Uliana Lesiv
AuthorSetting up consent management is more important than ever, taking into account regulations like GDPR and CCPA. In this article, we will guide you through configuring consent management using Iubenda and Google Tag Manager (GTM). The setup includes the following steps, which we will describe in detail further in the article:
Besides the configuration process we will also highlight the benefits of server-side consent management, how it works and implementation options in Google Consent Mode V2.
Server-side tracking offers numerous benefits that make consent management easier:
Despite the common misconception, using server-side tracking doesn't mean you shouldn't ask for consent to collect website visitors' data. Just like with client-side tracking, you need to add a cookie banner asking for consent to gather data.
The consent management within the server Google Tag Manager (GTM) works the following way:
Basic Consent Mode
With this implementation option, user consent determines how data is handled. If users accept cookies, tags are triggered, and data is collected completely. If users decline, no data is collected, and cookieless pings are not sent. This approach is simple to implement but significantly restricts data collection when consent is denied.
Advanced Consent Mode
Advanced Consent Mode is a more flexible solution. The site can send anonymous, cookieless pings to Google even if users do not allow cookies. The anonymous pings allow data modeling, so that the website owners have a more complete picture of users' behavior.
Here is a list of our articles about consent. We have covered this topic extensively in other blog posts:
Despite Basic or Advanced implementation, you will need the following to complete the consent mode:
1.1 Open your project on Iubenda and click "Activate Privacy Controls & Cookie Solution." Go through the configuration process and adjust the settings according to your needs. Iubenda provides a detailed guide on cookie banner configuration.
1.2 Once configured, Iubenda cookie banner, add the code to your website, so the banner can display on the website. You can do it manually by inserting the code after the <head> tag or using the plugins for CMS.
Iubenda has an Automatic Blocking feature that can automatically restrict certain services until user consent is obtained. By default, it uses Advanced Consent Mode, where Google services are not entirely blocked upfront; their behavior is controlled through Consent Mode signals.
You can enable Basic Consent Mode by deselecting the option “Do not block Google’s services that adhere to Consent Mode.”
2.1 Add the Iubenda Privacy Controls and Cookie Solution tag from the template gallery and configure it:
For more details on tag setup and configuring a tag template for multilingual sites, check the Iubenda guide on Consent Mode setup.
| Please note: if you set up consent mode for tags other than Google Ads, Analytics, Floodlight, and Conversion Linker, add to the Privacy Controls and Cookie Solution script "emitGtmEvents":true parameter. |
2.2 Set up consent for tags without built-in consent checks (Google Ads, GA4, Floodlight, Conversion Linker).
In the tag under Consent Settings section, select “Require additional consent for tag to fire” and choose a purpose, in our case, it is "ad_storage". Check the complete list of consent types in Google’s documentation.
2.3 Add a trigger group for such tags.
The custom tag, which defines whether the consent was given, should have the following properties:
As a result, you should have a few triggers for the tag - one for consent status and another for firing the tag after the event happens.
For each step, we have detailed guides on the configuration process:
3.1 Check our guide on how to set up the server GTM container if you don't have one.
3.2 Configure a custom domain for your server GTM container on Stape. Once the custom domain is added, you need to configure the DNS record you see in the Stape admin in the container. Domain verification can take up to 72 hours.
3.3 Go to the server Google Tag Manager container settings and add a custom domain inside the server GTM.
3.4 Update the web GTM script on your website with the Custom Loader.
4.1 There are a few setup scenarios depending on whether you configured Google Analytics 4 inside your web GTM container, follow the steps from the guide below:
4.2 Set up consent settings.
GTM works with consent management platforms like Iubenda to modify tag behavior based on user consent. Google Tags, such as GA4, automatically adjust according to the user consent settings configured in the web GTM.
For advanced consent, GA4 will continue sending anonymized pings even if users do not consent to analytics cookies. To activate this option, update the Consent Settings in web GTM. No additional consent is required, and there’s no need for any additional configuration in the server GTM for advanced consent.
To limit all GA4 data collection without explicit consent, set the consent settings to Require additional consent in web GTM. Server-side GA4 will comply with the consent rules set in web GTM.
Server-side consent management platforms (such as Iubenda) offer a privacy-conscious approach to collecting and processing user data. Businesses can achieve higher data privacy and security by shifting consent logic to the server.
Whether implementing Basic or Advanced Consent Mode, integrating tools like Google Tag Manager and Iubenda CMP provides a flexible solution that adapts to users’ consent preferences and allows staying compliant.
Comments