Implementing cookie consent with Google Tag Manager and Cookiebot CMP

Note

This article is based on information as of January 2021. Please take a look at the official website for the latest updates.

With GDPR compliance becoming mandatory, many people might wonder, "What exactly should I do?" It's challenging to determine when to stop tags like Google Analytics, Google Ads, or Facebook Ads from firing, and under what conditions it's acceptable for them to fire. Implementing everything from scratch can be quite daunting.

In this article, we'll simplify the process and introduce a method to handle the bare minimum requirements using Google Tag Manager and Cookiebot to obtain cookie consent and manage actions based on user responses.

What is Cookiebot?

Cookiebot is a service designed to comply with GDPR and CCPA regulations. It displays a popup to visitors, allowing them to control which cookies can be collected and automatically manages what can be captured based on their preferences.

The pricing varies based on the size of your site, starting with a free plan for up to 100 pages and €9/month for up to 500 pages (as of April 2021). Choose a plan that suits your website's needs.

Getting Started with an Account

First, register on the Cookiebot website and obtain a key. This key will be used later, so make sure to save it.

Creating the Cookiebot CMP Tag

Next, we’ll set up the Cookie Consent popup tag, "Cookiebot CMP," in Google Tag Manager.

1. In Google Tag Manager, navigate to the Tags menu and select Create New.

2. Import the tag template and select "Cookiebot CMP."

   

3. Enter the key you obtained from Cookiebot into the "Cookiebot ID" field.

4. Set the trigger to "All Pages" and save the tag.

   

Creating the Cookie Consent Variable

Now, let’s create a variable.

1. In Google Tag Manager, go to the Variables menu and select Create New.

2. Import the "Cookiebot Consent State" template (be careful not to select similarly named templates).

   

3. Name the variable "Cookie Consent" and save it.

   

Creating Triggers to Prevent Tag Firing

Next, triggers should be created to control whether marketing and analytics tags fire.

Creating a Trigger for Blocking Marketing Tags

Create a trigger named "Cookie Consent Marketing – blocking":

• Trigger Name: Cookie Consent Marketing – blocking

• Trigger Type: Custom Event

• Event Name: .* (check "Use regex matching")

• Condition: Cookie Consent does not contain "marketing"

  

Creating a Trigger for Blocking Analytics Tags

Create a trigger named "Cookie Consent Statistics – blocking":

• Trigger Name: Cookie Consent Statistics – blocking

• Trigger Type: Custom Event

• Event Name: .* (check "Use regex matching")

• Condition: Cookie Consent does not contain "statistics"

  

Updating Marketing Tags

Modify the triggers for tags like Google Analytics, Google Ads, and Facebook Ads.

1. For all Google Analytics tags, add the "Cookie Consent Statistics – blocking" trigger under the Exception section.

   

2. Similarly, for Google Ads, Facebook Ads, and other marketing tags, add the "Cookie Consent Marketing – blocking" trigger as an exception.

Finally, publish the workspace in Tag Manager.

When you visit the target site, a popup will appear, and tags will not fire based on the user's selections.

For instance, if you deselect all checkboxes except for "Necessary" and click OK, the "CookieConsent" value for cookies will reflect as false:

While it’s possible to develop or outsource a custom solution for GDPR and CCPA compliance, this can be expensive. Moreover, future changes in regulations might require additional updates. Using a service like Cookiebot is a practical way to mitigate risks effectively.