TLDR
GA4 can technically send limited, cookieless data, but in practice it relies on first-party cookies like _ga and _gid to provide meaningful insights, attribution, and audiences. In Belgium, those analytics cookies are not strictly necessary, so GDPR and the ePrivacy Directive require explicit consent before GA4 loads. Running GA4 without cookies does not remove the need for consent, since behavioral data is still personal data.
The pragmatic route is to treat GA4 as consent based, implement a compliant banner that blocks GA4, and use Consent Mode V2 to model some conversions when users refuse cookies. Many Belgian businesses then combine GA4 with CRM data, server side tracking, or privacy first tools to fill gaps. If you need a tailored, compliant setup, you can work with 6th Man Digital via their guides on server side tracking or how we work.
tldr: does GA4 require cookies in Belgium?
The short answer to "does GA4 require cookies?" depends on whether you mean technical necessity or legal obligation. Technically, GA4 does not absolutely require cookies to collect some data, but it does set first-party cookies by default to identify returning visitors and track conversions. Legally, Belgian and EU law say that placing non-essential cookies on a user's device requires prior consent. That means in Belgium, you must show a compliant cookie banner and only fire GA4 after a visitor accepts analytics cookies, unless you can prove those cookies fall under a narrowly defined exception.
Many marketing teams ask "does GA4 require cookies for Google Analytics" because they hope to avoid cookie banners or reduce consent-related data loss. The reality is that even with Consent Mode enabled, GA4 still relies on cookies when consent is given and can only model aggregate data when consent is denied. Running GA4 entirely without cookies is possible in theory, but the data becomes so limited that most businesses find it impractical for campaign optimization or attribution.
does GA4 require cookies?
Google Analytics 4 sets cookies by default to maintain user identity across sessions and pages. The main cookies are _ga and _gid. The _ga cookie stores a unique client ID that persists for up to two years, while the _gid cookie expires after 24 hours and is used for short-term session tracking. These are first-party cookies, meaning they come from your own domain rather than from Google's domain.
If you configure GA4 to respect a user's consent choice and that user declines cookies, the GA4 tag will not set these cookies and will instead send cookieless pings. Those pings can still record basic events like page views, but they cannot tie those events back to a returning visitor over time. This makes attribution, conversion funnels, and user lifetime metrics nearly impossible to calculate accurately. In short, GA4 does require cookies to deliver the insights most businesses rely on for paid media, SEO, and CRO.
quick answer: how GA4 works with and without cookies
When cookies are allowed, GA4 collects each visitor's client ID from the _ga cookie, links all their events into a session, and stitches sessions over time into a user journey. You see returning visitors, pages per session, time on site, and clear conversion paths. When cookies are denied and you have Consent Mode V2 active, GA4 sends anonymized, cookieless pings and Google applies machine learning models to estimate aggregated metrics like conversion counts and geographic trends. You lose granular user journeys and cannot retarget or build custom audiences in Google Ads based on GA4 data.
In Belgium, the legal default is that you must ask for consent before setting any cookie that is not strictly necessary for the website to function. Analytics cookies, including those set by GA4, are not considered strictly necessary because you can deliver your website's content and services without them. That means you need a compliant cookie banner that blocks GA4 until the user clicks accept. If a significant share of your visitors decline cookies, you will face large gaps in your reporting and attribution unless you design a measurement strategy that blends GA4 with other signals or tools.
If you run a website in Belgium and use Google Analytics 4, you need to know whether GA4 requires cookies to work and whether you need cookie consent under GDPR and Belgian law. The technical answer is that GA4 can function in a limited way without cookies, but by default it does set first-party cookies to track users across sessions. The legal answer is that you almost always need explicit consent from visitors in Belgium before those cookies can fire. Running GA4 without consent or attempting to bypass cookies does not automatically make you compliant. This article unpacks how GA4 uses cookies, what happens when they are blocked or denied, and what Belgian businesses should do to balance data-driven marketing with privacy law.
We will cover the key differences between GA4 and the old Universal Analytics when it comes to cookies, explain how Google's Consent Mode V2 lets GA4 model some data when users decline tracking, and walk through the Belgian legal context shaped by GDPR, the ePrivacy Directive, and guidance from the Belgian Data Protection Authority. Whether you manage a B2B lead generation site or an international e-commerce store, you will find practical configuration steps and strategic recommendations that let you measure what matters without unnecessary legal risk.
how GA4 uses cookies by default
Out of the box, a fresh GA4 property with the standard gtag.js or Google Tag Manager implementation will drop two main cookies on your domain as soon as the tag loads. Those cookies let GA4 recognize returning visitors and link events over time, which is the foundation of almost every report you see in the GA4 interface. Understanding exactly which cookies GA4 sets, what data they store, and how they differ from Universal Analytics is essential before you decide how to handle consent and legal obligations.
