Websites using Google Tag Manager (GTM) can deploy Cookiebot by following these step-by-step instructions.
In this guide, we will show you how to:
- Implement the cookie consent banner
- Control cookie-setting tags
- Display the cookie declaration on a subpage
We assume that you've already created a GTM account, created a website container in GTM, and added the GTM container snippet to your website as required: https://support.google.com/tagmanager/answer/6103696
1. Implementing the cookie consent banner in GTM
First, obtain the Cookiebot CMP tag template from the Template Gallery.
The easiest way to do this is by clicking the Get Started button on the Consent Overview
You can find the Consent Overview by clicking on the icon on the Tags section.
If you don't see this icon, you can enable this function on the Admin tab, under Container Settings.
Check the "Enable consent overview" box under Additonal Settings and save your changes:
When you click the Get Started button, a pane will slide in from the right where the Cookiebot CMP template should be one of the featured CMP templates.
Alternatively, add a new tag and click the "Discover more tag types in the Community Template Gallery" item
Enter "Cookiebot" in the search field to find the Cookiebot CMP tag template
Select the "Cookiebot CMP" item and click the "Add to workspace" button.
Confirm by clicking "Add"
Next, create a new tag by clicking "New" ❯ "Tag Configuration" and select "Cookiebot CMP" from the list of standard tag types.
In the "Cookiebot ID" field, copy in the ID from the 'Your Scripts' tab under your account on cookiebot.com.
Choose "Consent initialization - All pages" as trigger and apply a name to your tag at the top of the configuration page, e.g. "Cookiebot". Click "Save" to create the tag.
This is what your tag configuration should look like (except for the value of the Cookiebot ID):
Make sure that you have registered and saved the domain name(s) of your website(s) in Cookiebot.
1.1 Defining the Google Consent Mode default consent state
The Cookiebot CMP tag registers default consent states for Consent Mode (detailed information can be reviewed here).
Under the collapsible configuration group ‘Default Consent State’ you can adjust which categories of cookies should be granted or denied before the end user submits consent.
Since most data protection legislations such as GDPR require so-called ‘prior consent’, the default setting is ‘Denied’ for all categories. The category ‘necessary’ (mapped to consent type security_storage) is by default set to ‘Allow’ and is not configurable, as it does not require consent.
GTM by default supports 5 different consent types that are automatically mapped by Cookiebot to the 4 categories used in Cookiebot CMP:
GTM Consent Type | Mapped Cookiebot Type | Description |
ad_storage | marketing | Enables storage (such as cookies) related to advertising |
analytics_storage | statistics | Enables storage (such as cookies) related to analytics e.g. visit duration |
functionality_storage | preferences | Enables storage that supports the functionality of the website or app e.g. language settings |
personalization_storage | preferences | Enables storage related to personalization e.g. video recommendations |
security_storage | necessary | Enables storage related to security such as authentication functionality, fraud prevention, and other user protection. Users will be informed about the specific storage purposes in the cookie declaration, but this type does not require consent from the end user. |
Google Tag Manager includes several features that work together with Cookiebot to help you manage how tags behave in response to the end user's consent choices.
Specific tags (such as Google Ads, Analytics, Floodlight and Conversion Linker) have built-in consent checks. This means that these tags include logic that automatically changes the tag's behavior based on the user's consent state. No consent configuration is needed for this type of tags*.
Tags which do not have built-in consent checks, which do utilize tracking, must be configured with additional consent checks. Opposed to tags with built-in consent checks, which load regardless of consent, tags configured with additional consent checks will not fire unless consent has been given for the corresponding storage category.
In the next section we will provide instructions to configure additional consent checks.
*It is important to note that because tags with built-in load regardless of consent, data will be transmitted to Google without explicit permission from the visitor. If this is of concern to you, it is recommended to configure tags with built-in consent with additional consent as well. That way the tag will not load prior consent.
2.1. Setting up Additional Consent Checks
- In your GTM container, create the following trigger, to be used in your GTM configuration:
Event Name: cookie_consent_update
Event Type: Custom Event
Fires On: All Custom Events
Your trigger should look similar to this: - Edit the consent settings for all tags that need to be configured with additional consent.
You can find these settings in the Tag Editor ❯ Advanced Settings ❯ Consent Settings (BETA).
Add all storage categories which the tag requires (see the scan report from Cookiebot if you are in doubt).
In this example the tag requires consent for ad_storage / marketing cookies: - To ensure the tag fires as soon as consent choices have been determined, either from a previous visit or from interaction with the banner the normal "All Pages" trigger will need to be replaced with the trigger which we created in the first step.
