Using Google Consent Mode to Adjust Tag Behavior Based on Consent

Using Google Consent Mode to Adjust Tag Behavior Based on Consent

Note

For information on Google Additional Consent, see Using Google Additional Consent.

Google Consent Mode allows you to adjust how your Google tags behave based on the consent given or not given by your users through OneTrust Cookie Consent. You can indicate whether consent has been granted for Analytics and/or Ads cookies and Google's tags will dynamically adapt by only utilizing cookies for the specified purposes or cookie categories. This is an alternative to script blocking.

Google Products that support consent mode are:

• Google Ads - this includes Google Ads Conversion Tracking and Re-marketing, support for Phone Conversions is pending

• Floodlight

• Google Analytics

When Consent Mode is enabled, it will adjust the behavior of these types of pings.

• Consent status pings - Consent status pings are sent from each page the user visits where consent mode is implemented, as well as if the consent changes (e.g., if the user opts in). These pings communicate the consent state (i.e. granted or denied) for each consent type (e.g. ad storage, analytics storage).

• Conversion pings - Conversion pings are sent to indicate that a conversion has occurred.

• Google Analytics pings - Google Analytics pings are sent on each page of a website where Google Analytics is implemented and upon events being logged.

 

Google Consent Mode

Note

Google Consent Mode cannot be used when using TCF 2.0.

To adjust your tags' behavior relative to consent, use the gtag('consent') API:

gtag('consent', '<consent_command>', {<consent_type_settings>});

where <consent_command> is one of:

• 'default' - Used to set the default consent settings that apply to a page.

  Note

  You will need to set the default for the consent type keys directly on all pages.

• 'update' - Used to update existing consent settings. This command will be used after a user grants consent via the OneTrust Cookie Consent application.

  Note

  When Google Consent Mode is configured through Cookie Consent, the script will handle the update to the consent type keys based on the user consent.

and <consent_type_settings> is an object that defines which consent types are 'denied' or 'granted'. For example:

gtag('consent', 'default', {  // Deny consent for ad_storage   'ad_storage': 'denied',  // Grant consent for analytics_storage  'analytics_storage': 'granted'});

Adjust Default Tag Behavior

The gtag('consent') API supports configuring <consent_type_settings> to adjust the behavior of Google tags on your site:

gtag('consent', 'default', <consent_type_settings>);

Key	Value	Default	Description
analytics_storage	'denied' | 'granted'	'granted'	Controls whether your tags will use cookies related to analytics.
ad_storage	'denied' | 'granted'	'granted'	Controls whether your tags will use cookies related to advertising.
functionality_storage	'denied' | 'granted'	'granted'	Controls whether your tags will use cookies related to functionality.
personalization_storage	'denied' | 'granted'	'granted'	Controls whether your tags will use cookies related to personalization.
security_storage	'denied' | 'granted'	'granted'	Controls whether your tags will use cookies related to security.

 

For example, to tell your Google tags not to use cookies for advertising or analytics, set the consent type to 'denied' in a 'default' command above your gtag.js or Tag Manager container snippet:

// Require consent for ad storage and analytics storage.gtag('consent', 'default', {  'ad_storage': 'denied',  'analytics_storage': 'denied'});

The gtag('consent') API requires that dataLayer and gtag are defined. Ensure that dataLayer and gtag() are defined in your code before gtag('consent') is called.

If you call gtag('consent') prior to loading your gtag.js snippet, add this above your first gtag('consent') call.

window.dataLayer = window.dataLayer || [];function gtag(){dataLayer.push(arguments);}

Alternatively, you can include all of your default consent settings within your gtag.js snippet directly above gtag('js', new Date());.

Note

Settings configured with the gtag('consent') API will apply to the current page, but will not automatically persist on subsequent pages. To ensure your tags behave as you expect, call the gtag('consent', 'default') command above your gtag.js or Tag Manager container snippet on every page of your site. Additionally, ensure that your gtag.js or Google Tag Manager and OneTrust Cookie Consent CDN implementation is deployed across all pages on your site and that you are calling the relevant consent settings on every page.

Important

GCM integrates with Universal Analytics directly and not GA4. GA4 uses properties sent by Universal Analytics.

For more information, please see Google's documentation on Consent Mode behavior here.

