Cookies | Consent | Privacy | Google
Tristan Terlouw
Junior Digital marketeer
Consent and Preference
Tristan Terlouw
Digital Marketing Strategy Nixon
Google Tag manager, better known as GTM is an excellent tool for marketeers and developers. It allows you to deploy scripts and tags on your websites and change them at any time, without having to touch any code. Some scripts may use third-party cookies on the browser of your visitors, raising privacy concerns. In this blog post you will learn how Google Tag manager uses cookies and how you can comply with GTM for privacy regulations like GDPR and CCPA for cookies.
Google Tag Manager (GTM) is a tag management system that helps you to easily manage tags and trackers on your websites without having to directly modify the code.
Websites have many different types of code running in the background. Sometimes code is used to track how visitors interact with websites, for example by monitoring page time and clicks. GTM helps by allowing you to add and manage these types of tags from a single dashboard.
With Google Tag Manager, you can create new tags, remove old ones, and enable them in your website or applications.
In short, Google Tag Manager lets you;
You can use Google Tag Manager to;
By default, Google Tag Manager does not use cookies. Nonetheless, it does enable tags for third-party scripts that may set cookies on users’ devices. Google Tag Manager reads the value of first-party cookies set by your website, but it does not read the value of third-party cookies.
Although GTM does not set cookies, there is one case where it does. When you enable its preview and debug mode, it sets first-party cookies on the website being previewed. These first-party cookies are needed for your preview mode to work, to show what is happening on your website and what tags are firing. Only administrators or users using preview mode will receive these cookies; when you are finished previewing, Google Tag Manager will delete these cookies.
Google Tag Manager allows you to use tags across 5 related (sub)domains with a single installation in a GDPR-compliant way. It gives you control and insights over the data that is sent to your websites, so you have transparency over what data is being collected.
It can gather data about tags firing to monitor, inform, and improve the quality of GTM. However, GTM does not collect, store, or share any personally identifiable information (PII) about its users, except for HTTP request logs which are deleted after 14 days. It also does not use tracking technologies such as cookies.
But let us say that you are interested in using Google Analytics 4 or other web analytics tools through GTM. You will need to update your privacy policy and get permission if these tools gather personal information from visitors.
First-party and third-party cookies do have somewhat the same purpose, they track user actions. Cookies can also be categorized. Some of them are vital for your website to function properly, while other categories ensure additional features of websites are accessible.
Did you know that there are cookies that are impossible to opt-out of? These cookies are called necessary cookies, and there is not much a user can do if he does not want them to be active on your website.
Strictly Necessary cookies are necessary for your website to provide simple functions. Such functions include the ability to sign in, add items to a shopping cart, or buy your favourite items online.
Essential cookies are usually first-party cookies and allow users to move between websites without losing their previous actions.
It is also important to know that necessary cookies do not require consent, most cookie laws, including the GDPR, allow necessary cookies to exempt from colleting consent before performing their actions.
Performance cookies monitor website performance and follow actions from users but do not collect identifiable information, performance cookies collect data anonymously and use it to improve the website. These cookies can count page visits, examine how much a button is pressed, as well as measuring the loading speed to improve website performance.
Performance cookies are perceived as first-party cookies, but they can also be classified as third-party cookies. Therefore, third parties may place cookies on a user’s device through a website in order to determine the best location to serve personalised ads.
Functional cookies are used to improve performance of a website without certain functions. Therefore, these cookies are not vital for a website to run, but they allow users to remember preferences and settings.
Google Tag Manager has features that help you manage how tags behave in response to user consent. With Google Consent Mode, you can control how tags behave, including which tags are being fired on a webpage and which tags do not, depending on whether the user has given consent for your website.
The Consent Initialisation trigger in Tag Manager ensures that consent settings are executed before tags fire in response to other triggers. This trigger can be used with third-party vendors that integrate with GTM’s consent management capabilities. Each web container includes a Consent Initialisation – All Pages trigger by default, which you can select to fire any tags that require it.
When you are using Google Tag Manager on your website to use tags that uses cookies, you can use the following checklist to stay privacy compliant.
One of the most important things to consider is to automatically block all third-party and non-essential cookies on a user’s first visit to your website. You can do this using a Consent Management Platform. However, when you are using GTM, tags can fire before the CMP can block these cookies. For this reason, you should use a CMP that allows you to take advantage of all the features of the GTM without compromising the privacy of the user.
It can be difficult to ensure that your Consent Management Platform is correctly implemented across your dynamic digital portfolio. With the OneTrust CMP combined with the Nixon platform, you can be confident that the CMP is implemented correctly. Nixon Digital specialists are experts and can fully implement the OneTrust CMP on your sites. If you choose the full implementation, you will get the following:
Learn how to make Google Fonts GDPR-Compliant and protect your website’s privacy. Discover the implications of using Google Fonts and how it may affect your website performance and customer trust.
Companies face the challenge of meeting GDPR requirements every day. GDPR is based on 7 fundamental principles. In this blog, you’ll learn what each principle means.
In this blog post, we will discuss the benefits of automating website portfolio auditing. First, we will explain what auditing is. Then, we will explain why you should automate auditing.
