Built-In Consent Checks
For some tags based on native or community templates you can see non-empty Built-In Consent Checks inside tag Advanced Settings > Consent Settings.
That’s great but the question is:
Does ad_storage, analytics_storage or other consent inside Built-In Consent Checks mean this tag follows GDPR?
It only means that in the Template Permission tab in the Accesses consent state section these consents were added.
Create a Template for the test
Let’s create a new template and check this statement. Go to the Templates page and click New button in Tag Templates section.
Add any reasonable name,
Consent test will be a good balanced variant. Go to Code section and add these lines:
const isConsentGranted = require('isConsentGranted'); data.gtmOnSuccess();
As you see the code does nothing only requires isConsentGranted API. Actually you can require any other consent API: addConsentListener, setDefaultConsentState, updateConsentState for our example it’s not important.
But now if you click on Permissions tab you see Accesses consent state section.
Expand the section and click Add consent type. In Add consent type panel click inside Consent Type field and from dropdown select
ad_storage. Then click Add button to add the consent.
Please note, we are not granting any permission. The code can’t read or write
That’s all with the template click Save and close Template Editor.
Create a Tag for the test
Now we will create a tag for our new template. Go to the Tags page and click our favorite New button.
Add name, something «unexpected» like
GDPR compliance tag click on Tag Configuration sections and from list of the tag types select Consent test (the template we’ve just created).
Don’t save the tag, simply open Advanced Settings and Consent Settings then you will see Built-In Consent Checks and
Do you remember the Template code? We didn’t grant
write permissions and we didn’t make any checks based on
ad_storage consent. But our new tag has a very promising GDPR name and non-empty Built-In Consent Checks.
«Built-In Consent Checks» conclusion
As a result we have a few options:
- trust templates vendors and their Built-In Consent Checks
- trust templates vendors but check what’s inside a template (for community templates only)
- trust yourself and add
Additional Consent Checksor blocking triggers even if a tag has
Built-In Consent Checks
- trust the Universe, everything is fine we’re just waiting for GDPR fines