GTM Consent Settings. «Built-In Consent Checks» what do they really check?

Built-In Consent Checks

For some tags based on native or community templates you can see non-empty Built-In Consent Checks inside tag Advanced Settings > Consent Settings.

That’s great but the question is:

Does ad_storage, analytics_storage or other consent inside Built-In Consent Checks mean this tag follows GDPR?

Short answer:

NO

It only means that in the Template Permission tab in the Accesses consent state section these consents were added.

Create a Template for the test

Let’s create a new template and check this statement. Go to the Templates page and click New button in Tag Templates section.

Add any reasonable name, Consent test will be a good balanced variant. Go to Code section and add these lines:

const isConsentGranted = require('isConsentGranted');
data.gtmOnSuccess();

As you see the code does nothing only requires isConsentGranted API. Actually you can require any other consent API: addConsentListener, setDefaultConsentState, updateConsentState for our example it’s not important.

But now if you click on Permissions tab you see Accesses consent state section.

Expand the section and click Add consent type. In Add consent type panel click inside Consent Type field and from dropdown select ad_storage. Then click Add button to add the consent.

Please note, we are not granting any permission. The code can’t read or write ad_storageconsent.

That’s all with the template click Save and close Template Editor.

Create a Tag for the test

Now we will create a tag for our new template. Go to the Tags page and click our favorite New button.

Add name, something «unexpected» like GDPR compliance tag click on Tag Configuration sections and from list of the tag types select Consent test (the template we’ve just created).

Don’t save the tag, simply open Advanced Settings and Consent Settings then you will see Built-In Consent Checks and ad_storage inside.

Do you remember the Template code? We didn’t grant read or write permissions and we didn’t make any checks based on ad_storage consent. But our new tag has a very promising GDPR name and non-empty Built-In Consent Checks.

«Built-In Consent Checks» conclusion

As a result we have a few options:

• trust templates vendors and their Built-In Consent Checks
• trust templates vendors but check what’s inside a template (for community templates only)
• trust yourself and add Additional Consent Checks or blocking triggers even if a tag has Built-In Consent Checks
• trust the Universe, everything is fine we’re just waiting for GDPR fines