Google Consent Mode v2 Explained, Setup (Why Indian Websites Must Comply in 2026)

If you run a website in India in 2026, whether it’s a blog, news site, SaaS platform, or an eCommerce store. One thing that you definitely need to take into account is your obligation to get user consent and safeguard data privacy. Those days when website owners could easily embed Google Analytics on their website or show pop-ups to track visitors’ activity are almost gone.

There are two major forces driving this shift:

1. Google Consent Mode v2 (technical requirement)
2. India’s DPDP Act (legal requirement)

Both of them must be understood fully and properly used. Otherwise, you are taking a major risk with the future success of your website, whether it is losing money from advertising revenues, being guided to bad decision-making by misleading data, or facing severe legal problems.

What is Google Consent Mode v2?

At its core, Google Consent Mode v2 is a framework designed to ensure your website respects user choices by adjusting how Google tools operate based on consent. Rather than automatically gathering information from visitors, your website will first pose a question to the users regarding their consent to track cookies.

If the user consents, then services such as Google Analytics and Google Ads operate normally; if not, then such services restrict or adjust how data is collected. Put in plain language, what Consent Mode does is facilitate the transmission of the user’s privacy preferences through Google tags, enabling the tags to act accordingly.

Think of it as a smart photographer at a party.
1. If a guest says “yes,” they take a clear photo and note down who the person is, just like Google Analytics or Ads collecting full data.

2. If a guest says “no,” they don’t stop working. Instead, they draw a simple silhouette. You don’t know who the person is, but you still know someone showed up and interacted.

How to Set Up Google Consent Mode v2 on Your Website

Step 1: Install a Consent Banner (CMP)

Use a platform like CookieYes or Cookiebot. Google now requires a “Certified” CMP for certain ad features.

Step 2: Default Consent = Denied

This holds true for the “Basic” setup method. Yet, you have to make sure to set it up by making use of the “Consent Initialization” trigger in Google Tag Manager (GTM). The purpose is to send out the “Denied” signal first.

Step 3: Implement Google Consent Mode v2

Using Google Tag Manager, set up consent features, map all consent parameters, and ensure your tags activate only after the user consents. This guarantees that the collected data complies with user preferences and maintains compliance with privacy laws.

Step 4: Prevent Script Activation Until User Consent

Test using Incognito mode:

1. Initial cookie loading must be prevented
2. Analytics should not execute initially

Step 5: Store Consent Logs

According to India’s DPDP Act, you must keep ‘Consent Artifacts’ stored. Make sure your CMP has a logged history timestamped for every user’s decision in case of future legal scrutiny.

Once set up, make sure:
1. Users can accept or reject cookies
2. No tracking (like analytics or ads) starts before consent
3. Consent Mode v2 is properly enabled to adjust data collection based on user choice

If you are using applications such as Google Analytics and Google Ads, then the tool of Consent Mode will help you stay compliant while allowing you to gain valuable insights.

Practical Implementation (Step-by-Step) for WordPress websites

The first step is to get a plugin that will allow you to have cookie consent. Some of the most popular plugins include CookieYes, Cookiebot, and Complianz. Using the wizard, you can easily make a cookie banner with an accept and reject button for the website. The plugin should be able to support Google Consent Mode v2.

Next, go to the plugin settings and enable Google Consent Mode v2. Ensure all four signals: ad_storage, analytics_storage, ad_user_data, and ad_personalization, are turned on.

Then, integrate the analytics code to enable tracking on your website. Make sure they do not load beforehand, and enable prior blocking of cookies.

Finally, test your site in Incognito mode to confirm:

• Banner appears
• No tracking before consent
• Tracking starts after approval

What’s New in Consent Mode v2?

In Google Consent Mode v2, four signals control how user data is handled based on consent.

1. ad_storage manages cookies used for advertising.
2. analytics_storage controls data collection for tools like Google Analytics.
3. ad_user_data (new) decides whether user data can be shared with Google for ad measurement.
4. ad_personalization (new) controls whether users see personalized ads.
   Source: Google for Developers: Consent Mode Overview

Why is it mandatory in 2026

Google Consent Mode v2 is almost compulsory in 2026 because if you don’t use this mode, then tracking and ads just won’t work.

Since 2025, Google has required it to be used with such features as conversion tracking and remarketing, particularly for customers from jurisdictions with stringent data privacy laws. In addition, compliance with regulations such as GDPR and India’s Data Privacy and Protection Act requires that you seek user consent before collecting data.

Lack of this mode leads to missing information, inaccurate analytics, and poor ad performance. In other words, it enables you to follow all the laws, ensure continuous data flow, and launch successful ads.

What is the DPDP Act (India)?

DPDP Act 2025 stands as the most important privacy law in India and was drafted to safeguard the personal data of internet users in a way similar to GDPR laws of Europe. It lays down regulations regarding the collection, storage, and usage of user data. When you collect data from your users, you become the “Data Fiduciary,” and the user becomes the “Data Principal.” The most critical requirement in this scenario is to gain explicit consent from your users prior to collecting their data.

Real Example

Let’s say you run a news website:

You use:

• Google Analytics
• Facebook Pixel
• Ad networks

All these tools collect user data. As per the DPDP Act, the collection of user data covertly or secretly without the user’s knowledge is not allowed. Rather, users should be asked for permission before any personal data is collected from them; the purpose of data collection should be made very clear to users.

Simple Guide to DPDP Compliance for Your Website

To follow the Digital Personal Data Protection Act, 2023, keep these key points in mind:

1. Display a cookie consent banner before collecting data
2. Offer the choice to accept or reject cookies
3. Gather data only after consent is given by the user
4. Keep your Privacy Policy simple and straightforward
5. Explain to the user what data is being collected and for what purpose
6. Permit users to revoke their consent at any time
7. Ensure that tools such as analytics and ads operate only after consent

Why Indian Websites MUST Care

1. Google Revenue Impact

Without Consent Mode v2:

• Ads tracking breaks
• Conversion data drops
• CPM may decrease

2. Legal Risk

If you don’t comply:

• You can face penalties
• Your website can be flagged

3. Data Loss Problem

Without proper consent setup:

• Analytics becomes inaccurate
• You lose user insights
• Marketing decisions fail

4. Trust Factor

A transparent consent system:

• Builds trust
• Improves brand credibility

How Consent Mode v2 + DPDP Work Together

The Cost of Non-Compliance: ₹200 Crore Penalties

The DPBI, in 2026, is treating the provisions of the DPDP Act seriously; hence, data privacy is now mandatory, and not an option anymore. If your website is collecting personal data from users through the use of cookies without getting their permission, then you are at risk of facing huge financial implications.

According to the Official Digital Personal Data Protection Act (The Schedule),Under this Act, there can be fines imposed of up to ₹200 Crore for the processing of such data without obtaining consent, and ₹250 Crore if the user’s data is not properly secured.

Conclusion

Google Consent Mode v2 and the DPDP Act are not mere recommendations to be considered when designing Indian websites; in 2026, these will be mandatory if the site is to survive and prosper. Compliance with both guarantees that you respect your users’ privacy even as you mine their information.

Apart from keeping you out of trouble legally and avoiding any loss of money in terms of revenue, this method can go a long way toward establishing user trust. Websites that prioritize transparency and privacy will be successful in the coming years in India.

FAQs