ALOHA SMILETravel agent for your website
Get a quote
Guide

Your site may be non-compliant. Worse, your ads may be lying to you.

The uncomfortable part

If your site serves visitors in the EEA and measures behaviour with Google tags, Google expects you to pass end-user consent choices to its tags. Consent Mode exists so those tags can adjust based on what the visitor accepted or rejected. In normal language: the banner and the tracking setup have to communicate. If they do not, you have a decorative banner on top of a setup that does whatever it wants.

There are two problems

Compliance risk. GDPR enforcement can include warnings, processing bans, and fines, and regulators have issued very large cookie-related penalties to major companies. Your small business is not the target of headline fines, but the underlying rules are not imaginary.

Bad marketing data. If your Google Ads conversions, GA4 events, or Meta Pixel are misconfigured, you may be making decisions from messy data. That is expensive in a quiet way. The campaign looks like it is working, or failing, or unreadable, and you cannot tell which.

What a proper check includes

Which cookies and scripts load before consent. Whether the banner offers a real accept and reject choice. Whether Consent Mode passes the right states. Whether GA4, Google Ads, and Meta events fire only when they should. Whether conversions are deduplicated and clearly named. Whether the cookie policy matches reality. And whether the banner is quietly destroying mobile conversion by covering the call to action.

That last one sounds less legal, but it matters. A huge banner can technically exist and still make the site awful to use.

Why this belongs in a redesign

A tired website usually has tired tracking: old tag-manager containers, duplicated tags, plugins injecting scripts, consent banners installed years ago, conversion events nobody has checked since the previous agency vanished. A rebuild is the natural moment to clean the luggage: keep the useful measurement, remove the mystery, set the consent flow properly, and make sure mobile visitors can still use the site without a legal pop-up eating the screen.

Do not panic. Audit.

This is not legal advice and it should not become fear marketing. The smart move is a practical check. The worst answer is “we have a banner, so we are fine.” Maybe. Maybe not. Check.

People also ask

  1. Is a cookie banner enough for GDPR?

    No. A banner only matters if the tracking respects what the visitor chose. If analytics and ad tags fire before consent, or ignore a rejection, you have a pretty banner sitting on top of a badly behaved setup. The banner and the tags have to actually talk to each other.

  2. What is Google Consent Mode?

    It is the mechanism that lets Google tags adjust their behaviour based on what a visitor accepted or rejected. For EEA traffic, Google expects you to pass end-user consent choices to its tags. Without it, your consent banner and your tracking are not connected.

  3. Can bad cookie setup hurt my Google Ads?

    Yes, in two ways. Compliance risk is one. The quieter, more expensive one is bad data: if conversions and events are not configured properly, you may be optimising campaigns on noise. You think it is working, or not working, or you cannot tell, and all three are bad.

  4. Does this matter for a small business?

    If you run no analytics, no ads, and no tracking cookies, your setup may be simple. If you run paid traffic, remarketing, or conversion tracking in the EEA, it matters. You are not Google or Shein, but the principle and the wasted ad budget are both real.

Get a cookie consent retrofit

If your site runs analytics or ads but no proper consent setup, do not wait for a regulator or a broken campaign to teach you the lesson. Send the URL.

Your email app will open with the details prefilled.