What to consider when considering Consent Mode
The aim of this short post is not to go into what Consent Mode is, Dan has already done an excellent job of that in his recent post, and in episode #42 of The Measure Pod. Instead, the point here is to specify what Consent Mode is not and to give you some questions you need to answer before you decide to ‘turn it on’.
These recommendations all come from experience, as a consultancy we help clients with a multitude of technology stacks that tackle consent management and this has given us rare insight into what platforms do not work.
What Consent Mode is Not
So first and foremost what isn’t Consent Mode? Simply put, it is not a Consent Management Platform (CMP). This is a common misconception, and one that I can understand. After all, it does fundamentally change the way Google Tag Manager (GTM) handles consent.
Rather, it is a tool that allows for the simplification of managing how tags behave after your CMP has handled the user’s choice. The CMP handles the updating and management of the current consent state so that consent mode can pick it up and run with it.
Gone are the blocking triggers and other hacky solutions we have all become accustomed to. It also automatically manages Google tags, firing anonymous pings to ads and analytics platforms when consent is not given so data can be modeled… Wait, I said I would not talk about what it is, didn’t I!
As you can see it is hard not to get caught up in the exciting things that Consent Mode allows, and that is why it is tempting to jump in with two feet. But without properly thinking through a couple of aspects, you are going to find yourself doing a lot of troubleshooting and head-scratching. So what are these all-important considerations?
Things to Consider
Ask yourself the following questions before you jump into Consent Mode.
Which CMP are you using?
Which CMP you use is important. It needs to support Consent Mode for one thing, or expose enough of its inner workings that you can reconstitute it for use with Consent Mode. For example, consider OneTrust and CIVIC Cookie Control.
OneTrust keeps the scripts controlling consent behind the scenes, providing access to a small piece of code in which you will not see any of the individual functions that update consent on user interaction. Consent Mode is a tick box within the UI, rather than anything manual. CIVIC on the other hand is much more open. As you build up the CIVIC script, you see the accept and revoke functions and so can manipulate them to work with Consent Mode manually.
This is important because it dictates how you should implement the banner script if you plan on using consent mode…
How will you be Installing your CMP?
There are two main ways you can install your CMP onto your site, using the Google tag (gtag.js) and a script supplied by the CMP to add it directly to the head of your site, or via GTM. As mentioned above, a platform like OneTrust does not give you direct access to the consent functions behind the scenes, just access to the production script once everything is published. No problem, we can either add this into the head of the site or via a Custom HTML (cHTML) tag in GTM right? Wrong.
This is where the biggest pitfall comes into play. In order for Consent Mode to work correctly, that is for it to dictate the behavior of tags based on user consent, consent states must be updated before any tags fire. Without this guarantee, tags could be fired without consent or could be blocked with consent. Obviously neither is desirable for different reasons.
The issue here is that OneTrust, for example, uses Gtag to update default consent states, and this simply does not work anywhere near quickly enough when added in via a cHTML tag. In fact, it does not work quickly enough when added in via GTM full stop. This is why, for a CMP to be configured with GTM, Google recommends utilising Custom Tag Templates. Specifically, Custom Tag Templates that update consent states utilising Tag Template APIs rather than Gtag. When triggered using the ‘Consent Initialisation’ trigger, a tag template using the API method of consent manipulation can ensure the correct consent state is set before tags fire.
So when we consider our two example CMPs one more time, how could we implement them based on what we now know?
OneTrust: As mentioned above, it uses Gtag to update consent states and we have no ability to change this. This means that OneTrust will work with Consent Mode providing it is toggled on in the UI, and is added directly to the head of the site.
CIVIC: Here we have access to the underlying consent update function. This means, in theory, we could write our own custom tag template and swap out gtag updates for API updates. This means we could add it via GTM with some development work on the script or add it to the site head directly.
Some CMPs have already built custom tag templates to handle Consent Mode. These will make life much easier if you want to deploy via GTM but don’t have the internal development resource to create your own. Do be careful though, we have seen some examples of community-built custom tag templates that still just use Gtag as the consent update method, which, as we now know, won’t work.
Consent Mode deployment checklist
To help simplify all of this, here are two checklists that will help you understand if Consent Mode will work with your chosen method of deployment.
“I want Consent Mode and want to implement my CMP directly to the head of my site.”
- Is the selected CMP compatible with Consent Mode?
- If not stated in the documentation, are the underlying consent and revoke functions able to be manipulated to add in Consent Mode updates?
If the answer to either of the above is yes, you are good to go – providing you have the know-how or dev resources to rework the consent functions!
“I want Consent Mode and want to implement my CMP via GTM.”
- Does the CMP have a pre-built tag template that utilises the ‘updateconsentstate’ API?
- Does the script provide sufficient access to allow for a Custom Tag Template to be built using the Tag Template APIs? If so, do you have the development resource to build it?
If the answer to either of the above is yes, you are good to go! If not, you may still be able to deploy via Gtag directly in the head of the site.
Conclusion
I hope this provides some insights into what needs to be considered when setting up Consent Mode. In my humble opinion, Consent Mode is a fantastic tool and here to stay, but more fool you if you rush in assuming it is just the flick of a switch away!
Check your CMPs documentation, your planned implementation method and your dev resource. Do all that and you won’t look back.