 

 

Updating Tag Behavior

In the event that your user's consent changes (e.g. after the user gives consent or updates consent), you can tell your tags to update their behavior. For example, if the user grants permission to use advertising cookies after you had previously called gtag('consent', 'default', {'ad_storage': 'denied'}) , you can update the value of the associated consent type to 'granted'. This can be configured through the OneTrust admin console and update commands will be sent when a user updates consent through the OneTrust CDN.

gtag('consent', 'update', {'ad_storage': 'granted'});

When your Google tags receive a gtag('consent', 'update') command that grants a previously denied consent type, they will adjust their subsequent behavior on the current page and may send additional requests with information about the consent state to help improve your data.

 

Implementing with OneTrust Cookie Consent

Include the following lines to define the gtag() function when calling this code prior to your gtag.js

Call the default command before gtag.js or Tag Manager runs to adjust how the tags operate when they run. Modify the defaults per your business requirements and prior consent granted/denied, e.g.:

<script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} 
gtag('consent', 'default', {  // Deny consent for ad_storage   'ad_storage': 'denied',  // Deny consent for analytics_storage  'analytics_storage': 'denied'})
</script>

1. On the Cookie Consent menu, select Geolocation Rules. The Geolocation Rule Groups screen appears.

   

2. Select a geolocation rule group from the list. The Geolocation Rule Group screen appears.

3. Select a rule to configure.

4. Click the Edit icon in the rule header to configure the rule.

5. Enable the Google Consent Mode integration.

6. By default, the Performance category will be associated with analytics_storage and the Targeting category will be associated with ad_storage. You can change categories to associate with each consent key setting and save the settings for the Geolocation Rule.

7. Once Google Consent Mode and all other configurations are ready, publish the domain script.

8. Ensure you have implemented the gtag arguments for the default consent type settings across the domain on all pages.  Remember that the default settings must be called before Google Tags or OneTrust loads.

   Note

   The order of the code here is vital.  If your consent code is called out of order, your consent defaults will not work.

   1. Load the global site tag. This is your default snippet code. The default snippet should be updated to include a call to gtag('consent', 'default', ...). If you don't set any defaults, all tagging functionality will be enabled by default.

   2. Load OneTrust.

9. The OneTrust script will handle the update commands to the consent type settings in line with the configurations in the geolocation rules based on the user's consent.

Note

Make sure that any Google Ads, Google Analytics or Floodlight tags are not blocked via Autoblocking. Remember that Google Consent Mode is an alternative to blocking methods. If Autoblocking or manually blocking is applied, it will render Google Consent Mode futile. You can disable Autoblocking through the publish panel or remove the sources through any Google Ads, Google Analytics or Floodlight cookies.

 

Example GCM Integration Default Settings

Using Global Site Tag

<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-XXXXXX"></script>
<script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}

  // Default ad_storage to 'denied'.
  gtag('consent', 'default', {
    'ad_storage': 'denied', 
'wait_for_update': 500

  });

  gtag('js', new Date());
  gtag('config', 'G-XXXXXX');
</script>

<!-- OneTrust Cookies Consent Notice start -->

<script src="https://cdn.cookielaw.org/scripttemplates/otSDKStub.js"  type="text/javascript" charset="UTF-8" data-domain-script="XXXXXX" ></script>
<script type="text/javascript">
function OptanonWrapper() { }
</script>
<!-- OneTrust Cookies Consent Notice end -->

Using Tag Manager

<script>
  // Define dataLayer and the gtag function.
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}

  // Default ad_storage to 'denied'.
  gtag('consent', 'default', {
    'ad_storage': 'denied',
'wait_for_update': 500

  });
</script>

<!-- Google Tag Manager -->
<script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
})(window,document,'script','dataLayer','GTM-XXXXXX');</script>
<!-- End Google Tag Manager -->

<!-- OneTrust Cookies Consent Notice start -->

<script src="https://cdn.cookielaw.org/scripttemplates/otSDKStub.js"  type="text/javascript" charset="UTF-8" data-domain-script="XXXXXX" ></script>
<script type="text/javascript">
function OptanonWrapper() { }
</script>
<!-- OneTrust Cookies Consent Notice end -->

 

Advanced Configuration

 

作者:Chuck Lu    GitHub