Here is an example with a Facebook Pixel tag, which with this setup only fires if the visitor has opted in on the required consent type:
For a complete view of the consent settings across all the tags in your container, you can enable the Consent Overview from your container settings:
There are additional methods, besides using Consent Mode, to ensure tags cannot load prior consent. Please see Alternative methods for conditionally loading tags for instructions.
<script id="CookieDeclaration" src="https://consent.cookiebot.com/00000000-0000-0000-0000-000000000000/cd.js" type="text/javascript"></script>
Additional resources
For instructions on how to make the cookie banner change language depending on which (language) part of your website a visitor navigates, please see Multilingual support when using GTM.
If you for any reason want to disable Consent Mode, please see Disabling Consent Mode.
When you implement Cookiebot using Google Tag Manager, Cookiebot will also be able to control tags which require consent and do not originate from Google Tag Manager, i.e. scripts, images and iframes inserted directly into your website template.
Such tags need to be marked up for 'prior consent' as described in our manual mark up guide. If you wish to combine the use of Google Tag Manager and automatic blocking, please see Google Tag Manager and Automatic cookie blocking.
See also our blog post: Google tag manager and GDPR
Comments
23 comments
Hello,
I maintains many wix website but this I followed the procedure but it does not work.
The cookies content banner does not appear. Why ?
Hello,
I have the same problem with drupal. I'm using manual blocking, is it correct?
Thank you
Hi Speralta
How did you implemented GTM in drupal? I have followed same steps described in this page.
And i could see JS variable "Cookiebot.consent" is set according user accept values and "dataLayer" event also triggering perfectly in all pages.
Does this means its working fine? How can i confirm that GTM works perfectly after user accepts statistics consent and GTM doesnt when user doesn't provide consent?
Hi,
I have been able to solve the problem, thank you very much.
I have followed these instructions, but when I open the website the Cookiebot banner displays and Google Analytics cookies are switched on by default rather than being switched off. What could be wrong?
Hello Peter.
I would advice you to submit a ticket with us with the specific issue, so we can perform some troubleshooting for your situation.
https://support.cookiebot.com/hc/en-us/
Hi,
following this approach and not the one described here https://support.cookiebot.com/hc/en-us/articles/360009192739-Google-Tag-Manager-and-Automatic-cookie-blocking , would you regain access to the Debug & Preview function of GTM?
We implemented Cookiebot by following the Google Tag Manager and Automatic cookie blocking guide, but since then our 3rd party marketing agency isn't able to properly create new tags, since the Debug & Preview function is nonfunctional.
We're hoping that implementing Cookiebot via GTM would resolve this problem, but before we go into the effort, we'd need a confirmation that this would actually solve our problem.
Thanks
I have implemented the Cookiebot Tag Manager strategy and all works fine. Here are some things I have learned:
1. De script declaration is not necessary anymore, you can leave that step out of this manual
2. Check all blocking mechanisms when you test; Firefox automatic blocking, VPN's etc.
I have one big question though:
I have tried to use the Consent triggers on stuff like Google Analytics and Hotjar bu the triggers do not fire at all. What could be the possible cause of this? Normally triggers are set to All Pages and that works just fine.
Smaller question: is naming strict? Like Cookie Consent for example. I also noticed that the names of the triggers in text are different than on image.
Wouldn't it be more effective to use the Consent trigger as an exception? So define Cookie Consent Marketing as NOT containing marketing. Then use it as an exception on a trigger so you have options to specify which pages it applies to.
I also noticed this issue that Jaap is talking about:
"I have tried to use the Consent triggers on stuff like Google Analytics and Hotjar but the triggers do not fire at all. What could be the possible cause of this? Normally triggers are set to All Pages and that works just fine."
I think this is a quite recent issue, because I only noticed around the same time that Jaap posted his comment here and I use an import of my GTM settings so the settings are the same as on previous projects (where this still seems to work like it should).
Is there a solution for this issue?
Thanks!
What Jaap and Tycho said is exactly the same question I have. The documentation on this site regarding how to implement Cookiebot with GTM is less than desirable. (There are multiple pages which say different things.)
Most of the documentation assumes a user is trying to comply with GDPR, thus the examples given are for how Cookiebot works when the default behavior is that site visitors are opted out until they opt-in. But many people are now using Cookiebot to handle CCPA, where visitors are opted in until they opt-out.
