uploadClickConversions with GCLID/WBRAID/GBRAID for invalid-traffic exclusion – how do consent flags affect conversion detection?

[Nasser Oudjidane]

Hi, 

I’m building an ad fraud protection tool that uses the Google Ads API and uploadClickConversions with GCLID / WBRAID / GBRAID to mark invalid traffic and then exclude those users via a user list built from a specific conversion action.

My upload looks like this (TypeScript / Node):

const res = await customer.conversionUploads.uploadClickConversions({

customer_id: conversionAccountId,

conversions: [

{

...(clidQueryParameterName === "GCLID" && { gclid: clid }),

...(clidQueryParameterName === "WBRAID" && { wbraid: clid }),

...(clidQueryParameterName === "GBRAID" && { gbraid: clid }),

conversion_action: conversionActionResourceName,

conversion_date_time: new Date()

.toISOString()

.replace("T", " ")

.replace("Z", "+00:00"),

// consent: {

// ad_user_data: enums.ConsentStatus.GRANTED,

// ad_personalization: enums.ConsentStatus.GRANTED,

// },

},

],

partial_failure: true,

validate_only: false,

toJSON: () => ({}),

});

The conversion action is configured as:

• Counting = Every (compatible with WBRAID/GBRAID),

• Goal = Secondary,

• “Don’t use a value” (only for invalid-traffic logic / exclusion, not bidding).

I then create a user list that includes users who have this conversion action (i.e. a conversion-based user list off this “Invalid Traffic” action) and exclude that list from campaigns.

When I upload a conversion (I omit the consent object for all of my requests), the API call returns success (no partial failures), but:

• I see far fewer conversions for this action in metrics than I’ve uploaded (e.g. in all_conversions), and

• The user list stays small, as if most of the uploaded conversions are not being detected/eligible.

My questions:

1. For uploadClickConversions with GCLID/WBRAID/GBRAID, what is the expected behavior if the consent object is:

   • not provided at all,

   • provided with ad_user_data = DENIED, or

   • provided with ad_personalization = DENIED?

   Specifically:

   • Will these conversions still appear in reports (e.g. all_conversions)?

   • Will they still be eligible to populate a conversion-based user list?

2. Is a conversion-based user list that is used only for exclusion (invalid traffic) still treated as “personalized advertising” and therefore requires ad_personalization = GRANTED?

3. Is the following pattern correct/allowed:

   • Only send identifiers and set ad_user_data + ad_personalization = GRANTED when I have ad personalization consent,

   • Never upload identifiers for users without such consent (so they never enter the user list),

   • And still expect conversions to be visible/usable where consent is granted?

4. When I omit the consent object completely, does Google infer consent state automatically from Consent Mode / other signals and silently treat some uploads as non-eligible (for reporting or user lists)? Or are such uploads supposed to behave the same as if consent were not restricted?

Right now uploads succeed (no explicit errors) but I see relatively few conversions and a small user list, so I’m trying to understand exactly how consent flags (or their absence) gate both conversion detection and user list filling. 

Thanks! 

[Google Ads API Forum Advisor]

Hi,

 

Thank you for reaching out to the Google Ads API support team.

 

Please find your answers for your questions below:

 

>> For uploadClickConversions with GCLID/WBRAID/GBRAID, what is the expected behavior if the consent object is:

 

If consent is missing for EEA users, then the consent value is determined as not consented. Data from unconsented EEA users won't be processed and cannot be used for ad personalization using Customer Match. See FAQs and updates to consent mode for more details. 

• Will these conversions still appear in reports (e.g. all_conversions)?

No, the conversion will not be reported in UI if you don't specify the consent. If consents are missing, then the consent value is determined as not consented. Data from unconsented EEA users will not be processed and cannot be used for ad personalization.

• Will they still be eligible to populate a conversion-based user list?

No, user lists are not eligible to populate. You can refer to the usage flow document which suggest to populate the consent field of customer_match_user_list_metadata in your OfflineUserDataJob request.

 

>>Is a conversion-based user list that is used only for exclusion (invalid traffic) still treated as “personalized advertising” and therefore requires ad_personalization = GRANTED?

 

 Yes, you need to pass the consent even when the user lists the user for exclusion. Only to remove user list requests, consent is not needed.

 

>> Is the following pattern correct/allowed:

 

Yes, the pattern you have provided is correct i.e setting the ad_user_data + ad_personalization = GRANTED for both the conversions and user lists.