Many marketers search for "GA4 cookies" or "Google Analytics cookies list" because they need to declare them in a cookie policy or configure a consent management platform. The good news is that GA4 has fewer cookies than Universal Analytics and all of them are first-party. The challenge is that even though GA4 cookies are simpler, the law still treats them as requiring consent because they enable behavioral tracking and profiling.
ga4 cookies vs universal analytics cookies
Universal Analytics set a range of cookies including _ga, _gid, _gat, and optionally _gac for Google Ads click tracking. GA4 has streamlined this. The main GA4 cookies are _ga and _gid. The _ga cookie stores a unique client ID and has a default expiration of two years. The _gid cookie expires after 24 hours and is used to distinguish users within a short window.
GA4 does not use the _gat throttle cookie that Universal Analytics needed to limit request rates. If you enable Google Signals in GA4, no additional cookies are set on your domain, but GA4 does tap into Google's signed-in user data if the visitor is logged into a Google account. If you run Google Ads and have auto-tagging enabled, GA4 may read the _gcl_* cookies that Google Ads sets for click attribution, but those are owned by Google Ads rather than GA4 itself.
The shift from Universal Analytics to GA4 does not change your legal obligation under GDPR. Both versions set cookies that track user behavior, and both require consent in Belgium. The main difference is that GA4 is built with privacy controls like Consent Mode in mind from day one, so it is easier to configure GA4 to respect a visitor's choice without breaking the entire measurement setup.
first party vs third party cookies in GA4
All standard GA4 cookies are first-party cookies. That means they are set on your own domain and sent only to your domain or to Google on your behalf. Third-party cookies are set by a different domain than the one the user is visiting, often for cross-site tracking or advertising. Browsers like Safari and Firefox already block most third-party cookies by default, and Chrome has announced it will phase them out entirely.
Because GA4 relies solely on first-party cookies, it is less affected by browser cookie restrictions than older ad-tracking pixels and third-party analytics scripts. However, first-party cookies are not exempt from GDPR consent rules. Belgian law and the ePrivacy Directive do not distinguish between first-party and third-party cookies when deciding if consent is needed. The question is always whether the cookie is strictly necessary to provide a service the user explicitly requested. Analytics cookies are not strictly necessary, so they need consent even if they are first-party.
This is an important point when evaluating claims that GA4 is more privacy friendly. It is true that using first-party cookies improves data quality in a world where browsers block third-party trackers, but it does not eliminate your legal duty to get consent in Belgium. You still need a cookie banner that blocks GA4 until the user opts in.
key GA4 cookies like _ga and _gid explained
The _ga cookie is the primary identifier in GA4. When a visitor lands on your site for the first time, the GA4 tag generates a random client ID and stores it in the _ga cookie. That client ID looks something like GA1.2.123456789.1609459200. Every event that visitor triggers, on any page of your site, includes this client ID so GA4 can group those events into sessions and recognize the same visitor when they return days or weeks later.
The _ga cookie value explained: the format includes a version number, a domain depth indicator, a random unique number, and a timestamp of the first visit. This structure lets GA4 distinguish users even if they visit from different devices or clear their cookies and return. The default expiration is 730 days (two years), but you can shorten that in your GA4 configuration if you want to align with a more privacy-conscious retention policy.
The _gid cookie serves a similar purpose but expires after 24 hours. It helps GA4 distinguish users within the same day or session window. In practice, the _gid cookie is less critical than _ga, and some implementations disable it entirely to reduce cookie footprint. If you are building a minimal-cookie setup, you can configure GA4 to rely only on the _ga cookie or even switch to a server-managed identifier, though that adds significant complexity.
Both cookies store only pseudonymous identifiers, not names, email addresses, or other directly identifying personal data. Under GDPR, pseudonymous identifiers tied to behavioral data still count as personal data, which is why these cookies trigger the consent requirement. Knowing exactly what each cookie contains helps you write a clear and accurate cookie policy, and it lets you explain to users why you need their consent in the first place.
can GA4 work without cookies?
GA4 can technically send some data without cookies, but that data is extremely limited and almost useless for serious marketing decisions. When you enable Consent Mode V2 and a visitor denies cookies, GA4 switches to a cookieless ping mode. These pings record basic events like page views and clicks, but they do not include a persistent client ID. Without that ID, GA4 cannot recognize the same visitor across sessions or pages. Every visit looks like a brand new user, and you lose all the context that makes analytics valuable.
This is where the question "does GA4 require cookies?" becomes practical rather than philosophical. If you want to measure funnel drop-off, track returning users, calculate session duration, attribute conversions to marketing channels, or build audiences for retargeting, then yes, GA4 requires cookies. Without them, you end up with a pile of disconnected events that tell you almost nothing about user behavior or campaign performance. For B2B lead generation or e-commerce sites, that data gap makes GA4 unusable for optimization.
what happens in GA4 when cookies are denied
When a user declines cookies in a compliant consent banner, GA4 will respect that choice if you have implemented Consent Mode correctly. The tag will not set the _ga or _gid cookies, and it will send anonymized, cookieless pings to Google. These pings include basic context like page URL, referrer, and device type, but no persistent identifier. GA4 reports will show spikes in new users, inflated bounce rates, and broken attribution because every page view looks like a new session from a new person.
