Built-In Consent Checks
For some tags based on native or community templates you can see non-empty Built-In Consent Checks inside tag Advanced Settings > Consent Settings.
That’s great but the question is:
Does ad_storage, analytics_storage or other consent inside Built-In Consent Checks mean this tag follows GDPR?
Short answer:
NO
It only means that in the Template Permission tab in the Accesses consent state section these consents were added.
Create a Template for the test
Let’s create a new template and check this statement. Go to the Templates page and click New button in Tag Templates section.
Add any reasonable name, Consent test
will be a good balanced variant. Go to Code section and add these lines:
const isConsentGranted = require('isConsentGranted');
data.gtmOnSuccess();
As you see the code does nothing only requires isConsentGranted API. Actually you can require any other consent API: addConsentListener, setDefaultConsentState, updateConsentState for our example it’s not important.
But now if you click on Permissions tab you see Accesses consent state section.
Expand the section and click Add consent type. In Add consent type panel click inside Consent Type field and from dropdown select ad_storage
. Then click Add button to add the consent.
Please note, we are not granting any permission. The code can’t read or write ad_storage
consent.
That’s all with the template click Save and close Template Editor.
Create a Tag for the test
Now we will create a tag for our new template. Go to the Tags page and click our favorite New button.
Add name, something «unexpected» like GDPR compliance tag
click on Tag Configuration sections and from list of the tag types select Consent test (the template we’ve just created).
Don’t save the tag, simply open Advanced Settings and Consent Settings then you will see Built-In Consent Checks and ad_storage
inside.
Do you remember the Template code? We didn’t grant read
or write
permissions and we didn’t make any checks based on ad_storage
consent. But our new tag has a very promising GDPR name and non-empty Built-In Consent Checks.
«Built-In Consent Checks» conclusion
As a result we have a few options:
- trust templates vendors and their Built-In Consent Checks
- trust templates vendors but check what’s inside a template (for community templates only)
- trust yourself and add
Additional Consent Checks
or blocking triggers even if a tag hasBuilt-In Consent Checks
- trust the Universe, everything is fine we’re just waiting for GDPR fines