 

>> When I omit the consent object completely, does Google infer consent state automatically from Consent Mode / other signals and silently treat some uploads as non-eligible (for reporting or user lists)? Or are such uploads supposed to behave the same as if consent were not restricted?

 

Yes, when you omit the consent object then those uploads are not eligible and not reported in the user list.

 

As your list size list is small, I would suggest to pass the consent parameter and refer to the help center.

 

Thanks,
 

Google Ads API Team

Feedback
How was our support today?

               
[2025-11-17 11:43:17Z GMT] This message is in relation to case "ref:!00D1U01174p.!500Ht01vTczS:ref" (ADR-00339498)

[Nasser Oudjidane]

Under GDPR Article 6(1)(f), we’re permitted to process data for the legitimate interest of fraud prevention and campaign efficiency. Since we are not using this data for personalization, retargeting, or profiling — but only for exclusion — we believe this does not require consent under EU law. Can you confirm why exclusion-only user lists are still treated as personalized advertising in Google Ads? 

[Google Ads API Forum Advisor]

Hi,

 

Customer Match is used to upload user lists (hashed PII) for both inclusion and exclusion. It states that consent signals must be provided when uploading this data.

 

Key Requirement: The Google Ads API requires specific consent fields to be set to GRANTED for users in the EEA/UK when uploading Customer Match data. The fields are: 

 

ad_user_data (Consent for sending user data to Google for advertising purposes).
ad_personalization (Consent for ad personalization).

 

When uploading hashed Personally Identifiable Information (PII) to Customer Match, consent for ad personalization is required, even if the list is used for exclusion purposes. I would recommend you to check this help center article How to provide consent for Customer Match for more information.

 

Thanks,
 

Google Ads API Team

Feedback
How was our support today?

               

[2025-11-17 17:03:30Z GMT] This message is in relation to case "ref:!00D1U01174p.!500Ht01vTczS:ref" (ADR-00339498)

[Nasser Oudjidane]

Thanks for the clarification.

Just to make sure I fully understand how this applies to our specific setup:

We are not using Customer Match or uploading hashed PII via OfflineUserDataJob. Our flow is:
– Detect invalid clicks
– Call uploadClickConversions with GCLID / WBRAID / GBRAID only
– Create a conversion-based user list from that “Invalid Traffic” conversion action
– Use that list only for exclusion, not for bidding, retargeting, or segmentation.

Can you please confirm explicitly that:

1.⁠ ⁠Conversion uploads with GCLID/WBRAID/GBRAID that do not include consent (or that reflect denied consent) for EEA/UK users will not be:
– reported in conversion metrics, and
– eligible to populate conversion-based user lists, even if those lists are used only as negative audiences (exclusions).

2.⁠ ⁠For this GCLID/WBRAID/GBRAID + conversion-based user-list flow, Google still treats exclusion-only usage as “ad personalization” and therefore requires ad_user_data and ad_personalization = GRANTED for EEA/UK users.

3.⁠ ⁠For users outside the EEA/UK, can you confirm whether these consent fields are required at all?
In other words, is this consent requirement only enforced for EEA/UK traffic, or is it enforced globally for conversion reporting and user-list population? 

[(Deprecated) Google Ads API and AdWords API Forum]

Hi,

If a ClickConversion is uploaded via the Google Ads API without the required consent signals, the conversion will not be used for ad measurement and will not be reported.

To keep using measurement, ad personalization, and remarketing features, you must collect consent for use of personal data from end users based in the EEA and share consent signals with Google. Please refer to this help center article: Updates to consent mode for traffic in the European Economic Area (EEA). "When a user denies consent, their data isn't used for measurement and ad personalization." For more information: Obtain user consent.

Thanks & Regards,

Google Ads API Support Team

[Nasser Oudjidane]

Hi,

Thank you for the clear explanation regarding EEA and UK traffic. I understand that for EEA/UK users, GRANTED is required for the data to be used.

However, my previous question regarding non-EEA traffic (e.g., US, Canada, Asia) was not explicitly addressed.

Could you please confirm the API behavior for the following scenario:

If we upload a ClickConversion for a user located outside the EEA/UK (e.g., a user in the United States) and we omit the consent object (or set it to UNSPECIFIED):

1. Will this conversion still be reported in metrics?

2. Will this user still be added to the conversion-based user list (for exclusion purposes)?

I need to confirm if the GRANTED signal is a global technical requirement for the API to process data, or if the API logic checks the GCLID's region and allows non-EEA data to be processed even when consent is UNSPECIFIED or missing. 