If a large share of your traffic denies cookies, which is common in Belgium and other EU markets, your GA4 data becomes noisy and incomplete. You cannot accurately measure conversion rates, track customer journeys, or build remarketing audiences in Google Analytics. This is the hidden cost of privacy regulation. You are legally compliant, but your ability to run data-driven campaigns drops sharply unless you design your measurement strategy to work with partial data.
consent mode v2 and modeled conversions
Google's Consent Mode V2 was introduced to help GA4 and Google Ads function when users decline cookies. When consent is denied, Consent Mode sends anonymized pings to Google's servers. Google then uses machine learning to estimate aggregate metrics like conversion volume, geographic distribution, and device mix. This is called behavioral modeling, and it fills in some of the gaps left by missing cookie data. You get directional insights about overall trends, but you lose granular user-level data.
Modeled conversions are not the same as measured conversions. They are statistical estimates based on patterns Google sees across all its advertisers. For large campaigns with high traffic, the models can be reasonably accurate at the aggregate level. For smaller campaigns or niche audiences, the error margins widen. You cannot segment modeled data by specific user attributes, and you cannot use it to build custom audiences or retarget specific users. In short, Consent Mode V2 keeps GA4 running when does GA4 require cookies for legal reasons, but it does not replace the full functionality you get with cookies.
If you run Google Ads campaigns tied to GA4 conversion goals, Consent Mode V2 can still feed some conversion signals back to Google Ads for campaign optimization. This is better than nothing, but you will see drops in reported conversions and lower match rates for audiences. Many marketers in Belgium find that Consent Mode V2 makes GA4 usable enough to keep it in place, but they complement it with other data sources like CRM integrations or server side tracking to fill the gaps.
ga4 without cookies vs fully cookieless analytics
When people ask "does GA4 require cookies" they sometimes confuse GA4 without cookies with cookieless analytics tools that were built from the ground up to work without any client-side identifiers. GA4 without cookies is GA4 in a degraded state. It was designed to use cookies, and when you strip them out, you lose most of its power. Fully cookieless analytics platforms use different architectures. Some rely on server-side session storage, others use fingerprinting or IP hashing, and others aggregate data at the page level instead of the user level.
These privacy-first tools never set cookies, so they do not require consent under GDPR or Belgian law in most cases. They also provide much less granular data than GA4 with cookies. You might see total page views, top landing pages, and referrer sources, but you will not see user journeys, session depth, or conversion funnels. For companies that want basic traffic stats without consent overhead, cookieless tools make sense. For performance marketers trying to optimize paid campaigns or conversion rates, they are not a substitute for GA4 with proper consent and cookies.
The real question is not whether GA4 requires cookies to function at all, but whether it requires cookies to deliver the insights your business needs. For most growth-focused Belgian companies, the answer is yes. You can run GA4 without cookies, but the data will be so limited that you might as well not run analytics at all. The better path is to implement a compliant consent banner, use Consent Mode V2, and accept that a portion of your users will opt out. Then design your measurement strategy to work with partial data and supplement GA4 with other signals where it makes sense.
is GA4 without cookies legal in Belgium?
Running GA4 without cookies does not automatically make your setup legal in Belgium. The law cares about consent for tracking and data processing, not just about the presence or absence of cookies. Even if you configure GA4 to run in cookieless mode, you are still collecting behavioral data like page views, clicks, referrers, and device information. Under GDPR and the ePrivacy Directive, that data is often considered personal data because it can be linked back to an individual, especially when combined with IP addresses or other identifiers.
The Belgian Data Protection Authority and EU regulators have consistently said that analytics cookies and similar tracking technologies require prior consent unless they are strictly necessary to deliver a service the user explicitly requested. GA4 cookies are not strictly necessary. You can deliver your website's content and services without tracking user behavior. That means you need consent before GA4 can fire, whether it is using cookies or not. If you bypass consent and rely solely on GA4's cookieless pings, you may still be in violation of Belgian and EU law.
how GDPR and the eprivacy directive apply to GA4
GDPR governs the processing of personal data, and the ePrivacy Directive governs the use of cookies and similar tracking technologies. Both apply to GA4 in Belgium. Under GDPR, personal data includes any information that can identify a person directly or indirectly. GA4 collects pseudonymous identifiers like the client ID in the _ga cookie, along with behavioral data tied to that ID. That combination is personal data. Processing it requires a lawful basis, and for marketing analytics, the only practical lawful basis is consent.