How about spending some additional time going through past documentation and removing or updating verbiage that no longer applies or is no longer correct?
Did anyone get a response from Cookiebot concerning this matter?
Or did anyone maybe find a solution?
Thanks!
Negative to both questions.
Bumping up this thread. Same problem here - different documentation on different pages with no clarifcation from Cookiebot which one is recommended for specific cases. I also suggest to sort our or refactor the GTM documentation.
Having also the same problem with the tag manager preview function after I implemented a new trigger which checks for links with a specific Click text. . It still shows, but without any content, so completely empty.
Also sent an Email to Support 2 weeks ago without a response. Is there a solution available already?
Having the preview function in the tag manager is quite crucial for us .
This guide is only covering GTM tags that were firing unconditionally on all pages. However, most of our tags already have specific triggers. Since it is not possible to add a second additional trigger, the concept described here does not work for all those tags. What would you recommend in this case (and no, creating trigger groups for every specific trigger we have -200- is not an option)?
One feasible way would be to add exceptions to every trigger, which is possible in GTM. So if I have a specific trigger and want it to fire only if consent is given, I would like add a "Consent not given" exception.
This would require the "Cookie Consent" variable template to not only contain the strings "preferences|statistics|marketing" but also a string that can be used to safely determine if consent is not given.
Among the many things not clear - if you using auto-scan and classifying cookies within the cookiebot control panel, are GTM triggers necessary?
Hello Dave.
Yes, the triggers are indeed still necessary, as GTM is a different platform and will not be blocked by the automatic script. This is because we also have a manual implementation method that uses GTM and therefore GTM as a platform is not directly blocked.
Therefore it is required that you add the triggers and ensure GTM blocks cookies before consent is provided by the visitor.
Hi,
Could someone help me clarify the following:
If I implement Cookiebot through GTM, all cookies set by a specific tag/script will be blocked if the user has deselected the category that the script is placed in (the trigger used) in GTM, I assume?
So if a particular tag in GTM sets, say, three cookies, and two of them are auto-categorized as "Statistics" by Cookiebot, and one is auto-categorized as "Marketing" (for instance, this is approximately the case for LinkedIn Insights) - all three will be blocked if GTM is used?
In other words, when implementing Cookiebot through GTM, there's no way to achieve the fine-grained blocking that is possible with auto-blocking and no GTM, because the GTM-implementation does not assess each cookie individually.
I could make a trigger group in GTM - but this would mean that even if the user had opted in to "statistics" cookies, these would only be set (for the particular tag) if the user had also opted in to the other categories in the trigger group that fires the tag?
Thanks in advance.
Kind regards, Chris
Hi,
Seems it still not be ready.
I can try everything, the Analytics still run, even if I did not give consent.
Then I still use the "cookie_consent_statistics" method.
Currently does a problem on triggering the page view tags, because all of triggers can't be triggered before the event cosent_state_update, but other triggers that occur after it working properly.
I can not achieve to have purchase going up to Analytics, and Analytics seems to be launched a second time from the Google Consent blackbox.
What trigger do you use to launch Analytics and Linker ?
Because Google says "Consent Mode for web pages must be implemented in a way that loads the tags before the consent dialog appears", this would mean, we should launch it at the very first trigger, on Consent init...
It seems that CookieBot solved that by increasing the "wait_for_update" of Google Consent from 500ms to 2.000ms.
Now, even if it is less frequent, I still have many times Analytics 2 times, with a very few millisecondes delay. The problem is that the second one that is the one Analytics keeps, do not manage to get the DataLayer.
Then, my purchases does not comes up, which is the main visible part of the Iceberg. When I navigate through my website, it happens quite many times, almost 1 page on 10.
This is a major bug, and this does not seems to be linked to my setup. I tried with a very minimalist page, with minimal code, and the problem appears.
Something in the behaviour CookieBot Manual + Google Consent, makes reloading the pageview without Datalayer.
I do not understand, how a major bug like that, is not a priority. Many users complains with that bug.
Please help.
Hi hugolin69,
After much investigation into the issue, we've determined that the issue (most likely) is related to our bulk consent feature. It appears that in some cases, the attempt check whether prior consent was submitted on a third party domain within the same domain group can cause a significant delay in passing Consent Mode data to Google Tag Manager.
While we're currently working to fix this, you can temporarily disable the Bulk Consent feature. Since this is a work-around and not meant as a permanent solution I prefer not writing this on a public forum such as this one.
Please send us an email on support@cookiebot.com and ask for instructions to disable bulk consent.
Article is closed for comments.