Ask AI
How can we help? 👋

Cookie banner consent levels & the Google Tag Manager (GTM)

Introduction

This article outlines cookie consent levels for the Peppered Platform and their integration with Google Tag Manager (GTM). It details four consent levels: undefined, default, limited, and all, and explains how to configure GTM based on these levels using the Data Layer variable "cookieConsent". It emphasizes the need for separate triggers for limited and all cookie usage, and highlights compliance with GDPR by ensuring third-party content is only embedded according to the appropriate consent levels.

Cookie Consent

There are a couple of Cookie consent options:

  1. undefined: the user did not supply a level of consent
  1. default: only cookies required for the Peppered Platform website to function
  1. limited: some cookies are allowed, for embedded content and anonymous statistics
  1. all: all cookies, including ad-tracking etc. are allowed

Setting up Google TagManager

In levels 2 and 3 we load the Google TagManager*. The two levels can be differentiated in TagManager by using the Data Layer (version 2) variable "cookieConsent". It will have the value of either "limited" or "all".

🚧
Take note! There is a setting called "load TagManager always" in Control panel > Tagmanager to enable the Tagmanager anyway, regardless of Cookie consent option.

If you want to add tags that require consent for "all" cookies, e.g. if you want to retarget, you will need to split your tags by trigger.

First, set up the variable by adding a new user-defined variable (type "data layer variable", name "cookieConsent", version "Version 2").

You can set a default value here to "limited" (since the TagManager does not work at all unless the consent level is "limited").

In triggers, you will have to set up (at least) two triggers:

  1. Page Views with limited cookies
  1. Page Views with all cookies

The first (limited) can be used for all tags where the visitor remains anonymous. In most cases, basic Google Analytics and E-commerce tracking should fit this level of consent.

The second trigger can be used for all tags that go further than that, like Google Adwords.

Also note that third party tags like chat plugins usually do extensive tracking and profiling of visitors and should only be loaded when consent is given to "all" cookies.


Third party content on your Website 

Some content fields in the Dashboard already take consent levels into consideration.

To comply with GDPR rules, only embed third party content via the designated "primary video URL", "secondary video URL" field and iFrame parts. This guarantees the third party content will only be shown (and only third party cookies will be used) in cookie consent level 2 and higher.

  • Note that this option is not suitable for embedded content with third party tracking cookies, since that would require a level 3 consent.
  • Also note that any third party content embedded via any general text/HTML editor cannot be blocked in the cookie settings and will violate GDPR rules when the third party uses cookies.

Related pages

Did this answer your question?
😞
😐
🤩