Websites using Google Tag Manager (GTM) can deploy Cookiebot by following these step-by-step instructions.
In this guide, we will show you how to:
- Implement the cookie consent banner
- Control cookie-setting tags
- Display the cookie declaration on a subpage
We assume that you've already created a GTM account, created a website container in GTM, and added the GTM container snippet to your website as required: https://support.google.com/tagmanager/answer/6103696
1. Implementing the cookie consent banner in GTM
First, obtain the Cookiebot CMP tag template from the Template Gallery.
The easiest way to do this is by clicking the Get Started button on the Consent Overview
If you don't see this icon, you can enable this function on the Admin tab, under Container Settings.
Check the "Enable consent overview" box under Additonal Settings and save your changes:
When you click the Get Started button, a pane will slide in from the right where the Cookiebot CMP template should be one of the featured CMP templates.
Alternatively, add a new tag and click the "Discover more tag types in the Community Template Gallery" item
Enter "Cookiebot" in the search field to find the Cookiebot CMP tag template
Select the "Cookiebot CMP" item and click the "Add to workspace" button.
Confirm by clicking "Add"
Next, create a new tag by clicking "New" ❯ "Tag Configuration" and select "Cookiebot CMP" from the list of standard tag types.
In the "Cookiebot ID" field, copy in the ID from the 'Your Scripts' tab under your account on cookiebot.com.
Choose "Consent initialization - All pages" as trigger and apply a name to your tag at the top of the configuration page, e.g. "Cookiebot". Click "Save" to create the tag.
This is what your tag configuration should look like (except for the value of the Cookiebot ID):
Make sure that you have registered and saved the domain name(s) of your website(s) in Cookiebot.
1.1 Defining the Google Consent Mode default consent state
The Cookiebot CMP tag registers default consent states for Consent Mode (detailed information can be reviewed here).
Under the collapsible configuration group ‘Default Consent State’ you can adjust which categories of cookies should be granted or denied before the end user submits consent.
Since most data protection legislations such as GDPR require so-called ‘prior consent’, the default setting is ‘Denied’ for all categories. The category ‘necessary’ (mapped to consent type security_storage) is by default set to ‘Allow’ and is not configurable, as it does not require consent.
GTM by default supports 5 different consent types that are automatically mapped by Cookiebot to the 4 categories used in Cookiebot CMP:
|GTM Consent Type||Mapped Cookiebot Type||Description|
|ad_storage||marketing||Enables storage (such as cookies) related to advertising|
|analytics_storage||statistics||Enables storage (such as cookies) related to analytics e.g. visit duration|
|functionality_storage||preferences||Enables storage that supports the functionality of the website or app e.g. language settings|
|personalization_storage||preferences||Enables storage related to personalization e.g. video recommendations|
|security_storage||necessary||Enables storage related to security such as authentication functionality, fraud prevention, and other user protection. Users will be informed about the specific storage purposes in the cookie declaration, but this type does not require consent from the end user.|
Google Tag Manager includes several features that work together with Cookiebot to help you manage how tags behave in response to the end user's consent choices.
Specific tags (such as Google Ads, Analytics, Floodlight and Conversion Linker) have built-in consent checks. This means that these tags include logic that automatically changes the tag's behavior based on the user's consent state. No consent configuration is needed for this type of tags*.
Tags which do not have built-in consent checks, which do utilize tracking, must be configured with additional consent checks. Opposed to tags with built-in consent checks, which load regardless of consent, tags configured with additional consent checks will not fire unless consent has been given for the corresponding storage category.
In the next section we will provide instructions to configure additional consent checks.
*It is important to note that because tags with built-in load regardless of consent, data will be transmitted to Google without explicit permission from the visitor. If this is of concern to you, it is recommended to configure tags with built-in consent with additional consent as well. That way the tag will not load prior consent.
- In your GTM container, create the following trigger, to be used in your GTM configuration:
Event Name: cookie_consent_update
Event Type: Custom Event
Fires On: All Custom Events
Your trigger should look similar to this:
- Edit the consent settings for all tags that need to be configured with additional consent.
You can find these settings in the Tag Editor ❯ Advanced Settings ❯ Consent Settings (BETA).
Add all storage categories which the tag requires (see the scan report from Cookiebot if you are in doubt).
In this example the tag requires consent for ad_storage / marketing cookies:
- To ensure the tag fires as soon as consent choices have been determined, either from a previous visit or from interaction with the banner the normal "All Pages" trigger will need to be replaced with the trigger which we created in the first step.
Here is an example with a Facebook Pixel tag, which with this setup only fires if the visitor has opted in on the required consent type:
For a complete view of the consent settings across all the tags in your container, you can enable the Consent Overview from your container settings:
There are additional methods, besides using Consent Mode, to ensure tags cannot load prior consent. Please see Alternative methods for conditionally loading tags for instructions.
For instructions on how to make the cookie banner change language depending on which (language) part of your website a visitor navigates, please see Multilingual support when using GTM.
If you for any reason want to disable Consent Mode, please see Disabling Consent Mode.
When you implement Cookiebot using Google Tag Manager, Cookiebot will also be able to control tags which require consent and do not originate from Google Tag Manager, i.e. scripts, images and iframes inserted directly into your website template.
Such tags need to be marked up for 'prior consent' as described in our manual mark up guide. If you wish to combine the use of Google Tag Manager and automatic blocking, please see Google Tag Manager and Automatic cookie blocking.
See also our blog post: Google tag manager and GDPR