If you run Amazon Ads with EEA or UK traffic, you are required to send a valid consent signal to Amazon before transmitting any personal data. Here is what that means, where it comes from officially, and what you need in place.
You have a cookie consent banner on your site. Your visitors see it, some accept, some decline. But does Amazon Ads actually know about those choices? Unless you have specifically configured a consent signal for Amazon, almost certainly not — and that is a compliance and campaign performance problem.
Amazon Ads operates its own consent framework, officially called the Amazon Consent Signal (ACS). You will also see it referred to informally as "Amazon Consent Mode", by analogy with Google's equivalent. The requirement exists because Amazon's advertising services process personal data on behalf of advertisers — and under GDPR and the ePrivacy Directive, that processing requires valid, documented user consent for EEA and UK users.
This article explains what Amazon's official policy requires, how ACS works based on available documentation, how it differs from Google Consent Mode, and what you need to put in place. Where specific technical details could not be confirmed directly from Amazon's own public documentation, this is explicitly flagged.
Who Needs to Read This?
Advertisers using Amazon Ads (Sponsored Products, Sponsored Brands, Amazon DSP, Display Ads, Amazon Attribution) with EEA or UK traffic
Publishers and third-party data providers transmitting audience data to Amazon Ads on behalf of advertisers
Privacy and compliance teams verifying GDPR coverage across all ad platforms, not just Google
Marketing teams troubleshooting Amazon campaign performance issues tied to consent gaps
Not in scope: If you run Amazon Ads targeting only US audiences with no EEA or UK traffic, Amazon's consent signal requirement does not currently apply to those campaigns.
What Amazon's Official Policy Requires
Amazon's own policy page — Sending Personal Information to Amazon Ads & Amazon Consent Signal requirements — states the following directly:
"If you transmit or make available to Amazon Ads any personal information in connection with your use of any Amazon advertising services, you must either use (i) the IAB European Transparency & Consent Framework (TCF) signal(s), or (ii) Amazon Consent Signal, to communicate your UK and EEA users' privacy choices to Amazon Ads."
That same policy page specifies that advertisers must:
Publish a clear and transparent privacy policy that meets applicable legal requirements including GDPR
Collect individuals' affirmative opt-in consent for Amazon to process their personal information and use cookies or similar technology for advertising
Allow individuals to withdraw consent at any time
Keep records of consent and opt-out choices and provide Amazon with access to those records upon request
Not pass personally identifiable information (names, email addresses, phone numbers) to Amazon
Not pass personal information collected from children under 13
Not pass sensitive personal information (financial status, health or medical information)
Amazon's EU data protection page confirms that Amazon Ads is a registered vendor on the IAB Europe Transparency & Consent Framework (TCF), and that third-party publishers adhering to TCF v2.0 allow users to consent to or object to receiving interest-based ads from Amazon.
In plain terms: you have two compliant options — implement IAB TCF via a compatible CMP, or implement Amazon's own Amazon Consent Signal. A CMP that supports neither means you are transmitting EEA/UK user data to Amazon without a valid consent mechanism.
What Is Amazon Consent Signal?
Amazon Consent Signal (ACS) is Amazon Ads' own consent communication framework — the alternative to IAB TCF for advertisers who want to use Amazon's proprietary format. It lets advertisers tell Amazon whether a given user has consented to having their personal data processed for advertising and whether advertising cookies may be read or written to their device.
Based on implementation documentation published by Amazon's certified CMP partners (including Usercentrics and Cookiebot, both of whom have integrated directly with Amazon), ACS communicates consent via a first-party cookie named amzn_consent, containing a structured JSON object that Amazon's tags read at request time.
Source note: The specific technical details below — parameter names, cookie format, and JSON structure — are sourced from CMP partner implementation documentation, not directly from an Amazon-published technical specification. Amazon's Advanced Tools Center documentation requires authentication and was not publicly accessible at the time of writing. These details are consistent across multiple independent CMP implementations and are included here as the best available technical reference, not as verified Amazon primary source material.
