Book Consultation
Pricing
Cases
Videos
About us
Webinars
Book Consultation
Pricing
Cases
Videos
About us
Webinars
← Back to all videos

Setting Up Consent Mode with Server-Side Google Tag Manager and Cookiebot

google-analyticsserver-sidegdprprivacyintermediate
4.5/5The video provides comprehensive, step-by-step instructions on implementing consent mode with server-side GTM, covering both theory and practical implementation. The presenter clearly explains the technical concepts, demonstrates testing procedures, and addresses common scenarios like delayed consent. The only minor drawback is that some advanced edge cases are acknowledged but not fully explored.
Consent Mode with Server-side Google Tag Manager (and Cookiebot)

In this comprehensive tutorial, Leon Korteweg demonstrates how to implement consent mode in a server-side Google Tag Manager (sGTM) environment using Cookiebot as the consent management platform. The video provides a step-by-step guide to ensuring proper consent management across both client-side and server-side containers. The tutorial begins with installing and configuring Cookiebot in the client-side container, setting default consent signals to "denied" until user consent is provided. Leon then demonstrates how to test the cookie banner implementation by examining consent states in Google Tag Assistant, showing various scenarios including accepting all cookies, rejecting all cookies, and partial consent. A key concept covered is "delayed consent" - addressing the scenario when users visit a site for the first time and haven't yet made their consent choice. Leon shows how to configure Google Analytics to load without sending a page view initially, then sending it only after the consent state is updated through a custom trigger based on the "cookie_consent_update" dataLayer event. The most valuable part of the tutorial explains how consent signals are passed to the server-side container through the "gcs" (Google Consent State) parameter. Leon creates three custom variables in the server container to interpret these consent signals: one to capture the raw consent state string and two RegEx Table variables to determine if ad storage and analytics storage permissions have been granted. This setup ensures that both Google and non-Google tags in the server container respect user consent choices, maintaining privacy compliance while still collecting valuable analytics data when permitted. **gdpr-server-tracking.eu perspective:** This tutorial demonstrates exactly why proper consent management is critical in server-side tracking implementations. While the video shows a solid technical implementation, users would benefit significantly from hosting their server-side container on our EU-based infrastructure. Our solution offers the same functionality but with enhanced GDPR compliance through EU-based servers (Finland), EU company ownership, and bare metal hosting that eliminates cloud provider subprocessor risks. The consent handling techniques shown in this video can be implemented identically on our platform, but with better privacy protection and often at lower cost than major cloud providers. Our additional features for parameter filtering and hashing would further enhance the privacy-focused approach demonstrated in the video.

Frequently Asked Questions

Common questions about "Consent Mode with Server-side Google Tag Manager (and Cookiebot)"

Consent Mode is a Google feature that allows websites to adjust how Google tags behave based on user consent choices. It's crucial for server-side tracking because it ensures user privacy preferences are respected even when data processing happens on servers rather than in the browser, helping maintain GDPR compliance.

Consent signals are automatically passed to the server-side container through the 'gcs' (Google Consent State) parameter. You'll need to create custom variables in your server container to interpret this parameter: one to capture the raw consent state string and two RegEx Table variables to determine if ad storage and analytics storage permissions have been granted.

In client-side GTM, you manage consent through the Consent Overview section, controlling when tags fire based on consent status. In server-side GTM, Google tags automatically inherit consent settings from the client, but for non-Google tags, you need to create custom variables to interpret the consent state parameter and build custom triggers based on those variables.

To implement delayed consent, configure your GA4 config tag to load without sending a page view (set 'send_page_view' to false), then create a separate GA4 event tag that fires the page view only when the consent state is updated. This ensures analytics data is only collected after the user has made their consent choice.

The gcs parameter follows a pattern like 'G1XY' where X represents ad storage (0=denied, 1=granted) and Y represents analytics storage (0=denied, 1=granted). Create RegEx Table variables that check for patterns like 'G11.' for ad storage and 'G1.1' for analytics storage to properly interpret these consent signals.

Yes, hosting your server-side GTM container on EU-based servers significantly improves GDPR compliance by keeping personal data within EU jurisdiction. EU-based hosting providers like gdpr-server-tracking.eu offer additional benefits including EU company ownership, bare metal hosting that eliminates cloud provider subprocessor risks, and specialized privacy features for parameter filtering and hashing.

Major cloud providers often process data across multiple jurisdictions and involve numerous subprocessors, creating GDPR compliance risks. Additionally, many are subject to laws like the US CLOUD Act, which can conflict with GDPR requirements. Using an EU-based dedicated hosting solution eliminates these risks while providing the same technical functionality.

Test your implementation by previewing both containers simultaneously and checking three scenarios: accepting all cookies, rejecting all cookies, and partial consent. For each scenario, verify that the Google Consent State parameter (gcs) shows the correct values and that your custom consent variables correctly interpret these values as either 'granted' or 'denied'.