The ePrivacy Directive, which Belgian law implements, says you need consent before placing non-essential cookies on a user's device. Essential cookies are only those required to provide a service the user requested, like a shopping cart or login session. Analytics cookies do not meet that standard. Even if you use GA4 without setting cookies, the act of sending user behavior data to Google's servers still constitutes electronic communication monitoring, which also requires consent under ePrivacy. The bottom line is that does GA4 require cookies for legal analytics in Belgium? Not technically, but it does require consent whether cookies are present or not.
Multiple EU data protection authorities, including those in Austria, France, and Italy, have ruled that the use of Google Analytics violates GDPR when proper consent is not obtained or when data is transferred to the United States without adequate safeguards. While those rulings targeted the old Universal Analytics, the same concerns apply to GA4. You must obtain clear, informed, and specific consent from Belgian users before GA4 collects any data. If you fail to do so, you risk fines and enforcement action from the Belgian DPA.
what the belgian DPA and other EU regulators say
The Belgian Data Protection Authority has not issued a specific ruling on GA4 yet, but it has been clear in general guidance that analytics tools require consent and that data transfers to third countries must comply with GDPR's Chapter V requirements. Belgium follows the same interpretation as other EU member states. The Austrian, French, and Italian DPAs have all found Google Analytics non-compliant in specific cases, primarily because of inadequate consent mechanisms and data transfers to the U.S. without proper legal safeguards.
Google has made changes to address some of these concerns. GA4 is built with more privacy controls than Universal Analytics. It does not store IP addresses in raw form, it supports Consent Mode, and Google has implemented new data processing terms to address the Schrems II ruling on transatlantic data transfers. However, the Belgian DPA and other regulators still expect website owners to obtain explicit opt-in consent before any tracking starts. A pre-ticked box, implied consent, or a cookie wall that forces users to accept tracking are all non-compliant under Belgian and EU interpretation.
In practice, this means that if you operate a website targeted at Belgian users, you need a compliant cookie banner that clearly explains what GA4 does, gives users a genuine choice, and blocks GA4 from loading until consent is given. Running GA4 without cookies or without consent will not protect you from regulatory risk. The safest legal path is to treat GA4 as requiring consent in Belgium, configure your consent management platform correctly, and document your compliance process. You can learn more about how to set up a compliant banner in our guide on cookie consent implementation.
does GA4 require cookies for legal analytics in Belgium?
From a legal standpoint, the question is not whether GA4 requires cookies, but whether you need consent to use GA4 at all. The answer in Belgium is yes. GA4 processes personal data and tracks user behavior, both of which require a lawful basis under GDPR. Consent is the only practical lawful basis for analytics in a marketing context. You must get that consent before GA4 loads on the page, and you must give users the option to decline without penalty.
If you configure GA4 to run without cookies and rely solely on Consent Mode's cookieless pings, you are still collecting and transmitting behavioral data. That activity requires consent under both GDPR and the ePrivacy Directive. The absence of cookies does not change the legal obligation. Some businesses mistakenly believe that if they turn off cookies in GA4, they can skip the consent banner. That is incorrect and risky. Belgian regulators expect you to obtain consent before any tracking, regardless of the technical mechanism.
The safest and most compliant approach is to implement a proper consent banner that blocks GA4 until the user opts in, enable Consent Mode V2 so GA4 can still send anonymized pings when consent is denied, and design your measurement strategy to work with partial data. You should also review your data processing agreement with Google, ensure that data transfers comply with Schrems II requirements, and document your compliance decisions in case of an audit. Does GA4 require cookies for legal analytics in Belgium? Legally, it requires consent, and practically, it requires cookies to deliver useful data. The two go hand in hand.
do you need cookie consent for Google Analytics 4?
Yes, you need cookie consent for Google Analytics 4 in Belgium and across the EU. GA4 sets first-party cookies by default, and those cookies are used to track user behavior over time. Under GDPR and the ePrivacy Directive, you must obtain explicit, informed consent before placing those cookies on a visitor's device. The consent must be freely given, specific, and easy to withdraw. Pre-checked boxes, cookie walls, or vague statements in a privacy policy do not meet the legal standard for valid consent.
Many businesses struggle with this requirement because getting consent reduces the amount of data they can collect. In Belgium, a significant percentage of users decline cookies when given a clear choice. That creates a trade-off between legal compliance and data completeness. The right answer is to prioritize compliance, implement a strong consent banner, and adapt your analytics and marketing strategy to work with partial data. Trying to avoid consent by claiming GA4 does not require cookies or that cookies are essential is legally risky and unlikely to hold up under scrutiny.
when GA4 cookies are considered strictly necessary
Strictly necessary cookies are those required to provide a service that the user explicitly requested. Common examples include session cookies for login authentication, shopping cart cookies for e-commerce checkouts, and cookies that remember language preferences or accessibility settings. Analytics cookies, including those set by GA4, are not strictly necessary. They collect data for your benefit as the website owner, not to provide a core service the user asked for.
