LW IT Solutions
«« Blog Overview « Data Privacy
This post in other languages:

Privacy by Design: Deep Dive into ads_data_redaction in Consent Mode v2

The digital advertising landscape is continuously shifting towards privacy-first architectures. With the mandatory rollout of Google Consent Mode v2 for advertisers in the European Economic Area (EEA), compliance mechanisms have become significantly more sophisticated. Alongside the newly introduced parameters ad_user_data and ad_personalization, one critical, yet often overlooked setting remains highly relevant: ads_data_redaction.

The Mechanism Behind Data Redaction

To understand the necessity of this parameter, the default behavior of Consent Mode must first be analyzed. When a user explicitly denies consent for marketing cookies (ad_storage='denied'), Google tags adjust their behavior. They stop reading or writing advertising cookies. However, by default, standard “cookieless pings” are still transmitted back to Google’s servers to maintain basic measurement capabilities.

The privacy issue arises because these pings can still carry URL query parameters containing ad click identifiers, such as the Google Click Identifier (GCLID) or DoubleClick Identifier (DCLID). These identifiers are highly specific and can potentially be used to trace a user’s journey.

Setting the ads_data_redaction parameter to true fundamentally alters this behavior. When this command is active alongside a denied ad_storage state, the following actions occur:

  • Stripping Identifiers: All ad click identifiers (GCLID, DCLID, wbraid, gbraid) are scrubbed from the network requests sent by Google Ads and Floodlight tags.
  • IP Masking: Network requests are routed through a specialized server where the user’s IP address is actively dropped and not logged.
  • Link Decoration Prevention: The system prevents scripts from reading the URL parameters and passing them into local storage or analytics properties.

The Legal Framework: GDPR and ePrivacy

The legal landscape in Europe is governed primarily by the General Data Protection Regulation (GDPR) and the ePrivacy Directive (often referred to as the “Cookie Law”).

According to the GDPR’s principle of Data Minimization (Article 5), only data that is absolutely necessary for a specified purpose should be processed. Furthermore, the ePrivacy Directive mandates that explicit consent must be gathered before storing or accessing information on a user’s device.

Click identifiers like GCLID are widely considered pseudonymous personal data, as they can theoretically be combined with other datasets to single out an individual. Therefore, transmitting these identifiers when a user has explicitly opted out of marketing tracking poses a significant legal risk. By implementing ads_data_redaction, the data collection strictly aligns with the most conservative interpretations of European privacy laws, ensuring that a “denied” state truly means no identifying ad data is processed or transmitted.

How to Configure ads_data_redaction

Configuration requires modifying the global site tag (gtag.js) snippet or adjusting settings within Google Tag Manager. In a direct code implementation, the parameter must be set before the default consent state is declared.

<script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
  
  /* Set the redaction parameter to true */
  gtag('set', 'ads_data_redaction', true);
  
  /* Define default consent states */
  gtag('consent', 'default', {
    'ad_storage': 'denied',
    'analytics_storage': 'denied',
    'ad_user_data': 'denied',
    'ad_personalization': 'denied'
  });
</script>

Implementing via Google Tag Manager (Simo Ahava’s Template)

For those utilizing Google Tag Manager (GTM), the most efficient and standard way to manage Consent Mode is through the community template created by Simo Ahava, named “Consent Mode (Google tags)”. Configuring data redaction within this template requires no custom coding.

Configuration steps:

  • Adding the Template: The “Consent Mode (Google tags)” template must be added from the GTM Community Template Gallery.
  • Tag Creation: A new tag is created using this template, with the configuration command set to “Default”.
  • Defining States: Default consent states are defined across all required categories (e.g., setting ad_storage to ‘denied’).
  • Enabling Redaction: Within the tag configuration, under the “Other Settings” or “Advanced” section, the specific field for ads_data_redaction (often presented as a “Redact Ads Data” checkbox or dropdown) is located and set to true.
  • Trigger Assignment: The tag is assigned to the earliest possible trigger, which is strictly the “Consent Initialization – All Pages” trigger. This ensures redaction rules are active before any other tags fire.
Lukas Wojcik

Lukas Wojcik

Systems architect and technology enthusiast specializing in scalable tracking solutions, GMP Stack (GA4 & GTM), and robust backend architectures. Advocate for clean code and privacy-first design.

Leave a Reply

Your email address will not be published. Required fields are marked *

ALL ARTICLES & CATEGORIES

Data Privacy

Digital Analytics

Digital Marketing

IT & Networks

Smart Home