Consent mode v2 + CAPI: how to keep > 95% of signal legally [guide]

The new reality is simple: cookies are disappearing, but performance will not. Google is pushing Consent Mode v2, Meta is strengthening compliance requirements, and D2C merchants must now preserve measurement while adhering to increasingly strict rules.

The good news? The duo of Google Consent Mode v2 (in Advanced) + Meta Conversions API (CAPI) with strict gating allows capturing more than 95% of useful signals, even when cookies are refused — and to remain fully compliant.

Here is the roadmap to follow without detours.

1. What changes with Consent Mode v2 (quick reminder)

Consent Mode v2 adds two signals to the two histories:
• ad_storage: advertising storage
• analytics_storage: analytics storage
• ad_user_data: authorization to send user data to Google for advertising/measurement
• ad_personalization: activation of personalized advertising

In the EEA, the UK, and Switzerland, transmitting these signals is mandatory if you use GA4 or Google Ads for measurement or personalization.
A Google-certified CMP becomes the royal route (and sometimes a requirement on the publishing side).

2. Basic vs Advanced: choosing the right mode
   • Basic
   Nothing happens before the user action. No ping, no modeling. You are blind as soon as a visitor refuses cookies.
   • Advanced
   The tags load immediately and send pings without cookies if the user refuses.
   Result: Google can model the missing conversions, and you get a coherent view of the advertising journey.

👉 In 2025, refusing Advanced means voluntarily opting out of a massive portion of measurement.

3. Recommended architecture (Shopify / D2C)

Here’s the scheme that really works on the ground:
1. Google-certified CMP TCF v2.2
Axeptio, OneTrust, CookieYes, TrustArc…
It issues consent states → pushed to Google Tag (GTM/gtag).
2. GTM Web declared “essential” in the CMP
Defaults = all consents denied, then updated according to user choice.
3. GA4 + Google Ads connected to Consent Mode
Enhanced Conversions can be activated if ad_user_data = granted.
4. GTM Server-Side (recommended)
Cleans traffic, stabilizes identifiers, and gives you back server control.
5. Meta Pixel + CAPI
• Blocked as long as there is no marketing consent (EEA).
• At opt-in: Pixel + CAPI + deduplication via event_id.
• Hashing (SHA-256) only if consent.

4. The operational truth: how does each platform react according to consent?

Mapping table “consent → action”

Case Google (GA4 / Ads) Meta Pixel + CAPI
Global refusal Advanced: cookieless pings → modeling. Basic: nothing. No marketing event. Pixel/CAPI blocked.
Analytics yes, Ads no GA4 OK. No Ads cookies. Partial modeling. No marketing events.
Ads measurement OK, personalization no Ads measurement OK (Enhanced Conversions if ad_user_data=granted), no personalization. For caution: maintain off if no explicit marketing opt-in.
All accepted Full GA4 + full Ads + Enhanced Conversions Full Pixel + CAPI, fbp/fbc allowed, advanced matching

👉 Meta is strict: without a legal marketing basis, no CAPI/Pixels marketing event.
👉 Google is flexible: modeling takes over if Advanced is enabled.

5. Step-by-step implementation (immediate copy-paste)

5.1 – Defaults & updates (GTM or gtag)

Before displaying the banner:

After user action (via the CMP):

5.2 – Activate modeling (Advanced mode)

The tags load immediately → Google can reconstruct missing conversions.

5.3 – Enhanced Conversions (Google Ads)

Enable client/server SHA-256 hashing. Requires: ad_user_data = granted.

5.4 – Meta Pixel + CAPI (strict gating)
• EEA: Pixel and CAPI prohibited without explicit marketing consent.
• At opt-in: send events + event_id + fbp/fbc + advanced matching.

6. Aiming for a signal level >95%: quality controls

Your internal goal: ≥95% of “real” events received vs. full-consent baseline.

Essential checkpoints:
• Tag Assistant: consent states + eligibility for modeling.
• GA4 / Google Ads: Consent Mode diagnostics + Enhanced Conversions + Conversion modeling.
• Meta Events Manager: Event Match Quality ≥ 6, dedup OK via event_id.
• Consent Mode active on 100% of pages (otherwise the models do not activate).

7. Compliance checklist (TCF v2.2 / GDPR)
   • CMP TCF v2.2 with consent logs.
   • Google-certified CMP recommended if you use Ads/serving in the EEA.
   • Updated privacy policy (purposes, legal bases, duration).
   • Meta Pixel/CAPI: zero marketing events without opt-in.
   • Data minimization: hashing only if consent.

8. Quick troubleshooting
   • ⚠️ Signals not moving → CMP integration → incorrect gtag/GTM.
   • ⚠️ Inactive modeling → you are in Basic → switch to Advanced.
   • ⚠️ Enhanced Conversions not eligible → ad_user_data missing or hashing absent.
   • ⚠️ Meta deduplication KO → event_id not aligned Pixel ↔ CAPI.

9. Concrete examples GTM (Google + Meta)

Google GA4 / Ads
• Triggers: “Consent initialized” + ad_storage / analytics_storage rules.
• GTM natively blocks tags if consent is not present.

Meta (Pixel & CAPI)
• Trigger: “Marketing consent = true”.
• Common event_id variable Pixel ↔ CAPI.
• Total blocking without opt-in (EEA).

10. Choose and verify a CMP
    • Select a CMP from the Google certified partners program.
    • Check integration with Tag Assistant.

11. Quick FAQ

Is a Google-certified CMP absolutely necessary?

To display/serve personalized ads in the EEA: yes, mandatory.
For an e-commerce advertiser site: strongly recommended to avoid implementation errors.

Can we send Meta CAPI events without consent?

For marketing purposes: no. The legal basis is lacking → block.

Does Google modeling compensate for everything?

No. It partially fills gaps but does not replace a clean signal.

Conclusion

The tandem of Consent Mode v2 (Advanced) + Meta CAPI with strict gating is currently the most robust architecture for:
• Measuring even when cookies disappear,
• Restoring advertising performance,
• Remaining impeccable on GDPR/TCF compliance,
• Maintaining a signal level ≥95%.

The mission is clear: document your SOPs, continuously monitor Tag Assistant / GA4 / Events Manager, and lock in compliance.

This is what distinguishes a high-performing Shopify store from one subjected to the platforms.