Google Consent Mode

Using Google Consent Mode with the Osano Consent Manager.

If you are using Google’s gtag.js to send event data to Google Analytics, Google Ads, and Google Marketing Platform, you can use Google’s new (Beta) consent model.

Osano's Consent Manager integrates with Google Consent Mode in the following way: 

  • Based on the user's location and privacy laws of that location, Osano blocks all non-essential scripts and cookies from running on your site until the appropriate level of consent is granted. 
Once consent is saved, Osano communicates the consent preferences of the user to Google Consent Mode, which will then determine the behavior of all tags and scripts from its service based on the consent status (either via gtag directly or via a gtag triggered by GTM). 
  • Note: No personal data is sent from Osano CMP to Google. Only consent preferences are communicated (e.g., whether they have accepted marketing or analytics cookies or not).

You must be utilizing Google's gtag. 

Example: 

<script async src="https://www.googletagmanager.com/gtag/js?id=GA_MEASUREMENT_ID"></script>


To opt-in to Google’s Consent via gtag.js with Osano:

  • Log in as an Admin or a Consent Manager.
  • Navigate to Consent Management.
  • Create or Edit a Consent Manager configuration.
  • In "Settings," flip the switch labeled "Google Consent Mode" on (to the right).

Screenshot 2023-01-18 at 11.11.08 AM

  • Save and Publish. 
  • NOTE: You must ensure you classify the associated Google Analytics/Ads/Floodlights/ConversionLinker scripts and cookies as "Essential" within the Osano platform, or Osano will block them from executing entirely if consent is not granted. 

For more information regarding Google Consent with gtag, including which tags and containers are supported, go to https://developers.google.com/gtagjs/devguide/consent

 


Implementing Google Consent Mode via Gtag or Google Tag Manager

The below configuration works with the following Google tags deployed via gtag.js directly on the page and via 'Web' containers in Google Tag Manager:

  • Google Ads (Google Ads Conversion Tracking and Remarketing)
  • Floodlight
  • Google Analytics
  • Conversion Linker

In Osano, ensure the Google Consent Mode switch is enabled.

Add the following Data Layer to your website before the Osano javascript executes on the page:

<script>
window.dataLayer = window.dataLayer ||[];
function gtag(){dataLayer.push(arguments);}
gtag('consent','default',{
'ad_storage':'denied',
'analytics_storage':'denied',
'wait_for_update': 500
});
gtag("set", "ads_data_redaction", true);
</script>

Note: It is recommended to set this script in the HTML itself as this tag MUST fire before the Osano.js to ensure initial consent is set and persists across pages. If executing in Tag Manager (NOT RECOMMENDED), ensure this code fires before any other Google tags. 


Google's API documentation 
suggests further steps to enable integration, but many of these are automatically handled by the Osano Consent Manager. As such, no additional steps are required. You can view the Google API documentation for  ADVANCED FEATURES for this setup, such as Region-Specific behavior and URL passthrough.

NOTE: You may change the values of  ad_storage and analytics_storage to 'granted' and set ads_data_redaction to 'false' if you want to default to an opt-in before the end-user has submitted consent, for example, allowing for default opt-in under CCPA, but Osano will manage all communication back to Google. 


On your website, the execution order should mirror the following: 

  1. The Google Consent Mode Data Layer - This allows the default consent to be set. 
  2. The Osano,js tag - This allows for the update events to be passed when a user changes or edits their consent settings
  3. All other Google applications - This ensures all Google products heed the above before tracking occurs.


Impact on Google Applications

**When consent is granted for "Analytics" and "Marketing," the associated tags will function normally.**

When consent is denied, the associated Google tags deployed via gtag.js or Google Tag Manager will adjust their behavior accordingly.

