="https://www.googletagmanager.com/gtag/js?id=G-XXXXXXXXXX"></script>

Integration with a CMP

The CMP is the central link: it collects user consent and transmits the appropriate signals to GCM v2. A compliant CMP must:

1. Display the consent banner before any tags fire
2. Store user preferences persistently
3. Call gtag('consent', 'update', {...}) immediately after the user's choice
4. Honour saved preferences on subsequent visits
5. Allow consent to be revoked from the privacy policy page

PrivaGuard CMP: Native GCM v2 Support

PrivaGuard's CMP was designed from the ground up for Swiss nFADP compliance and natively integrates Google Consent Mode v2. Here is what it handles automatically:

• Default initialisation: all four GCM v2 signals are set to denied before any tag loads
• Real-time update: as soon as the user accepts or refuses categories, GCM v2 signals are updated instantly
• Preference persistence: the _pg_consent cookie stores choices and sends the correct signals on every visit
• GTM and gtag.js compatibility: works with both implementation methods
• Trilingual support: DE/FR/EN built in, tailored to the German-, French-, and English-speaking Swiss market
• Advanced or Basic mode: configurable from the PrivaGuard dashboard according to your needs
• Audit log: every consent event is recorded for nFADP traceability

Integration takes just a few minutes via a simple script in your <head>:

<script
  src="https://cdn.privaguard.ch/cmp.js"
  data-site-id="your-site-id"
  async>
</script>

Verification with Google Tag Assistant

After implementation, verify that everything is working correctly:

1. Install Google Tag Assistant (Chrome extension) or use GTM Preview mode
2. Navigate to your site without accepting cookies
3. Check that Google Ads and GA4 tags show "Consent Pending" status or do not fire
4. Accept analytics consent and verify that analytics_storage switches to granted
5. Use the consent report in Google Analytics 4 (Admin > Data Streams > Tag verification)
6. Check the dataLayer in the console: window.dataLayer should contain the correct consent events

Common Mistakes to Avoid

1. Not initialising defaults before tags load This is the most common mistake. If the GCM v2 script loads after your Google tags, data may be collected before the consent parameters are applied. Always follow the correct loading order.

2. Forgetting ad_user_data and ad_personalization Older guides only mention ad_storage and analytics_storage. GCM v2 requires all four signals. Missing one disables your remarketing features.

3. Neglecting the wait_for_update parameter In Advanced Mode, wait_for_update: 500 (milliseconds) gives your CMP time to read saved preferences before tags fire. Without it, returning visitors are treated as new visitors without consent.

4. Confusing GCM v2 with full compliance GCM v2 is a technical tool, not a legal framework. It does not replace a compliant privacy policy, an adequate consent banner, or a record of processing activities.

5. Not testing in private browsing Always test your implementation in a private browsing window to simulate a new visitor with no pre-existing cookies.

6. Ignoring mobile users Verify that your CMP and GCM v2 implementation function correctly on mobile, where cookie storage behaviour may differ.

GCM v2 Compliance Checklist for Switzerland

• All four GCM v2 signals are initialised in denied mode before any tag loads
• The CMP updates GCM v2 signals based on user choices
• Advanced or Basic mode is configured according to your strategy
• The privacy policy mentions the use of GCM v2
• Consent preferences are saved and honoured on subsequent visits
• Withdrawing consent is as simple as granting it
• A consent audit log is maintained (nFADP requirement)
• The implementation has been tested with Google Tag Assistant

Is your website nFADP-compliant and correctly configured with Google Consent Mode v2? Use PrivaScan to analyse your cookies, trackers, and consent banner status for free in seconds — no installation required, no commitment.