Launch Offer2 free audits with all 229 checks. No credit card required.Start free audit
ga4audits

TC-019: Consent Mode V2 ad_user_data Parameter Missing

Consent & Privacy8 min readIntermediate

What does missing ad_user_data mean?

A missing ad_user_data parameter in GA4 hits means Consent Mode V1 is implemented but not V2. Since March 2024, V2 has been required for EU/UK Google Ads measurement and remarketing. Without it, those features partially or fully break — typically a 15–30% drop in attributed Google Ads conversions and the silent disabling of remarketing list eligibility for affected users.

The fix: add ad_user_data and ad_personalization to both your consent_default and consent_update commands. Verify in DevTools — requests to /collect should include &gcs= AND &gcd= with all four signals encoded.

This page documents the TC-019 audit check, what it means in business terms, and the step-by-step remediation.

What this check does

The TC-019 check runs against every page on your site and inspects the GA4 collect requests for the gcd parameter — the V2-specific consent encoding. It flags as Critical if:

  • Any GA4 collect request lacks the gcd parameter entirely
  • The gcd parameter is present but doesn't include all four consent signals
  • The consent_default command on the page only sets ad_storage and analytics_storage (V1 signals only)

The check runs both on the page-load state and after a simulated banner interaction, to catch implementations where defaults include the V2 signals but updates don't (or vice versa).

Why this happens

Three patterns produce this failure across the properties we audit:

1. Pre-March-2024 implementation never upgraded

Many sites implemented Consent Mode V1 in 2020–2023 and never upgraded when V2 became mandatory in March 2024. The original consent_default command only included ad_storage and analytics_storage:

The implementation continues to function — gcs is set correctly, hits fire, GA4 reports look normal. But Google Ads silently loses access to the V2 consent signals, and EU/UK conversion measurement degrades.

2. CMP supports V2 but isn't configured to send V2 signals

Most major CMPs (Cookiebot, OneTrust, Iubenda, Usercentrics, Termly) now support Consent Mode V2 — but the V2 signals often need to be explicitly enabled in the CMP's Google integration settings. We see properties with V2-capable CMPs that ship with V2 toggled off because nobody enabled it during setup.

3. Custom CMP implementation forgot the new signals

Sites using a custom-built consent banner often implement only the original two signals because they followed older documentation. The fix is straightforward but needs deliberate developer time.

How we detect it

The detection method runs in the audit engine's tag layer (Module 02):

  1. Browser-based crawl of representative pages using Playwright with consent default state set to denied
  2. Network interception captures every request to *.google-analytics.com/g/collect and googleads.g.doubleclick.net
  3. Parameter check inspects each request for the presence and content of gcs and gcd
  4. Update simulation triggers the CMP's Accept All event programmatically and re-checks the parameters
  5. Severity classificationgcd missing or incomplete in either state → Critical; gcd present but with wrong signal values → Warning

The check completes in 30–90 seconds per page depending on tag-load speed.

Need to validate whether consent timing is distorting your GA4 data?

Audit consent setup

How to fix it

The fix is in two places: the consent_default command and the consent_update command. Both must include all four signals.

For gtag.js implementations

For GTM implementations

Open your Consent Initialization tag (the one with priority 100) and update the Custom HTML or Consent Mode template fields to include all four signals in the default state. Then open your Consent Update tag and ensure the same four signals are set from your CMP's dataLayer values.

If you're using a CMP-provided template (Cookiebot, OneTrust, etc.), the four signals are typically configured via the CMP's tag-template UI rather than custom HTML. Check your CMP's "Consent Mode V2" or "Google Consent Mode integration" settings — there's usually an explicit toggle for V2 signals.

For mobile apps (Firebase)

Android: Firebase Analytics SDK 21.5.0+. iOS: Firebase Apple SDK 10.17.0+. Use setConsent() with all four signals before the first event:

iOS additionally requires App Tracking Transparency (ATT) permission for ad_storage.

