Google Consent Mode 2.0 (GDPR TCF - web)

   Permission: Vendor list - GDPR

Google Consent Mode 2.0 ensures that Google vendors on your property comply with an end-user's consent choices for purposes (called consent checks) defined by Google. When a website visitor  indicates their consent choices, tags with consent checks adjust their behavior, and user consent choices are preserved across their interaction with the website.

In this article, we will cover how to configure the integration between Sourcepoint and Google Consent Mode 2.0 for a web property that is running a GDPR TCF campaign.  


Consent check overview

Consent check(s) indicates the kind of storage a Google vendor uses.  An end-user can deny or grant the collection of this data. The consent check varies across each Google vendor and can be viewed by selecting a vendor from the GTM platform and expanding the Advanced Settings > Consent Settings tab.

Screen Shot 2022-06-29 at 9.09.12 AM.png

Please refer to the table below for the different consent checks available in Google Consent Mode 2.0:

Consent check Values Description
ad_storage granted | denied Enables storage (such as cookies) related to advertising.
analytics_storage granted | denied Enables storage (such as cookies) related to analytics (e.g. visit duration).
ad_user_data granted | denied Set to granted when end-user has consented to have their data shared with Google. 
ad_personalization granted | denied Set to granted when the user has consented to have their data shared with Google for the purposes of ad personalization.

Google Tag Manager vs gtag.js

Before configuring the implementation, your organization will need to decide whether to implement using Google Tag Manager or gtag.js.

Google Tag Manager gtag.js

Follow the directions in your Google Tag Manager account to install Google Tag Manager on your property. Installing GTM on your property requires adding a code snippet to your <head> tag and a code snippet to your <body> tag. 

  Note: Ensure that you define the data layer before Sourcepoint's tags (i.e. add the GTM code snippet before Sourcepoint's tags within the <head> tag). 

Screen_Shot_2022-06-23_at_11_36_46_AM.jpeg


Implement Google Consent Mode 2.0 on web

Sourcepoint supports two different ways to implement Google Consent Mode 2.0 on your property running a GDPR TCF campaign. Click the tabs below to review which implementation method is suitable for your organization:

GDPR TCF (Preferred) GDPR TCF (no flag)

The preferred method of implementing Google Consent Mode 2.0 on your web property requires enabling an Advanced Setting flag in your GDPR TCF vendor list associated with your property. 

From the GDPR TCF vendor list associated with your property, add the "Google Advertising Products" vendor (GV: ID 755), which is required for this implementation method.

  Note: If you leverage any Google Products that require analytics_storage you may add additional custom vendors to your vendor list that best represent your Google product usage (e.g. Google Analytics). In addition to adding these custom vendors you will need to configure GTM containers, a new custom purpose, etc... that is outlined here.

Screenshot 2024-02-05 at 12.53.38 PM.png

Once the Google vendors are added to the vendor list, click Advanced Settings.

Screenshot 2024-02-05 at 12.59.12 PM.png

Enable the checkbox for Use TCF to Enable Google Consent Mode 2.0.

Click Apply Changes when finished. 

Screenshot 2024-02-08 at 10.48.24 AM.png

Save your vendor list to confirm the changes. 

The Use TCF to Enable Google Consent Mode 2.0 setting enables Sourcepoint to set an additional flag when initializing the TCData object. This additional flag allows Google to infer and map consent settings to the following Google Consent Mode 2.0 consent checks based on GDPR TCF purposes:

  • ad_storage
  • ad_personalization
  • ad_user_data

Please see the table below for how Google Consent Mode 2.0 maps GDPR TCF purposes to Google's consent checks:

Purpose Description Google tag behavior when Purpose is denied
1 Store and/or access information on a device ad_storage: denied
ad_user_data: denied
3 Create a personalised ads profile ad_personalization: denied
4 Select personalized ads ad_personalization: denied
7 Measure ad performance

ad_user_data: denied

Disables the Google signals feature in Google Analytics.

9 Apply market research to generate audience insights Disables the Google signals feature in Google Analytics.
10 Develop and improve products Disables the Google signals feature in Google Analytics.

 Note: If your organization utilizes any Google products that require the analytics_storage consent check (e.g. Google Analytics), you will need to perform additional steps. Expand the accordion below for more information.

Google Products using analytics_storage

Sourcepoint's preferred method of implementing Google Consent Mode 2.0 (i.e. the setting of the Use TCF to Enable Google Consent Mode 2.0 flag in Advanced Settings) does not cover the analytics_storage consent check. In this section, we will use Google Analytics as an example to review the additional steps necessary to support analytics_storage

  • Configure GTM container (Google Tag Manager only)
  • Add default consent state for analytics_storage 
  • Add Google product to vendor list
  • Configure custom purpose for analytics_storage

Configure GTM container (Google Tag Manager only)

If using Google Tag Manager to implement Google Consent Mode 2.0, your organization will need to create a GTM container for Google products that require analytics_storage. Configure a container in your Google Tag Manager account for a Google product that supports Google Consent Mode. 

