The recent changes in privacy requirements made it strictly necessary for websites to receive user consent for using cookies and tracking scripts related to advertising or analytics. To help website owners comply with these requirements, Google has introduced Consent Mode. Using Consent Mode in web GTM, you can adapt tags behavior based on user consent. 

In this guide, we want to talk about consent mode, why it’s crucial to implement it, and how to use consent mode in the server Google Tag Manager container. 

GDPR and CookiesCopy link to this section

Privacy regulations, mainly European Union's GDPR and California Consumer Privacy Act, restrict websites from collecting data about website visitors without their consent. Users can choose whether or not sites can gather information and use cookies using cookie banners. 

Cookies can be differentiated by the purpose: 

• Strictly necessary cookies - there is no need to obtain user consent for this type of cookie since these are necessary for websites to work correctly. They usually have 1st party concept.
• Preferences cookies - These types of cookies allow websites to remember system preferences that users previously set. It can be product cart, language, location, etc. Consent is required.
• Statistics cookies - are usually aggregated anonymized cookies that help improve website performance. Usually, it tracks what pages users clicked, and pages visited, etc. Consent is required.
• Marketing cookies - used to collect personal information to deliver more relevant personalized ads. In most cases, these are 3rd party cookies. Consent is required.

There is also a list of requirements on how cookie banners should look and what information contain. Below is the list of crucial GDPR requirements for cookie banners, but some countries have their own requirement as well: 

• Provide clear information using non-technical language on what data each cookie collects and how it is used.
• Store and log consent received from users.
• Allow users to interact with the site even if they do not allow cookies or didn’t select anything on a cookie banner.
• Allow users to withdraw their consent.
• Do not use cookies or collect data unless the user is allowed to.

Consent mode in web GTMCopy link to this section

Google introduced a Consent Mode in the web Google Tag Manager container. Consent mode is a new setting in the web GTM tags that allows managing statistics and marketing cookies. This setting helps respect user decisions and customize tags behavior based on the consent status. 

When implementing consent mode in Google Tag Manager, you might want to trigger consent settings only in countries or regions where consent is required. This will help track a higher percentage of users who visit your site. 

There are some tags with built-in consent checks. These are primarily Google’s Tags like Google Ads, Google Analytics, Floodlight, Conversion Linker. Setting up consent settings is more straightforward for these tags, while tags without consent require additional configuration.

Web GTM only is not enough to set up consent mode. You will also need a Consent Management Platform. The primary purpose of CMP is to show a cookie banner on your site. Most Consent Management Platforms can integrate with Consent Mode in the Google Tag Manager. Google has a list of CMPs that can combine with the consent mode. Some CMPs created tags for the web GTM, making integration way easier. Each CMP has its documentation on integrating GTM consent mode. I highly recommend configuring consent mode based on their instructions. 

How to configure consent mode in the server GTMCopy link to this section

Server GTM doesn't yet have a Consent Mode similar to web GTM. If you want to implement consent mode for the server Google Tag Manager, it’s necessary to implement consent mode in web GTM first. This guide will use a cookiebot CMP as an example since we use it for stape. 

1. The first step is to enable a consent overview in the web GTM container settings.  

2. Add your Consent Management Platform tag to the web GTM container. This tag should trigger Consent initialization - All pages. You may want to modify the Default Consent State for each type of cookie.

3. In most cases, there is no need to configure any additional changes for tags like Google Ads, Analytics, Floodlight, and Conversion Linker because they have built-in consent checks. But I highly recommend checking your CMP documentation on setting up consent mode for Google Products since it may vary.

On the other side, you need to configure additional settings for the tags that do not have a built-in consent check. I will use the Facebook pixel as an example.

4. When a user allows cookies, our CMPs send a custom event cookie_consent_update. I will remove the existing "all pageviews" trigger and replace it with the custom event cookie_consent_update to trigger the Facebook pageview tag.

5. Update trigger for all your tags. To see the consent setting for all of them, you might want to open Consent Overview in the web GTM. 

6. Once you’ve set up consent mode for GA and FB tags in web GTM, you need to ensure that server GTM tags trigger only when consent is granted. There are two ways how to use consent mode in sGTM:

• Using custom events that CMP sends to the dataLayer. (recommend using this method)
• Using GA parameters that determine consent state.

7. First, let me show how to set up consent mode in sGTM using a custom event. Create a new UA or GA4 tag that sends an event consent granted to the sGTM. It should trigger on a custom event cookie_consent_update (in my case). 

8. In server GTM, modify the trigger for the Facebook pageview tag. In my case, it’s a custom event cookie_cosent_update claimed by the GA4 client. 

9. This section shows how to set up consent mode in sGTM using the GA4 consent state parameter GCS. The value of the GCS parameter depends on user consent:  

• gcs=G100 means consent not granted
• gcs=G111 means consent granted

Create a new event data variable in the sGTM container that captures the GSC parameter. 

10. Create a trigger for the page_view Facebook Conversion API tag in the sGTM container. I will trigger the FB CAPI pageview tag when the client name equals GA4, the event name is page_view, and GSC equals G111. 

From my experience, this method is less reliable than using the custom events in the web GTM. When a user lands on the page the first time, GA sees that consent is not granted, and FB pageview is not triggered. If a user stays on the same page and allows cookies, GA won't send updated GSC value. Thus, GA and FB tags in sGTM won’t fire, and you will miss some page view events. 

11. The last step would be to test the sGTM consent mode in the preview mode and publish the container if everything is correct. 

Conclusion:Copy link to this section

While consent mode in web GTM is a good step by Google, it’s only the start of what needs to be done to have a good privacy and consent framework on your website. There are several ways to use consent mode in the server Google Tag Manager, but unfortunately, sGTM does not have a built-in consent mode yet, making this process more time-consuming.  

Contact us if you want help getting started or need assistance setting-up server-side tracking for your business. We’re experts in online advertising and can help you stay ahead of the curve in 2022 and beyond.