How to verify the fix

After deploying:

  1. Open Chrome DevTools on a fresh incognito session
  2. Network tab → filter for `collect`
  3. Inspect the first GA4 collect request
  4. Confirm both `gcs` AND `gcd` are present as URL parameters
  5. Inspect the gcd value — should be in format 11<x>1<y>1<z>1<w>5 where <x><y><z><w> are single characters representing each signal's state
  6. Click Accept All on the banner
  7. Inspect the next collect request — both gcs and gcd should now show granted states (G111 for gcs; gcd characters all changed to granted indicators)

Then verify in the GA4 admin:

  • GA4 Admin → Data Streams → your stream → Configure tag settings → Consent settings
  • Both indicators should show green: "Ads measurement consent signals active" and "Ads personalization consent signals active"

If the GA4 admin still shows red after 24 hours, the signals aren't reaching Google despite what DevTools shows — usually a server-side or sGTM transformation issue stripping them. Check sGTM client transformations.

What this fixes in practice

The business impact of fixing TC-019 is measurable in Google Ads, not GA4:

  • Restored Google Ads conversion attribution for EU/UK traffic. Typical recovery: 15–30% more attributed conversions visible in Google Ads within 7–14 days post-fix.
  • Restored remarketing list eligibility. Users with ad_personalization=granted become eligible for remarketing audiences. Audience size typically grows 20–50% within 30 days.
  • Restored eligibility for conversion modelling. Combined with the other thresholds (1,000 daily ad clicks, Advanced mode, Blended identity, 7-day denied data window), V2 unlocks the modelled-conversion data that fills the consent-denied population gap.
  • Compliance posture. Demonstrates active compliance with Google's V2 requirement, which matters for EU/UK regulator-facing audit trails.

The Google Ads recovery is the easiest to demonstrate to stakeholders. Pull the conversion delta in Google Ads from the 30 days before the fix vs the 30 days after, holding click volume roughly constant. The lift is your TC-019 ROI.

Related checks

These checks frequently fail together — fixing TC-019 often surfaces or fixes them too:

  • TC-018: ad_personalization parameter missing (the other V2 signal — usually missing in the same implementations)
  • TC-005: Uninitialised dataLayer (a precondition that breaks all consent commands)
  • TC-044: GA4 cookies firing before consent (often co-occurs with V1-only implementations)
  • PC-019: Smart Bidding insufficient conversions (downstream effect of broken EU/UK Google Ads measurement)
  • TC-061: PII patterns detected in GA4 requests (often surfaces during V2 audits)

FAQ: TC-019: Consent Mode V2 ad_user_data Parameter Missing

Can tc-019: consent mode v2 ad_user_data parameter missing be caused by consent timing instead of a tag bug?

Yes. Many consent-related issues come from when the signal arrives, not whether the setting exists in the interface. Browser-level validation matters more than screenshots of the CMP setup.

Should I test this only in GA4 reports?

No. Start in the browser first, then confirm the reporting impact in GA4. Otherwise you may confuse modeled-data shifts with broken implementation.

What is the fastest way to prevent this from happening again?

Create a repeatable QA step for banner changes, region logic, and container releases so consent behavior is validated before it reaches production users.

Validate TC-019: Consent Mode V2 ad_user_data Parameter Missing before it becomes a compliance and reporting problem

Run a free audit to check consent timing, browser behavior, and downstream GA4 impact in one workflow.

Audit Consent Setup

These findings come from auditing thousands of GA4 properties. See how your property compares

GA4 Audits Team

GA4 Audits Team

Analytics Engineering

Specialising in GA4 architecture, consent mode implementation, and multi-layer audit frameworks.

Share

Keep reading

More guides in Consent & Privacy

Internal links should help the reader move deeper into the topic, not just pad the page. These are the next three most relevant reads from the library.

Consent & PrivacyHow to Test Consent Mode V2 in 5 Minutes: A DevTools Walkthrough (2026)Open Chrome DevTools → Network tab → filter for collect → reject all on the cookie banner → confirm GA4 hits still fire with gcs=G100 (denied) and ad_user_data=denied. Then accept all → confirm gcs=G111 (granted). If hits don't fire at all in either state, Consent Mode is misconfigured. If gcs is missing entirely…9 min readConsent & PrivacyGCS Parameter Decoded: What G100, G110, G111 Mean in GA4 HitsThe gcs parameter in GA4 network requests encodes the user's consent state for two of the four Consent Mode signals. Format: G1xy where G1 is constant, x is ad_storage (0=denied, 1=granted), y is analytics_storage (0=denied, 1=granted)…7 min readConsent & Privacy'consent_default' vs 'consent_update': Which Comes First in GTM (2026)The consent_default command must fire before any tag — typically as the first script in <head> or as a Consent Initialization tag in GTM with priority 100. The consent_update command fires after the user interacts with the cookie banner…10 min read