StoreComplyStoreComply
Start free
Cookies··7 min read

Google Analytics 4 and Cookie Consent Laws

GA4 cookie consent requirements explained for ecommerce. Learn Google Consent Mode v2, script blocking, GDPR compliance, and Shopify setup best practices.

Google Analytics 4 (GA4) is the default analytics platform for most ecommerce stores. It uses cookies like _ga and _ga_* to distinguish users and track behavior across sessions. Under GDPR and similar privacy laws, analytics cookies are not strictly necessary—which means you need user consent before GA4 collects data from EU and UK visitors.

How GA4 Uses Cookies

GA4 sets first-party cookies on your domain to identify returning visitors, measure sessions, and attribute traffic sources. It also sends event data—page views, purchases, scroll depth—to Google's servers. Even though GA4 can run without third-party cookies in some configurations, the first-party cookies it sets still require consent under EU law.

  • _ga: distinguishes users (default 2-year expiration)
  • _ga_*: stores session state for GA4 property
  • Event collection: page views, ecommerce events, custom events
  • Google Signals: cross-device tracking when enabled (requires additional consent)
  • Advertising features: remarketing audiences when linked to Google Ads

GDPR Requirements for GA4

EU data protection authorities have consistently ruled that analytics cookies require opt-in consent. The French CNIL, Austrian DSB, and others have issued guidance specifically addressing Google Analytics. You must block GA4 from firing until users accept analytics cookies, provide a reject option equal to accept, and document consent.

IP anonymization is not enough

GA4 no longer relies on IP anonymization settings from Universal Analytics. Consent must be obtained before any GA4 data collection begins, regardless of IP handling.

Google Consent Mode v2

Google Consent Mode v2 lets your site communicate consent status to Google tags. When users deny analytics cookies, GA4 operates in a limited mode without cookies, using cookieless pings for aggregate modeling. When users accept, full tracking resumes. Google requires Consent Mode v2 for ads personalization in the EEA and UK as of 2024.

  1. Set default consent state to denied for analytics_storage and ad_storage
  2. Update consent state when the user accepts or rejects cookie categories
  3. Pass consent signals before Google tags load using gtag or Google Tag Manager
  4. Verify Consent Mode is active in GA4's Admin → Data collection settings
  5. Test that denied consent prevents _ga cookies from being set

Implementing GA4 with Cookie Consent on Shopify

Remove GA4 from unconditional positions in theme.liquid and Shopify's Google & YouTube channel until you have consent gating in place. Route GA4 through Google Tag Manager with Consent Mode triggers, or use a compliance tool that handles both blocking and consent signal updates automatically.

Setup steps

  1. Audit where GA4 is installed—theme code, GTM container, Shopify channel, apps
  2. Remove or disable unconditional GA4 loading
  3. Configure your cookie banner to categorize GA4 under analytics cookies
  4. Implement Consent Mode v2 with default denied state
  5. Load GA4 only after analytics consent or via Consent Mode's cookieless mode
  6. Test with browser DevTools to confirm no _ga cookies before consent

GA4 and Google Ads Together

Many stores link GA4 to Google Ads for conversion tracking and remarketing. This means both analytics_storage and ad_storage consent parameters matter. If a user accepts analytics but rejects marketing, GA4 can run in analytics-only mode while ad personalization stays disabled. Map your cookie categories to the correct Consent Mode parameters.

Cookie Policy Disclosures for GA4

Your cookie policy must name _ga and related cookies, explain that data is sent to Google LLC, describe the purpose as website analytics, and state retention periods. If you enable Google Signals or Ads linking, disclose those data flows as well.

Simplifying GA4 Compliance

Managing Consent Mode v2 and policy updates manually is error-prone. StoreComply sets Google Consent Mode defaults from your banner, provides deferred GA4/Meta install snippets, and logs visitor choices. Remove unconditional tracking code from your theme so tags only load after consent.

Verifying Your Setup Works

  • Use GA4 DebugView with consent denied—confirm limited data collection only
  • Check browser cookies after rejecting analytics—no _ga cookies should appear
  • Accept analytics and verify _ga cookies are set and events appear in DebugView
  • Use Google Tag Assistant to confirm Consent Mode parameters are passed correctly
  • Re-test after any theme update, app install, or GTM container change

Frequently asked questions

Is Google Analytics 4 illegal in the EU?
GA4 itself is not banned, but using it without proper consent violates GDPR. Authorities have fined organizations for loading GA without consent. With a compliant consent setup and Consent Mode v2, you can use GA4 legally for EU visitors who opt in.
What is Google Consent Mode v2?
It is a framework that tells Google tags whether the user has consented to analytics and advertising cookies. Tags adjust behavior accordingly—full tracking with consent, cookieless pings without. Google requires it for ad features in the EEA and UK.
Can GA4 work without cookies?
With Consent Mode denied, GA4 sends cookieless pings for basic modeling without setting _ga cookies. This is not a replacement for consent—it is how GA4 behaves when users decline analytics cookies.
Do I need consent for GA4 if I only sell in the US?
US-only stores without EU visitors are not subject to GDPR cookie consent rules. However, some US states have privacy laws affecting analytics. If any EU visitors can access your site, GDPR applies regardless of your primary market.

Skip the template hunt

StoreComply generates privacy, terms & cookie policies, blocks GA/Meta until consent, and includes a cookie scanner — from $19/mo.

Generate my policies free →Cookie banner & blocking

No credit card required to preview

Related guides