The regulatory aspect
To collect personal identifiable information (PII) from visitors to your website/mobile application, you must obtain their consent.
The use of Google Tag Manager does not require consent per se. However, when connected to tools such as Google Analytics 4 or Google Ads, Google Tag Manager must obtain visitors’ consent before sending PII.
In this context, Google Tag Manager helps you in:
- obtaining visitor consent
- triggering tags only when consent is obtained
In short, either you have visitor consent and send data to marketing platforms, or you don’t have consent and don’t send any data at all.
What is Consent Mode ?
Consent Mode has been introduced in Google Tag Manager to provide a hybrid solution for sending not PII without consent and PII with consent.
Tags compatible with Consent Mode are:
- Google Analytics
- Google Ads (conversion tracking and remarketing)
- Conversion Linker
You need to use a CMP (Consent Management Platform) in addition to Google Tag Manager to collect your visitors’ consent and take full advantage of Consent Mode.
How does Google Consent Mode work?
sequenceDiagram actor Visitor participant Google Tag Manager participant CMP participant Google Tools Visitor-->Google Tag Manager: Denied consent by default Visitor-->>Google Tag Manager: I land on the website CMP-->>Google Tag Manager: Consent is denied Google Tag Manager-->>Google Tools: Not PII Visitor-->>CMP: I give my consent CMP-->>Google Tag Manager: Consentement is granted Google Tag Manager-->>Google Tools: PII
The tags’ behavior
When consent is denied, Google tags send pings (a term used to refer to a request without consent to Google tools) concerning:
- consent status for Google Ads and Floodlight
- conversions for Google Ads
- events for Google Analytics
According to Google, the information transmitted is not PII (i.e. it does not identify any individual).
It is therefore not possible for a tag that has not obtained consent to read or deposit cookies in the visitor’s browser.