The Two Consent Parameters
ACS is built around two parameters:
Amazon Consent Signal parameters — as documented by Amazon CMP implementation partners | ||
Parameter | What it controls | Accepted values |
|---|---|---|
| Whether the user has consented to Amazon processing their personal data (such as advertising identifiers) for advertising purposes |
|
| Whether the user has consented to Amazon reading or writing advertising cookies or similar tracking technologies on their device |
|
Both parameters map to the Marketing consent category in a CMP. When a visitor grants Marketing consent, both are set to GRANTED. When they decline, both are set to DENIED.
The Country Code Requirement
ACS also requires an ISO 3166-2 country code alongside the consent parameters — for example DE for Germany, FR for France, GB for the United Kingdom. Your CMP must detect the visitor's country and include the correct code so Amazon can apply the appropriate regional compliance rules.
The amzn_consent Cookie
The signal is stored and transmitted as a first-party cookie. A typical cookie value looks like this:
amzn_consent={
"geo": { "countryCode": "DE" },
"amazonConsentFormat": {
"amznAdStorage": "GRANTED",
"amznUserData": "GRANTED"
},
"timestamp": "2025-06-15T09:42:11.000Z",
"version": "1"
}WAF note: Because the amzn_consent cookie value contains JSON, some Web Application Firewalls may flag or block it. If the cookie is not being set after CMP configuration, check your WAF rules and add an explicit exception for the amzn_consent cookie name.
Amazon Consent Signal vs. Google Consent Mode: Key Differences
Having Google Consent Mode v2 implemented does not satisfy your Amazon obligation. The two frameworks are entirely separate and must each be configured independently.
Amazon Consent Signal vs. Google Consent Mode v2 — comparison | ||
Amazon Consent Signal (ACS) | Google Consent Mode v2 (GCM v2) | |
|---|---|---|
Official name | Amazon Consent Signal | Google Consent Mode v2 |
How consent is transmitted | First-party cookie ( | JavaScript API calls via dataLayer ( |
Consent parameters |
|
|
Parameter values |
|
|
Country code | Required — ISO 3166-2 | Optional — via |
IAB TCF alternative accepted | Yes — TCF is explicitly accepted in Amazon's policy | Works alongside TCF but requires its own separate configuration |
Do they conflict? | No — both frameworks are independent and run simultaneously without conflict. | |
What Happens Without a Valid Consent Signal?
Amazon's own policy is explicit: if you transmit personal data from EEA or UK users to Amazon Ads without a valid TCF or ACS signal, you are in breach of Amazon's advertising policies. The policy states that if you discover personal data was shared in violation of these requirements, you must "cease processing and sharing that data immediately" and notify Amazon in writing.
Beyond policy consequences, the practical advertising impact is that Amazon cannot confirm valid consent exists for those users, which may restrict how their data is used for targeting, measurement, and attribution — reducing campaign reach and degrading conversion reporting for affected users.
There is also the underlying GDPR exposure: transmitting personal data of EEA/UK users to any ad platform without a documented consent basis is a potential regulatory violation independent of what Amazon enforces technically.
How Amazon Consent Signal Works With a CMP
The correct flow for ACS with a consent management platform is:
A visitor arrives on your page and is shown the consent banner by your CMP.
The visitor makes a consent choice — accepting, rejecting, or customising their marketing preferences.
The CMP writes the
amzn_consentcookie with the correct parameter values, the visitor's country code, and a timestamp.Amazon's advertising tags read the cookie on the next ad request and apply the appropriate data handling rules.
The CMP logs consent evidence for audit purposes.
If the user returns later, the cookie persists within its expiry period. If they change their consent preferences, the CMP updates the cookie immediately to reflect the new state.
Secure Privacy and Amazon Consent Signal
Secure Privacy's Amazon Consent Signal integration is currently in development. When available, it will allow the same consent banner that drives your Google Consent Mode v2 signals to simultaneously write the correct amzn_consent cookie — with the right country code and consent values — removing the need to maintain separate integrations for each ad platform.
