GTM implementation - data transfer to Google and GDPR compliance?

Comments

3 comments

  • Hi Marketing WBS,

    There is no data sent to Google in either scenario.Google Tag Manager doesn't send or receive data, it's more like a system that registers events, and executes scripts according to those events.
    When the page loads, Google adds the Cookiebot script to the page, but any interaction with the Cookiebot script is no longer tied to GTM. It was merely the tool to implement the script. 

    So, regarding your first point, there should not be any data getting sent to consent.cookiebot.com and Google through GTM, when the user opens a page for the first time. Cookiebot does not store anything about the user upon page visit. When the user consents, this users IP-address is stored anonymized (by removing the last three digits) to prove that consent was obtained. 
    When the page is visited for the first time only the necessary cookies are being set (no other cookies are being set upon page visit). The CookieConsent and GTM cookies will be set without consent in case that they have been classified as a necessary.

    About the second point, in case that all cookies categories have been rejected except necessary cookies then the banner would not be displayed anymore and only strictly necessary cookies would be set. That is why its important to classify cookies on you site and implement prior consent. 
    For example, if a cookie has been set as a "preferences" cookie, it won't be set without consent when the user opens a page for the first time, and it would be set if the user allow only necessary cookies. 

    Regards,
    Spas

    0
    Comment actions Permalink
  • Avatar
    Marketing WBS

    Hi Spas,

    Thank you very much for your detailed reply and sorry for the late response. I can follow the technical details you give, but as far as I can see there is still traffic to Google servers (the ones used for GTM like googletagmanager.com). I think you acknowledge this in your sentence “When the page loads, Google adds the Cookiebot script to the page”. This cannot be done without a connection to a Google server, can it?

    If so, then the question is what user information is transferred. I suppose at the very least an (anonymized?) IP, but probably not much more. And then, since the use of GTM is necessary for the operation of the site, I guess this is legal under GDPR as long as the use of GTM is covered in the privacy declaration and the cookie banner, isn't it?

    Unrelated to this: I think there’s a typo in your last sentence: “For example, if a cookie has been set as a "preferences" cookie, it won't be set without consent when the user opens a page for the first time, and it would be set if the user allow only necessary cookies.” I think it should say “and it wouldn’t be set” in the second part of the sentence, no?

    Best,

    Marketing WBS

    0
    Comment actions Permalink
  • Hi Marketing WBS,

    First of all, I am sorry about my typo mistake, you are right. If a cookie has been set as a "preferences" cookie, it won't be set without consent when the user opens a page for the first time, and it would NOT be set if the user allows only necessary cookies.
    Regarding the connection to the server and data sent to Google, I would say that there is no data sent to Google. The Cookiebot script is inserted by GTM and as I mentioned before Google Tag Manager doesn't send or receive data, it's more like a system that registers events, and executes scripts according to those events. So when the page loads the Cookiebot script is executed and then there is not other interaction tied to GTM.


    Regards,
    Spas

    0
    Comment actions Permalink

Please sign in to leave a comment.