Some businesses argue that analytics are necessary to ensure website security or to improve user experience. Belgian and EU regulators reject that argument. You can deliver your website's content, process orders, and serve customers without tracking user behavior. That means GA4 cookies require consent. If you want to avoid the consent requirement entirely, you need to use a truly cookieless analytics tool that does not track individual users and does not set any identifiers. Even then, you must be careful about what data you collect and how you process it.
There is no legal exemption for GA4 cookies under the strictly necessary category. If you label them as such in your cookie policy or configure your consent banner to load GA4 before consent, you are misrepresenting the legal status of those cookies and creating compliance risk. The Belgian DPA and other EU authorities have made clear that analytics is an optional data collection activity that requires user permission. You cannot work around that by redefining GA4 cookies as essential.
examples of consent banners that block GA4 correctly
A compliant consent banner for GA4 in Belgium must meet several criteria. It must appear before any non-essential cookies or tracking scripts load. It must clearly explain what data GA4 collects and why. It must give users a genuine choice to accept or decline, with both options equally easy to select. It must allow users to choose granular preferences, such as accepting functional cookies but declining analytics cookies. And it must store the user's choice and respect it across sessions.
A well-designed banner will integrate with Google Tag Manager to control when GA4 fires. When the page loads, GTM checks the user's consent status. If consent has not been given, GA4 does not load. If consent is granted, GA4 fires with full cookie functionality. If consent is denied, GA4 either does not fire at all or fires in cookieless mode with Consent Mode V2 enabled. This setup ensures that GA4 respects user choice and that you remain compliant with Belgian law.
Many Belgian businesses use consent management platforms like Cookiebot, OneTrust, or Didomi to handle this workflow. These tools automatically block GA4 until consent is received, log user consent choices, and integrate with GTM to pass consent signals. You can also build a custom solution using GTM's built-in consent triggers and variables, but that requires more technical expertise. The key is to make sure GA4 does not load before consent and that users have a clear, easy way to say no. If your banner is designed to trick users into clicking accept or if declining consent is hidden behind multiple clicks, it is not compliant.
common consent implementation mistakes we see
One of the most common mistakes is loading GA4 before the consent banner appears or while the user is still making a decision. If GA4 fires as soon as the page loads, you have already violated the consent requirement, even if you show a banner afterward. The tag must be blocked until the user actively opts in. Another frequent error is using a cookie wall that prevents users from accessing the site unless they accept cookies. That type of forced consent is not valid under GDPR because consent must be freely given.
We also see businesses that configure their consent banner to have two buttons, one labeled accept and one labeled settings, with no clear decline option on the first screen. That design nudges users toward acceptance and makes it harder to say no. Belgian regulators expect declining to be as easy as accepting. If a user has to click through multiple layers to refuse tracking, your consent mechanism is not compliant. Similarly, pre-checked boxes that default to consent are illegal. Users must take an affirmative action to opt in.
Another mistake is failing to update the consent banner when you add new tracking tools or change how you use GA4 data. If your banner says GA4 is used only for basic traffic stats, but you later enable Google Signals for cross-device tracking or link GA4 to Google Ads for remarketing, you need to update your banner and re-obtain consent. Finally, many businesses do not test their consent implementation properly. They assume that because a banner appears, GA4 is blocked, but in reality the tag still fires before consent. You should use browser developer tools or a tool like our technical audit services to verify that GA4 truly respects consent status.
how to configure GA4 for minimal cookies and maximum data
The goal for most Belgian businesses is to stay compliant with GDPR and Belgian law while still collecting enough data to make informed marketing decisions. That means designing a GA4 setup that respects user consent, minimizes data collection where possible, and uses privacy controls to reduce legal risk. You can configure GA4 to collect less data, store it for shorter periods, and avoid features that increase privacy concerns. The trade-off is that you lose some granularity, but you gain legal safety and user trust.
Start by auditing your current GA4 and tag manager setup to understand exactly what data you are collecting, when tags fire, and how consent is handled. Then implement Consent Mode V2 to ensure GA4 sends anonymized pings when consent is denied. Limit your data retention period to the shortest time you need for analysis, disable advertising features like Google Signals if you are not using them, and turn on IP anonymization. Finally, consider moving some tracking to the server side to reduce the number of third-party requests visible to the user. Each of these steps reduces your privacy footprint and makes GA4 easier to defend in a compliance review.
1. audit your current GA4 and tag manager setup
Before you make changes, you need to know what you are working with. Log in to Google Tag Manager and review every tag, trigger, and variable related to GA4. Check when the GA4 configuration tag fires. If it fires on all pages without a consent check, you have a compliance problem. Look for additional event tags that track clicks, form submissions, or video plays. Make sure each of those respects consent as well.
Next, review your GA4 property settings in Google Analytics. Check your data retention period. GA4 defaults to storing event-level data for 14 months in the free version. If you do not need that much history, you can shorten it to 2 months. Look at your data streams and see if you have IP anonymization enabled. Check whether Google Signals is turned on. If it is and you are not using it for cross-device reporting or remarketing, turn it off to reduce data sharing with Google. Document everything you find so you know what changes to make.