If you are a current Secure Privacy customer running Amazon Ads with EEA or UK traffic, contact our team to discuss your current compliance position and to be notified when ACS support is available.
Troubleshooting Amazon Consent Signal
The amzn_consent cookie is not being set
Most likely cause: a Web Application Firewall is blocking the cookie because its JSON value triggers a security rule. Add an explicit WAF exception for the amzn_consent cookie name. Also confirm that Amazon Advertising is added as a Marketing-category service inside your CMP settings and that the ACS integration is enabled.
The cookie shows DENIED even after the user accepts
Most likely cause: Amazon Advertising is not mapped to the Marketing consent category in your CMP, or the CMP is not triggering a cookie update after consent is granted. Verify the service mapping and confirm the consent-update event fires correctly on banner acceptance.
The country code is wrong or missing
Country code is a required field — an absent or incorrect value renders the signal invalid. Check that your CMP's geolocation feature is enabled and correctly detecting visitor countries for EEA and UK traffic.
Frequently Asked Questions
What is Amazon Consent Mode?
"Amazon Consent Mode" is the informal name for the Amazon Consent Signal (ACS) — Amazon Ads' framework for receiving user consent preferences from advertisers' websites. Amazon's official policy requires that any advertiser transmitting personal data from EEA or UK users to Amazon Ads must use either IAB TCF or ACS to communicate those users' privacy choices. ACS uses two parameters (amzn_user_data and amzn_ad_storage) transmitted via a first-party cookie called amzn_consent.
Is Amazon Consent Signal the same as Google Consent Mode?
No. They are entirely separate frameworks built for different ad ecosystems. Google Consent Mode v2 operates via JavaScript API calls and covers Google Ads, GA4, and related products. Amazon Consent Signal operates via a first-party cookie and covers Amazon Ads. Each must be implemented independently. Having GCM v2 in place does not satisfy your ACS obligation, and both can run simultaneously without conflict.
What are the two Amazon Consent Signal parameters?
The two ACS parameters are amzn_user_data (whether the user has consented to Amazon processing their personal data for advertising) and amzn_ad_storage (whether the user has consented to Amazon reading or writing advertising cookies on their device). Both accept GRANTED or DENIED and are transmitted inside the first-party amzn_consent cookie alongside an ISO 3166-2 country code.
Do I need Amazon Consent Signal if I already use IAB TCF?
No — Amazon's official policy explicitly accepts either IAB TCF or ACS. If your CMP generates a valid TCF consent string and passes it correctly to Amazon Ads, you satisfy the requirement through TCF. ACS is Amazon's alternative for advertisers not using a TCF-compliant CMP.
What does Amazon's policy actually say about EEA consent?
Amazon's official policy at advertising.amazon.com/resources/ad-policy/consent-signal-requirements states that any advertiser transmitting personal data to Amazon Ads in connection with advertising services must use either IAB TCF or Amazon Consent Signal to communicate UK and EEA users' privacy choices. It also requires advertisers to collect affirmative opt-in consent, maintain consent records, and allow users to withdraw consent at any time.
Can I implement Amazon Consent Signal without a CMP?
Technically yes — ACS can be implemented by manually writing the amzn_consent cookie with the correct JSON structure. However, this requires correctly detecting visitor country codes in real time, updating the cookie whenever consent changes, and maintaining consent records for audit purposes. A CMP with built-in ACS support handles all of this automatically and significantly reduces the risk of implementation errors.
Does Secure Privacy support Amazon Consent Signal?
Secure Privacy's Amazon Consent Signal integration is currently in development. Once available, it will allow the same consent banner driving your Google Consent Mode v2 signals to simultaneously write the correct amzn_consent cookie, covering both Google and Amazon from a single CMP configuration. Contact Secure Privacy to be notified when ACS support is released.