Using Google Consent Mode to Adjust Tag Behavior Based on Consent

Google Consent Mode allows you to adjust how your Google tags behave based on the consent given or not given by your users through OneTrust Cookie Compliance. You can indicate whether consent has been granted for Analytics and/or Ads cookies and Google's tags will dynamically adapt by only utilizing cookies for the specified purposes or cookie categories.

Google Products that support consent mode are:

Google Ads - this includes Google Ads Conversion Tracking and Re-marketing, support for Phone Conversions is pending
Floodlight
Google Analytics

When Consent Mode is enabled, it will adjust the behavior of these types of pings.

Consent status pings - Consent status pings are sent from each page the user visits where consent mode is implemented, as well as if the consent changes (e.g., if the user opts in). These pings communicate the consent state (i.e. granted or denied) for each consent type (e.g. ad storage, analytics storage).
Conversion pings - Conversion pings are sent to indicate that a conversion has occurred.
Google Analytics pings - Google Analytics pings are sent on each page of a website where Google Analytics is implemented and upon events being logged.

Google Consent Mode

To adjust your tags' behavior relative to consent, use the gtag('consent') API:

gtag('consent', '<consent_command>', {<consent_type_settings>});

where <consent_command> is one of:

'default' - Used to set the default consent settings that apply to a page.
'update' - Used to update existing consent settings. This command will be used after a user grants consent via the OneTrust Cookie Compliance application.

and <consent_type_settings> is an object that defines which consent types are 'denied' or 'granted'. For example:

gtag('consent', 'default', 
	{  // Deny consent for ad_storage   
				'ad_storage': 'denied',  
		// Grant consent for analytics_storage  
				'analytics_storage': 'granted'});

Adjust Default Tag Behavior

The gtag('consent') API supports configuring <consent_type_settings> to adjust the behavior of Google tags on your site:

gtag('consent', 'default', <consent_type_settings>);

For example, to tell your Google tags not to use cookies for advertising or analytics, set the consent type to 'denied' in a 'default' command above your gtag.js or Tag Manager container snippet:

// Require consent for ad storage and analytics storage.gtag('consent', 'default', {  'ad_storage': 'denied',  'analytics_storage': 'denied'});

The gtag('consent') API requires that dataLayer and gtag are defined. Ensure that dataLayer and gtag() are defined in your code before gtag('consent') is called.

If you call gtag('consent') prior to loading your gtag.js snippet, add this above your first gtag('consent') call.

window.dataLayer = window.dataLayer || [];function gtag(){dataLayer.push(arguments);}

Alternatively, you can include all of your default consent settings within your gtag.js snippet directly above

gtag('js', new Date());

Settings configured with the gtag('consent') API will apply to the current page, but will not automatically persist on subsequent pages. To ensure your tags behave as you expect, call the gtag('consent', 'default') command above your gtag.js or Tag Manager container snippet on every page of your site.

Additionally, ensure that your gtag.js or Google Tag Manager and OneTrust Cookie Compliance CDN implementation is deployed across all pages on your site and that you are calling the relevant consent settings on every page.

Update Tag Behavior

In the event that your user's consent changes (e.g. after the user gives consent or updates consent), you can tell your tags to update their behavior. For example, if the user grants permission to use advertising cookies after you had previously called gtag('consent', 'default', {'ad_storage': 'denied'}) , you can update the value of the associated consent type to 'granted'.

gtag('consent', 'update', {'ad_storage': 'granted'});

When your Google tags receive a gtag('consent', 'update') command that grants a previously denied consent type, they will adjust their subsequent behavior on the current page and may send additional requests with information about the consent state to help improve your data.

The gtag('consent') API will not automatically persist consent_type_settings from page to page. If you call gtag('consent','update') based on an end-user interaction with your consent tool, you should populate the gtag('consent','default') command on subsequent pages based on your own consent storage.