Finally, test your consent flow. Open your website in a private browser window and interact with the consent banner. Decline cookies and then open your browser's developer tools to check the network tab. If you see requests to Google Analytics or the _ga cookie being set, your consent implementation is broken. GA4 is loading before or without consent. You need to fix that before you do anything else. A compliance audit is the first step in building a privacy-friendly GA4 setup that still delivers useful data.
2. implement consent mode v2 the right way
Consent Mode V2 is Google's solution for making GA4 and Google Ads work in a world where many users decline cookies. When implemented correctly, Consent Mode tells GA4 whether the user has granted or denied consent for analytics and advertising cookies. If consent is granted, GA4 operates normally with full cookie functionality. If consent is denied, GA4 switches to a privacy-preserving mode where it sends anonymized, cookieless pings to Google. Those pings are used for behavioral modeling but do not identify individual users.
To implement Consent Mode V2, you need to pass consent signals from your consent banner to Google Tag Manager, and from GTM to GA4. Most modern consent management platforms support this natively. If you are building a custom solution, you use GTM's consent API to set default consent states before any tags load, then update those states when the user makes a choice. You must configure at least two consent types: analytics_storage for GA4 cookies and ad_storage for advertising cookies if you use Google Ads.
When consent is denied, GA4 will still send pings that include basic event data like page URL, referrer, and device type, but no client ID or user identifiers. Google uses those pings to build aggregate statistical models. You get estimated conversion volumes and traffic trends, but you lose user-level detail. The benefit is that you stay compliant while still feeding some signal to GA4 and Google Ads. The key is to make sure you update your privacy policy to explain how Consent Mode works and that users understand what data is collected even when they decline cookies.
3. limit data collection and enable privacy controls
GA4 gives you several settings to reduce the amount of data you collect and increase privacy. Start with data retention. By default, GA4 keeps event-level data for 14 months in the free version. You can change that to 2 months if you do not need long historical data. Shorter retention reduces your risk under GDPR's data minimization principle. It also makes it easier to respond to user deletion requests because data ages out faster.
Next, disable Google Signals if you are not using it. Google Signals links GA4 data to Google account information for users who are signed in to Google and have ad personalization turned on. That enables cross-device tracking and remarketing, but it also means more data is shared with Google. If you are not running Google Ads remarketing campaigns or building cross-device audiences, turn Signals off. It reduces data processing and privacy risk without affecting your core analytics.
You should also review which events you are tracking. Many businesses track everything by default, including scroll depth, video plays, file downloads, and outbound link clicks. Each additional event increases your data footprint and creates more opportunities for user identification. Focus on tracking only the events you actually use for decision-making. If you never look at scroll depth data, stop collecting it. Finally, make sure IP anonymization is enabled in your data streams. GA4 does not store full IP addresses by default, but enabling anonymization provides an extra layer of protection and signals to users that you take privacy seriously.
4. consider server side tracking with strict controls
Server side tracking moves some of the data collection logic from the user's browser to your own server. Instead of the GA4 tag firing directly in the browser and sending data to Google, the tag sends data to your server, and your server forwards it to Google. This architecture gives you more control over what data is sent, lets you filter or anonymize data before it reaches Google, and reduces the number of third-party connections visible to the user. It can also improve data quality because server-side requests are less likely to be blocked by ad blockers or browser privacy features.
However, server side tracking does not eliminate the need for consent. You are still collecting user behavior data, and you still need permission under GDPR and Belgian law. What server side tracking does is give you more flexibility in how you handle that data. You can strip out sensitive information, aggregate events before sending them to GA4, or route data to multiple analytics platforms from a single server endpoint. For Belgian businesses that want to reduce reliance on third-party cookies while maintaining measurement capability, server side tracking is a powerful tool. You can learn more about the technical setup in our guide on how server side tracking works.
The main challenges with server side tracking are cost and complexity. You need to run your own server infrastructure, either on Google Cloud Platform using Google's Server-Side Tag Manager or on another cloud provider with a custom implementation. You also need technical expertise to set it up and maintain it. For small businesses or websites with low traffic, the effort may not be worth it. For larger e-commerce sites or B2B platforms with complex tracking needs, server side tracking can improve both performance and privacy compliance.
alternatives if you want analytics without cookies at all
If you want to avoid cookies and consent banners entirely, you need to use an analytics tool that was built from the ground up to work without client-side identifiers. These privacy-first platforms do not track individual users across sessions. Instead, they collect aggregate data at the page or session level, often using server-side logging or anonymized fingerprinting. The advantage is that you do not need consent in most cases because you are not processing personal data. The disadvantage is that you lose all the user-level insights that make GA4 valuable for campaign optimization and conversion tracking.
