Zum Inhalt

Google Tag Manager

Google Tag Manager allows you to embed other scripts (tags) into a website under specific conditions (triggers). Many cookie-banners rely on this mechanism and require that consent in the cookie-banner be stored as a trigger in Tag Manager so that Tag Manager can control which scripts load. CCM19 works fundamentally differently here, and it is not necessary to store triggers in Tag Manager. You can always have Tag Manager execute any script, saving yourself a lot of configuration effort. CCM19 can automatically block scripts integrated via Tag Manager if no consent has been given.

To block scripts loaded via Tag Manager, ideally only the feature "Block scripts containing the following text" should be used. To ensure that the scripts are blocked, you must ensure that the CCM19-code appears in the source code before the-Manager-code.

We strongly recommend that you also always block Tag Manager itself via CCM19 until consent is given, since a court has confirmed that loading Tag Manager without consent is not compliant with the GDPR. \ To block Tag Manager, simply add the entry "Google Tag Manager" from our database under "Integrations & Cookies."

If a site visitor agrees to all cookies via "Accept All," the Tag Manager will be loaded and will also integrate all other scripts according to the configuration. If the user only grants permission for the Tag Manager, it will become active and integrate the scripts as well. However, the scripts remain inactive because there is no approval for these scripts in CCM19, and they continue to be blocked.

If you still wish to control consent via the Tag Manager and through triggers, this is of course also possible. In this case, the Tag Manager must not be blocked via CCM19 so that it can always operate and use the consent--signals as triggers. Below, we describe how to set up the triggers in Tag Manager.

Integration into Google Tag Manager

Events are triggered in Google Tag Manager via the window.dataLayer interface if it is integrated on the landing page.

As soon as an embedding is approved via the CCM19-interface, the following event is triggered. The events are triggered repeatedly for all approved embeddings with every page view.

window.dataLayer.push({
    event: 'CCM19.embeddingAccepted', // Constant identifier
    id: 'xxxxxxx', // CCM19-internal embedding-ID
    name: 'Google Analytics', // Custom embedding-name
});

In Tag Manager, you can respond to this via Triggers → New → Custom Events.

Mon Oct 25 2021 11:17:23 GMT+0200 (Mitteleuropäische Sommerzeit).png

This is what the information contained in the data layer looks like. Our goal is to set up triggers based on this information.

Our starting point is after the successful implementation of CCM19 and Tag Manager on your website.

1. The entry in CCM19 for Google Tag Manager

In CCM19, navigate to the "Integrations & Cookies" menu item. Create an entry there for Google Tag Manager. You can find instructions on how to create an entry and what to keep in mind here. Be sure to set the Tag Manager as technically necessary. Only then will the Tag Manager itself not be blocked and be able to control the integration of other tools.

2. Set up the tag

For our example, we created a tag for the web analytics tool Google Analytics. We left the tracking type-set to "Pageview."

Mon Mar 22 2021 154243 GMT+0100 (Mitteleuropäische Normalzeit).png

3. Selecting a trigger

For the trigger type [a)], we set a custom event and name it .* [b)]. Check the option Use regular expression matching [c)].

Mon Mar 22 2021 154642 GMT+0100 (Mitteleuropäische Normalzeit).png

4. Create variables

Since the event is the same for every embedding, we now want to use variables to specify that the tag is only triggered when consent is given for the Google Analytics embedding. So we click on Fire this trigger on: Some custom events and add a new variable.

cbimage.jpg

For the variable type, we select the data layer variable [a)]. We enter the key name as the name [b)] and switch to version 1 [c)].

Mon Mar 22 2021 162718 GMT+0100 (Mitteleuropäische Normalzeit).png

5. Add a variable filter

Now we define what value the name key must have to trigger the event. Here, we always enter the name of the embedding (as it was stored in CCM19), which in this case is Google Analytics [a)].

We also add an event [b)].

Mon Mar 22 2021 162726 GMT+0100 (Mitteleuropäische Normalzeit).png

The event we enter here is: CCM19.embeddingAccepted

6. Test, test, test…

Tag Manager offers a preview mode for testing. So before you go live with the version, you should check whether the tags are actually being triggered. In the messages, look for the corresponding embedding and take a closer look at the tag. If all the checkboxes are checked there, the tracking is working.

cbimage (1).jpg

Additional Events

CCM19.consentStateChanged

as of version 2020.11.26

This event is triggered every time the site visitor saves the consent-configuration. After initial consent is given, it is also sent on subsequent page views.

It provides information about the permissions the site visitor most recently configured.

Example:

window.dataLayer.push({
    event: 'CCM19.consentStateChanged',
    initialConsent: true,
    'ccm19_Google Ads Conversion': true,
    'ccm19_Facebook Pixel': true,
    'ccm19_YouTube Webplayer': true,
});

-event: string — Event-identifier -initialConsent: booleantrue upon the site visitor’s initial configuration, otherwise false. -ccm19_{EMBEDDING_NAME}: booleantrue if the page visitor has consented to the embedding, otherwise false.

CCM19.embeddingAccepted

This event is fired on every page view and upon confirmation of the consent-dialog for each embedding that the page visitor has consented to via their last configuration.

Example:

window.dataLayer.push({
    event: 'CCM19.embeddingAccepted',
    id: 'xxxxxxx',
    name: 'CMS Session',
});

-event: string — Event-identifier -id: string — CCM19-internal embedding-ID -name: string — User-defined embedding-name

We would like to expressly point out that the use of Google Tag Manager may involve a certain risk, as a cookie is set in most cases. This is not technically necessary, but must be defined as such in order for it to function.

Furthermore, from the perspective of the Schrems II ruling regarding the Privacy Shield, the unsolicited integration of Google services is at least questionable and should be carefully considered. Thus, Google Tag Manager always sends at least the user’s IP-address to the Tag Manager server—and thereby also to Google.

CCM19 offers an alternative to the core function of Google Tag Manager, which is to implement scripts on the website without having to edit the source code.

If in doubt, always consult a trusted legal advisor; we can only point out the technical basics here.