What "Non-Compliant" Actually Means for Ad Platforms

When a visitor lands on your website without properly being asked for their consent, any tracking pixels that fire — Google Analytics, Meta Pixel, Google Ads conversion tag — are doing so without a lawful basis. That's the GDPR violation. But the practical consequence is that both Google and Meta now act on this directly, not just the regulators.

Google's Consent Mode v2: The March 2024 Deadline Many Missed

In early 2024, Google announced that websites targeting EU/EEA users would need to implement Consent Mode v2 to retain full access to their advertising features. The deadline was March 6, 2024. This was widely reported in the digital marketing press — and widely ignored by businesses who didn't realise it applied to them.

Without Consent Mode v2 properly configured, Google removes access to:

  • Remarketing audience lists for EU users
  • Conversion modelling via Smart Bidding (less signal means worse campaign optimisation)
  • Cross-channel conversion reporting for EU traffic

The mechanism is Consent Mode itself: when a user declines cookies, Consent Mode v2 sends "pings" to Google that allow them to model conversions without setting cookies. If you don't have this set up, there's no signal at all — your remarketing lists stop growing and your Smart Bidding degrades without any obvious notification.

Meta and EU Ad Targeting Enforcement

Meta's situation is more visible. In May 2023, the Irish Data Protection Commission handed Meta a €1.2 billion fine for transferring EU user data to US servers without adequate safeguards — at the time the largest GDPR fine ever issued. That fine was for data transfer violations, but the direction of enforcement travel is clear.

More directly relevant to advertisers: Meta requires GDPR-compliant consent for behavioural ad targeting in EU/EEA. If your consent setup doesn't correctly pass consent signals to Meta via the Conversions API (CAPI), your EU remarketing audiences will be under-populated. If you're running UK or European campaigns, you'll see the effect as Custom Audiences shrinking and CPAs rising — and you may not connect those symptoms to a consent problem.

The Practical Impact on Your Ad Spend

Let's be concrete about what an under-compliant consent setup actually does to live campaigns:

  1. Remarketing lists stop building. Non-consenting visitors don't get added to your audience lists. If 60–70% of UK traffic declines cookies under a poorly designed consent banner, you're building remarketing from 30% of visitors.
  2. Smart Bidding degrades. Google's Target CPA, Target ROAS and Max Conversions algorithms rely on conversion signals. Missing Consent Mode v2 means less signal. Your CPAs rise and you don't see why.
  3. Attribution gaps cause wrong decisions. Without proper consent signal handling, your reports undercount conversions. You pause campaigns that are actually working, or increase budget on ones that aren't.
  4. Platform terms of service violations. Both Google and Meta require GDPR-compliant consent as a condition of using their ad products. Non-compliance can result in account-level action.

→ If you're running paid campaigns targeting the UK or EU and you haven't implemented Consent Mode v2, there is a direct cost to your campaign performance right now.

See Our GDPR & Consent Service →

What Compliant Actually Looks Like

A compliant setup requires three components working together:

  1. A properly configured Consent Management Platform (CMP) that meets IAB TCF 2.2 standards. The banner must present genuine choice — no pre-ticked boxes, no hidden decline option, no cookie walls that block content unless you accept.
  2. Google Consent Mode v2 integration (Basic or Advanced mode depending on your setup) connected through Google Tag Manager. This ensures Google receives the correct consent signals and can model appropriately.
  3. Meta's Conversions API (CAPI) with consent signal passing — so Meta receives consent status server-side and adjusts its data use accordingly.

The ICO and CNIL (the French regulator) have both taken enforcement action against sites using consent banners designed to nudge users into accepting. "Reject all" must be as easy as "Accept all." If it's buried in a three-click journey, it's not compliant.

How We Approach This at adkonnekt

We implement end-to-end consent solutions that handle all three components. We audit your existing CMP setup, reconfigure it to IAB TCF 2.2 standards, implement Consent Mode v2 through GTM, and connect CAPI for Meta. For clients who've had non-compliant setups, we typically see remarketing audience recovery within 30–60 days and measurable improvement in conversion tracking completeness.

Frequently Asked Questions

Can I just add a cookie banner and be compliant?

A banner alone isn't enough. The banner must meet specific design requirements (genuine choice, no dark patterns), and your tag setup must respond correctly to the user's choice — blocking or firing tags based on consent status. The technical implementation behind the banner is as important as the banner itself.

Does GDPR apply if most of my customers are in the UK?

Yes. The UK has its own equivalent legislation (UK GDPR) which is substantively the same as EU GDPR and is enforced by the Information Commissioner's Office (ICO). UK businesses are subject to it regardless of where their customers are based.

How do I know if my current consent setup is broken?

Common signs: your GA4 data shows an unusually high or low cookie consent rate, your Meta remarketing audiences are smaller than expected given your traffic volume, or your Consent Mode implementation isn't verified as "active" in Google Tag Manager's preview mode. We offer a free consent audit for new clients.

Is Your Consent Setup Costing You?

We audit GDPR consent setups and fix them end-to-end — CMP configuration, Consent Mode v2, and Meta CAPI. Find out exactly where you stand.

Get a Free Audit →

Related Reading

Tracking & Analytics

The Shopify Checkout Tracking Problem (And the Custom JS Solution That Works)