Popular privacy-first tools include Plausible, Fathom, Simple Analytics, and Matomo (when configured in privacy mode). These platforms give you basic traffic stats like page views, referrers, device types, and geographic regions, but they do not track user journeys, returning visitors, or conversion funnels in the same way GA4 does. For companies that only need high-level traffic monitoring and do not run paid campaigns or conversion optimization, these tools can be a good fit. For performance marketers, they are usually too limited to replace GA4.
privacy friendly analytics tools popular in Europe
Plausible Analytics is one of the most popular privacy-first tools in Europe. It does not use cookies, does not track individuals, and stores all data on EU servers. The interface is simple and focused on essential metrics. You see page views, traffic sources, top pages, and device breakdowns, but no user-level data. Plausible is lightweight and fast, which also improves page load times. It is a good choice for content sites, blogs, and small business websites that want basic insights without consent overhead.
Fathom Analytics takes a similar approach. It collects anonymized data without cookies and provides a clean dashboard focused on traffic trends and referrer sources. Fathom is EU-hosted and GDPR-compliant by design. It integrates with common website platforms and is easy to set up. Like Plausible, it does not offer the depth of analysis you get from GA4, but it covers the basics well. Simple Analytics is another option in the same category, with a focus on privacy and simplicity.
Matomo is a more full-featured alternative. It can be run in a privacy-friendly mode where it anonymizes IPs, does not use cookies, and respects Do Not Track signals. When configured this way, Matomo is often considered exempt from consent requirements in many EU countries, though legal opinions vary. The trade-off is that Matomo in privacy mode loses much of its advanced functionality. If you use the full version of Matomo with cookies enabled, you are back to needing consent just like GA4. Matomo is open source and can be self-hosted, which gives you full control over your data, but that also means you are responsible for server management and updates.
trade offs vs GA4 for B2B and ecommerce
For B2B lead generation sites, the main value of GA4 is tracking how leads move through your funnel. You want to see which marketing channels drive form fills, how long it takes a visitor to convert, and which content pages support the buying journey. Privacy-first tools cannot deliver that level of insight because they do not track individual users over time. You get traffic numbers, but you cannot connect a lead back to their first visit or attribute it to a specific campaign. That makes it hard to optimize your paid media or content strategy.
For e-commerce, the gap is even larger. GA4 integrates with Google Ads and other advertising platforms to track conversions, build remarketing audiences, and measure return on ad spend. It tracks product views, add-to-cart events, checkout steps, and purchase completion, all tied to individual user sessions. Privacy-first tools give you aggregate sales data and top products, but they do not support conversion tracking or audience building. If you rely on paid advertising to drive sales, you need a tool that can feed conversion data back to ad platforms. GA4 with proper consent does that. Privacy-first tools do not.
The trade-off comes down to your business model and risk tolerance. If you run a content site, a portfolio, or a small informational business site, a privacy-first tool is often the right choice. You avoid consent complexity, stay compliant by default, and still get the traffic insights you need. If you run paid campaigns, optimize conversion funnels, or need detailed attribution data, you will struggle without GA4 or a similar tool that tracks users. In that case, the better path is to implement GA4 with proper consent, accept that some users will opt out, and design your measurement strategy to work with partial data.
when GA4 without cookies makes sense for your business
For most Belgian businesses, GA4 without cookies is not a viable option. The data is too limited to support meaningful optimization or campaign management. However, there are specific scenarios where running GA4 in a minimal-cookie or cookieless mode makes strategic sense. If your business operates in a low-risk environment, serves a privacy-conscious audience, or does not rely heavily on paid advertising, you can design a measurement approach that prioritizes compliance and transparency over data completeness.
The key is to understand what trade-offs you are making. Running GA4 without cookies means accepting that you will not have user-level data, that your attribution will be directional at best, and that you cannot build remarketing audiences or personalized campaigns based on GA4 data. If those limitations are acceptable given your business model, then a minimal-cookie or cookieless GA4 setup can work. If they are not, you need to implement a consent-first strategy and build your analytics stack around the reality that many users will decline tracking.
b2b scenarios and lead generation sites
B2B lead generation sites often have longer sales cycles and smaller audience sizes than consumer e-commerce. A typical Belgian B2B site might get a few hundred visitors per day, with a handful of form fills per week. In that environment, losing 40 to 60 percent of your analytics data to cookie opt-outs is painful, but it may not be fatal. You can still track broad traffic trends, see which content pages get the most engagement, and measure form completion rates at an aggregate level.
If you combine GA4 with CRM data and server-side tracking, you can build a fuller picture. When a lead fills out a form, you can log that conversion server-side and tie it back to GA4 session data using UTM parameters or client IDs. You lose the ability to track anonymous visitors over multiple sessions, but you gain reliable conversion tracking for known leads. This hybrid approach balances privacy compliance with measurement needs. You respect user choice, collect less data, and focus on what matters most, which is qualified leads, not vanity metrics like page views.
