0

I am trying to use the gtag.js consent mode of Google Analytics to design a GDPR compliant cookie banner for my website. I have followed the Google implementation guidelines (https://developers.google.com/gtagjs/devguide/consent), but I am stuck trying to create an opt-out functionality for my users.

I have created the following code that I think should work:

function optOut() {
  gtag('consent', 'update', {
    'analytics_storage': 'denied'
  });
}

Which is triggered when the user clicks on the Opt-Out link.

<a onclick="optOut();">Opt-Out</a>

But I cannot see that the GA cookies change in any way. As I understand it, with previous solutions GA would set an opt-out cookie (for example as in this answer https://stackoverflow.com/a/10721214/7927271). I would have at least expected that the cookie properties are somehow updated. Does anyone know if the code above does indeed enable the user to opt-out of GA or whether I am doing something wrong?

KyrosGeo
  • 5
  • 5

1 Answers1

0

Consent Mode does not remove the use from tracking, it just means that there will be no unique identifier created and stored in a cookie. It will not do anything to already existing cookies (but will not use them, either), and it will not set opt-out cookies. You can check this by looking for the consent mode parameter in the GA request (there should be "gcs=G100" in the query parameters).

In Consent Mode, GA collects anonymous data to use them with a machine learning algorithm that promises to deliver results (e.g. in ad targeting) comparable to conventional analytics.

If you want to stop even anonymized data, you cannot use consent mode, but need to implement some other blocking mechanism for your GA tags.

Eike Pierstorff
  • 31,996
  • 4
  • 43
  • 62
  • Thank you, this is very helpful! So as I understand from your answer, changing the consent from granted to denied does the same as using anonymize_ip : true in the initial gtag config? Do you think this is enough to comply with the current GDPR regulation or is an opt-out link necessary that also stops the collection of anonymized data? – KyrosGeo Aug 11 '21 at 10:55
  • It's actually different from anonymize ip. aip is used because the IP address is considered personal information in Europe. It is not used to identify users in GA3 (it's only used for Geolocation), and GA4 anonymizes automatically in any case. Consent mode will prevent GA from using the client id to stitch hits together into sessions and users (so this is less about GDPR, and more about the ePrivacy regulation). Google then uses statistical inference (or "artifical intelligence", if you prefer) to work out if more requests on a certain page work out to more conversions on another. – Eike Pierstorff Aug 11 '21 at 14:22