[Brian Broadbent]

I am also interested how non-EEA users are treated in regards to these consent fields, both for remarketing lists and conversion tracking?

Additionally, for conversion tracking only, if an advertiser is NOT consented into enhanced conversions for leads/offline leads, do these fields have to be provided for non-EEA users?

These are important questions by the original poster.

[Google Ads API Forum Advisor]

 

Hi,

 

Please note that as per the document about the queries regarding EU user consent policy, this policy applies to end users in the EEA, the UK and Switzerland. The policy does not apply if Google services were removed from the website/app for users in these countries. Based on this, I can say that consent fields are only required for the above-mentioned regions and are not required to be provided for non-EEA users. Additionally, you can refer to the Help Center article for more FAQs about the EU user consent policy for Customer Match upload partners.

 

I hope this clarifies your concern. Please feel free to reach out for any further concerns/ queries.

Thanks,
 

Google Ads API Team

Feedback
How was our support today?

               

[2025-11-24 03:22:47Z GMT] This message is in relation to case "ref:!00D1U01174p.!500Ht01vTczS:ref" (ADR-00339498)

[(Deprecated) Google Ads API and AdWords API Forum]

Hi,

Please find the answers below for your queries.

If we upload a ClickConversion for a user located outside the EEA/UK (e.g., a user in the United States) and we omit the consent object (or set it to UNSPECIFIED):

• No, you cannot omit the consent object irrespective of region (whether EEA/UK or outside the EEA/UK). That means you should populate the consent object when uploading the user data. That means the consent setting applies to all users. 

I need to confirm if the GRANTED signal is a global technical requirement for the API to process data, or if the API logic checks the GCLID's region and allows non-EEA data to be processed even when consent is UNSPECIFIED or missing. 

• For EEA users: For Customer Match lists to be used in EEA, both consent fields of ConsentStatus type must be set to “GRANTED” to indicate that you have received the required user consent.

• For users outside the EEA: Here the consent depends on availability (GRANTED, UNSPECIFIED, or DENIED). If the consent status is set to “UNSPECIFIED,” it will be treated as missing consent. If you set the consent status as DENIED, you will get an error.

As informed above, the consent setting applies to all users uploaded in a job, and advertisers should use separate jobs to upload users with different consent signals. This means if there are non-EEA and EEA user records in 1 job, and the consent status is sent as GRANTED, this GRANTED consent status is used for all records in that job.

Example: we have two jobs that update a single audience; the first sends identifiers with UNSPECIFIED consent, and the second sends identifiers with GRANTED consent.

In the example provided you would use two jobs—one for uploading users with UNSPECIFIED consent status for the ad_user_data and ad_personalization parameters and another job for users that have GRANTED consent status for the two consent parameters.

Thanks & Regards,

Google Ads API Support Team.

[Rezi Costa Bzishvili]

Thanks for the clarification. Just to confirm my understanding of the current behavior:

• The consent object has to be populated for all users (EEA and non-EEA).

• Conversions are only usable for reporting and user lists when ad_user_data and ad_personalization are GRANTED.

• If consent is UNSPECIFIED or missing, those uploads are treated as not consented and effectively dropped for measurement and lists.

Given that, my last question is a practical one: how are integrators expected to decide when to set GRANTED for a given GCLID/WBRAID/GBRAID?

For example:

• If our site already uses Consent Mode v2 and our CMP sets ad_user_data and ad_personalization, are we expected to copy those same values into the consent object of uploadClickConversions?

Or does Google use the Consent Mode state internally, and we should only upload when we see that consent is GRANTED on our side?

I just want to be sure we’re reading the right signals when deciding:

• non-EEA user with consent → upload with GRANTED,

• EEA user without consent → do not upload at all.

Clear guidance on this mapping would help a lot.

[Google Ads API Forum Advisor]

Hi,

 

With regard to your concern, let me check with the rest of our team, and one of our colleagues will reach out to you once we have an update.

 

Thanks,

 

Google Ads API Team

Feedback
How was our support today?

               

[2025-12-04 06:30:22Z GMT] This message is in relation to case "ref:!00D1U01174p.!500Ht01vTczS:ref" (ADR-00339498)