For B2B companies with complex products or high-value contracts, the sales process often involves personal conversations, demos, and offline touchpoints. In that context, precise digital attribution is less important than understanding which channels generate awareness and which content supports the buying committee. GA4 without cookies can still show you referrer sources, landing pages, and high-level engagement. You supplement that with qualitative feedback from your sales team and CRM data to understand the full customer journey. It is not perfect, but it is pragmatic and compliant.
ecommerce stores balancing data and compliance
E-commerce sites face a harder trade-off. Online stores rely on detailed analytics to optimize product pages, test checkout flows, and measure the ROI of paid advertising. Losing user-level tracking makes all of those tasks harder. However, if you operate in a category where customers are especially privacy-conscious or if your brand positioning emphasizes trust and transparency, running GA4 with strong privacy controls can be a competitive advantage. You signal to customers that you respect their data, and you differentiate from competitors who hide behind vague privacy policies.
One approach is to implement GA4 with Consent Mode V2 and accept that a large share of your traffic will be modeled rather than measured. You focus your optimization efforts on the users who do consent, and you use modeled data for directional insights about overall trends. You also invest in first-party data collection through email signups, loyalty programs, and post-purchase surveys. That gives you a direct relationship with customers and reduces your reliance on third-party cookies for personalization and retargeting.
Another strategy is to run a hybrid analytics stack. You use GA4 with consent for detailed campaign tracking and conversion attribution, and you run a privacy-first tool like Plausible or Fathom alongside it to capture aggregate traffic data from users who decline cookies. The privacy-first tool does not need consent, so it gives you a baseline of total site traffic. GA4 gives you the conversion and audience data you need for paid campaigns. Together, they provide a more complete picture than either tool alone. This approach requires more setup and cost, but it balances compliance with data needs effectively.
how 6th man digital designs measurement strategies
At 6th Man Digital, we work with Belgian B2B and e-commerce businesses to design measurement strategies that balance growth and compliance. We do not believe in one-size-fits-all solutions. Every business has different data needs, different risk tolerances, and different customer expectations. Our approach is to audit your current setup, understand your business model and marketing goals, and then design a custom analytics stack that gives you the insights you need while staying compliant with Belgian and EU law.
We start by fixing consent. If your GA4 implementation is not respecting user choice, we rebuild it using Google Tag Manager and a proper consent management platform. We implement Consent Mode V2, test the setup thoroughly, and document the configuration for compliance audits. Then we look at what data you actually use. Many businesses collect dozens of GA4 events but only look at a handful of reports. We help you focus on the metrics that drive decisions and strip out the noise.
For businesses that need more than GA4 can deliver under consent restrictions, we design hybrid measurement approaches. That might include server-side tracking to improve data quality and control, CRM integrations to tie conversions back to marketing channels, or complementary privacy-first tools to capture baseline traffic. We also work with you to optimize for partial data. Instead of trying to track every visitor, you focus on the quality of the data you do collect and use it to make smarter, faster decisions. If you are ready to build a compliant, growth-focused measurement strategy, get in touch with our team.
talk to a GA4 and cookie compliance partner in Belgium
Getting GA4 compliance right is not a one-time project. Privacy regulations evolve, browser technologies change, and your business needs shift over time. You need a partner who understands both the legal requirements and the technical implementation, and who can adapt your analytics setup as conditions change. At 6th Man Digital, we specialize in helping Belgian businesses navigate the intersection of data-driven marketing and privacy law. We are not lawyers, but we work closely with legal advisors and data protection experts to ensure our implementations meet current standards.
Whether you are setting up GA4 for the first time, migrating from Universal Analytics, or fixing a broken consent implementation, we can help. We audit your current setup, identify compliance gaps, and build a roadmap to get you where you need to be. We implement the technical changes in Google Tag Manager, configure Consent Mode V2, integrate with your consent banner, and test everything to make sure it works. We also train your team on how to use GA4 effectively with partial data and how to interpret reports when a large share of your audience declines cookies.
how 6th man can help you stay compliant and data driven
Our services go beyond GA4 implementation. We design full-stack measurement strategies that combine analytics, CRM data, server-side tracking, and privacy-first tools to give you a complete view of your marketing performance. We work as an embedded team, not a traditional agency. That means we integrate with your existing processes, use your tools, and move fast without the overhead of account managers and junior staff. You get senior-level expertise on demand, with transparent pricing and no hidden costs.
We have worked with B2B SaaS companies, e-commerce stores, and service businesses across Belgium to build compliant, high-performing analytics setups. We know the challenges you face, from high cookie opt-out rates to unclear regulatory guidance to the pressure to deliver ROI on every marketing euro. Our approach is pragmatic, not dogmatic. We help you find the right balance between compliance and growth, and we give you the tools and knowledge to maintain that balance as your business scales. If you want to understand clearly does GA4 require cookies for your specific situation and turn compliance into a competitive advantage, visit our how we work page or contact us to start the conversation.
.jpeg){kind=small}