 Google Tag Manager Documentation

From the tag creation workflow, expand the Advanced Settings > Consent Settings tab to view the built-in consent checks for that particular Google product.

Additionally use the Additional Consent Checks radio buttons to select your organization's decision on any additional consent checks needed for the Google product. 

Screen_Shot_2022-06-29_at_2.02.44_PM.png

  Note: By selecting Require additional consent for tag to fire, you will be prompted to select other consent checks from a dropdown menu that need to be checked for the tag to fire. 

Configure the trigger for the tag and click Save.

Screen_Shot_2022-06-29_at_2.19.42_PM.png

When finished, click Submit and follow the prompts to publish your configuration.

Screen_Shot_2022-06-23_at_11_23_34_AM.jpeg

Add default consent state for analytics_storage 

  Note: The consent checks and their default consent states implemented in the script is determined by the Google products operating on your property and any specific regionalized opt-in and opt-out jurisdictions you are targeting. You are responsible for making sure that default consent mode is set for each of your measurement products to match your organization's policy.

The default consent states represent the initial value (either denied or granted) for a consent check when a new end-user arrives to your property. These consent states are updated as an end-user makes their consent choices. In this section, we will cover how to implement the default consent state for the analytics_storage consent check using an on-page script.

 Google Consent Mode Documentation
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}

//default behavior
  gtag('consent', 'default', {
    'analytics_storage': 'granted',
    'wait_for_update': 500
  });
  
//behavior specific for end-users in the EEA + UK  
  gtag('consent', 'default', {
    'analytics_storage': 'denied',
    'region': ['GB', 'BE', 'BG', 'CZ', 'DK', 'CY', 'LV', 'LT', 'LU', 'ES', 'FR', 'HR', 'IT', 'PL', 'PT', 'RO', 'SI', 'HU', 'MT', 'NL', 'AT', 'IS', 'LI', 'NO', 'SK', 'FI', 'SE', 'DE', 'EE', 'IE', 'EL'],
    'wait_for_update': 500
  });
</script>  

Add Google product to vendor list

From the GDPR TCF vendor list associated with your property, add Google vendors that your organization works with (e.g. Google Analytics).

Screenshot 2024-02-05 at 12.53.38 PM.png

Configure a custom purpose for analytics_storage

Your organization will finally need to create a custom purpose in your GDPR TCF vendor list that maps to the analytics_storage consent check used by the Google product(s) running on your property.

 Google Analytics example

Google Analytics requires the following consent checks:

  • ad_storage
  • analytics_storage

You will need to create a custom purpose for analytics_storage but you do not need to create a custom purpose for ad_storage since that consent check will be set via the Use TCF to Enable Google Consent Mode 2.0 flag you configured earlier.

Click + Add Custom Purpose from the vendor list builder page. Use the provided modal to input a name for the custom purpose. 

Use the Google Consent Mode Category dropdown menu and select analytics_storage. Click Create purpose when finished.

Screen_Shot_2022-06-30_at_1.24.25_PM.png

As a best practice, Sourcepoint recommends that you describe the Google products that currently rely on the purpose.

Navigate to the newly created custom purpose and click the custom purpose name.

Screenshot 2024-02-05 at 3.54.36 PM.png

Use the provided description field to note the Google products utilizing the custom purpose as part of the Google Consent Mode integration. Click Apply changes when finished.

Screenshot 2024-02-05 at 3.56.07 PM.png

Set the legal basis for the custom purpose to User Consent

Screenshot 2024-02-05 at 3.57.32 PM.png

Click Save to confirm the updates to your vendor list. Your Sourcepoint and Google Consent Mode 2.0 integration setup is complete. 


Test integration

Regardless of how your organization has implemented Google Consent Mode 2.0 (either via Google Tag Manager or gtag.js, using the preferred method or without the flag), you can test the setting of Google's consent checks via Google Tag Assistant. 

 Google Tag Assistant

Click Add Domain.

Screenshot 2024-02-12 at 2.30.05 PM.png

Use the provided modal to input your property's URL that is currently integrated with Sourcepoint's CMP and Google Consent Mode 2.0.

Screenshot 2024-02-12 at 2.33.20 PM.png

From an event, navigate to the output for your container/tag and select the Consent tab. From the subsequent table, you can discern the status of the Google consent checks and compare them to consented/rejected purposes in your privacy manager.

Screenshot_2024-02-12_at_2_47_54 PM.jpg

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.