Implementing with OneTrust Cookie Compliance - No GTM

<script async src="https://www.googletagmanager.com/gtag/js?id=GA_MEASUREMENT_ID">; </script> 

<script> 
window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} 
gtag('js', new Date()); 
gtag('set', 'developer_id.dNzMyY2', true); 
gtag('config', 'GA_MEASUREMENT_ID'); 
gtag('config', 'AW_CONVERSION_ID'); </script>

<script src="https://cdn.cookielaw.org/scripttemplates/otSDKStub.js"" type="text/javascript" charset="UTF-8" data-domain-script="XXXXXXXX"></script> 
<script type="text/javascript"> 
function OptanonWrapper() { 
if (OnetrustActiveGroups.indexOf('C0002') != -1) 
	{ gtag('consent', 'update', {'analytics_storage': 'granted'}); 
if (OnetrustActiveGroups.indexOf('C0004') != -1) 
	{ gtag('consent', 'update', {'ad_storage': 'granted'}); 
				}
</script>

Make the category IDs you place in the OptanonWrapper match the category IDs from your tenant and line up with the categories that you would like the analytics_storage and ad_storage to behave based upon. You can find the category IDs in your tenant under Categorization > Categories. Learn more here.

Implementing with OneTrust Cookie Compliance - GTM

Include the following to define the gtag() function when calling this code prior to your Tag Manager snippet.

<script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} 
gtag('set', 'developer_id.dNzMyY2', true); 
gtag('consent', 'default', {'analytics_storage': 'denied'}); gtag('consent', 'default', {'ad_storage': 'denied'}); </script>

In your OneTrust CDN tag, make sure to implement the additional logic in the OptanonWrapper function.

<script type="text/javascript"> 
function OptanonWrapper() { 
if (OnetrustActiveGroups.indexOf('C0002') != -1) 
	{ gtag('consent', 'update', {'analytics_storage': 'granted'})}; 
if (OnetrustActiveGroups.indexOf('C0004') != -1) 
	{ gtag('consent', 'update', {'ad_storage': 'granted'})}; 
			} 
</script>

Consent Mode Impacts on Google Products

When consent is granted, the associated tags will function normally.

When consent for ad storage or analytics storage is denied, the associated Google tags deployed via gtag.js or Google Tag Manager will adjust their behavior accordingly.

In all cases, pings may include:

Functional Information - Timestamp, User Agent, Referrer
Aggregate / non identifying information - An indication for whether or not the current page or a prior page in the user's navigation on the site included ad-click information in the URL (e.g., GCLID / DCLID), Boolean information about the consent state, Random number generated on each page load

Additionally, consent and conversion pings may include the following behaviors depending on the state of the consent settings and the configuration of your tags.

There is only one set of behaviors for when all consent options are granted:

ad_storage='granted', analytics_storage='granted'

Cookies pertaining to advertising may be read and written.
IP addresses are collected.
The full page URL, including ad-click information in URL parameters (e.g., GCLID / DCLID) is collected.
Third-party cookies previously set on google.com and doubleclick.net, and first-party conversion cookies (e.g., gcl*) are accessible.

When one or more forms of consent are not granted, there are additional behaviors to consider:

ad_storage='denied'

No new cookies pertaining to advertising may be written.
No existing first-party advertising cookies may be read.
Third-party cookies previously set on google.com and doubleclick.net may be sent in request headers (but limited to use for spam and fraud purposes).
Google Analytics will not read or write Google Ads cookies, and Google signals features will not accumulate data for this traffic.
IP addresses used to derive IP country, but are never logged by our Google Ads and Floodlight systems and are immediately deleted upon collection. Note: Google Analytics collects IP addresses as part of normal internet communications.
Full page URL is collected, including ad-click information in URL parameters (e.g., GCLID / DCLID).

ad_storage='denied' + ads_data_redaction=true

No new cookies pertaining to advertising may be written.
No existing advertising cookies may be read.
Requests are sent through a different domain to avoid previously set third-party cookies from being sent in request headers.
Google Analytics will not read or write Google Ads cookies, and Google signals features will not accumulate data for this traffic.
Ad-click identifiers (e.g., GCLID / DCLID) in consent and conversion pings are redacted.
IP addresses used to derive IP country, but are never logged by our Google Ads and Floodlight systems and are immediately deleted upon collection. Note: Google Analytics collects IP addresses as part of normal internet communications.
Page URLs with ad-click identifiers are redacted.

analytics_storage='denied'

Will not read or write first-party analytics cookies
Cookieless pings will be sent to Google Analytics for basic measurement and modeling purposes.

Additional Resources of Using Google Consent Mode

Google has provided additional information about Consent Mode in their documentation here.

Please reach out to your Google support resource for any additional information.

OneTrust Internal Users: DO NOT MAKE ANY DIRECT CHANGES!