Google Tag Manager and the GDPR

Google Tag Manager is a free tool from Google Marketing Platform to manage tags on your website. Tags are JavaScript snippets that share information with third-party. To activate them, you should add the snippets to your website’s source code. With Google Tag Manager, you do not need to do that. You just have to select what tags you want to add and on what page, and the Tag Manager does the job for you.

Google Tag Manager Logo

The software has a user-friendly interface that lets you manage the tags easily. You can edit and change the tags as required. It helps you track your page views, clicks, user data, and user behavior on your site. It has a two-factor authentication that ensures security.

Triggers activate tags. They are the events, such as page view, click, payment, or form submission, that fire the tags.

This article skims through the effect of the General Data Protection Regulation (GDPR) on using Google Tag Manager and how it can be compliant.

By using Google Tag Manager, your website may place several cookies on users’ devices. GDPR interprets data collected by cookies as personal. As per the Regulation, users’ consent s required before you collect any personal information from them, and this consent must be freely given, specific, informed, and unambiguous. Hence, using tracking cookies without requesting and obtaining consent is a violation of the GDPR, and it will result in fines and penalties. Cookie consent banners should, therefore, clearly state the consent request and follow the GDPR requirements. So, if you are using Google Tag Manager and that uses cookies to track users:

• Obtain prior consent before loading cookies.
• Consent request should be clear, specific, and unambiguous.
• Cookies should load only after the affirmative opt-in from users.
• Users should be able to withdraw their consent at any time.
• And it should be easily accessible and user-friendly.
• Record the status of user consent received.
• Review and refresh the consent status periodically.

You can anonymize IP addresses, which is personal data per GDPR, by changing the settings. In your Google Tag Manager:

Edit the tag -> More Settings -> Fields to set -> Add a field -> set Field Name as ‘anonymizeIp’ and its Value ‘true’

It sets the last octet of the IPV4 Ip addresses and the last 80 bits of the IPV6 IP addresses to zeroes. For example, an IPV4 address 121.314.31.144 changes to 121.314.32.0. In this way, the IP address cannot be used to link to a particular user.

Read more about how to manage consent under the GDPR here and how to create GDPR-compliant cookie banners here.

Using Google Tag Manager is easy and saves you a lot of time from the hassle of hard coding.  However, you still need to manage the cookie consent on your website. CookieYes helps your website in complying with the GDPR by providing cookie consent solutions. Fully customizable cookie banners are available for different types of cookie consent. The website owner can customize the banner per their requirement using simple steps. It automatically blocks third-party cookies before the users give their consent. All you have to do is sign up for a free account!

CookieYes homepage