In all cases, pings may include:

  • Functional Information - Timestamp, User-Agent, Referrer
  • Aggregate/non identifying information - An indication for whether or not the current page or a prior page in the user's navigation on the site included ad-click information in the URL (e.g., GCLID / DCLID), 

Consent and conversion pings may include the following behaviors depending on the state of the consent settings and the configuration of your tags.

ad_storage='denied':

  • No new cookies pertaining to advertising may be written.
  • No existing first-party advertising cookies may be read.
  • Third-party cookies previously set on google.com and doubleclick.net may be sent in request headers (but limited to use for spam and fraud purposes).
  • Google Analytics will not read or write Google Ads cookies, and Google signals features will not accumulate data for this traffic.
  • IP addresses used to derive IP country but are never logged by our Google Ads and Floodlight systems and are immediately deleted upon collection. Note: Google Analytics collects IP addresses as part of normal internet communications.
  • Full page URL is collected, including ad-click information in URL parameters (e.g., GCLID / DCLID).

ad_storage='denied' + ads_data_redaction=true:

  • No new cookies pertaining to advertising may be written.
  • No existing advertising cookies may be read.
  • Requests are sent through a different domain to avoid previously set third-party cookies from being sent in request headers.
  • Google Analytics will not read or write Google Ads cookies, and Google signals features will not accumulate data for this traffic.
  • Ad-click identifiers (e.g., GCLID / DCLID) in consent and conversion pings are redacted.
  • IP addresses used to derive IP country but are never logged by our Google Ads and Floodlight systems and are immediately deleted upon collection. Note: Google Analytics collects IP addresses as part of normal internet communications.
  • Page URLs with ad-click identifiers are redacted.

analytics_storage='denied':

  • Will not read or write first-party analytics cookies
  • Cookieless pings will be sent to Google Analytics for basic measurement and modeling purposes.

Checking your Setup

 

Ensure the Google Consent Mode Default executes FIRST.

Osano Should Execute Second

Ensure that all subsequent scripts execute after The GCM default and the Osano script. Also, ensure that you have not given prior consent (i.e., you should see the Osano banner/popup and NOT the cookie icon). 

Next, ensure your tags are firing: For this, you can GTM's preview mode or the Google Tag Assistant browser extension, which can be found HERE

Ensure that the appropriate tags are firing on your page prior to consent: 

Check the Data Layer 

To check the data layer to ensure your consent preferences are being updated, open a new browser window (preferably a clear incognito or private window) and open your Inspector/Developer tools. 

Go to "Console" and navigate to your site. 

Enter the following into the console. 

dataLayer

Prior to consent being granted, the output for the above should read something like this: 

Arguments(3)0: 
"consent"
1:"default"
2:{ad_storage: "denied", analytics_storage: "denied"}
Arguments(3)0:
 "consent"
1: "default"
2: ad_storage: "denied"
analytics_storage: "denied"

This should match with your set defaults. If you then grant consent (to analytics and/or marketing), save those changes, and call that function again, you should see something similar to the following: 

Arguments(3)0:
 "consent"
1: "update"
2: {analytics_storage: "granted", ad_storage: "granted"}

Checking if Cookies were set:

This can be the most difficult thing to check. To get a good view. You want to make sure that no cookies have been set previously and that nothing is transferred over from previous sessions or interactions. 

Start with a clean browser. We recommend opening a brand new incognito or private window. If given the option, ensure the "Block third-party cookies" option is turned off to simulate a normal browsing session. Ensure that you have no other incognito or private windows open. 

If you are not using an incognito or private window, be sure to clear all storage and trackers before testing: Clear your history, cache, cookies, local storage...everything. Then restart the browser (i.e., fully close and re-open a new browser window). 

Once your browser is ready, open your developer tools:

  • In Chrome, Right-Click > Inspect
  • In Firefox, Right-Click > Inspect Element
  • In Edge, Right-Click > Inspect 
  • in Safari, Develop Menu > Show Web Inspector

Go to "Applications" or "Storage" (depending on the browser) and find "Cookies." Here you want to look for the appropriate Google cookies. Before granting consent, you shouldn't be seeing the _ga_gid, or _gat cookies being set.

If the first two checks executed as expected, it will be unlikely that you will see these cookies getting set prior consent. If they are, then you are likely adding them through an inline script, like analytics.js (which doesn't support Consent Mode).


What do you do if you have done all of this, but your data STILL doesn't look right? 

Unfortunately, we are unable to assist further in this regard. We're happy to review your Osano setup and the interaction with GTM! 

Data aggregation and reporting assistance, however, will need to come from Google as Osano has no control over how particular applications and tracking should occur on the backend when Google Consent Mode instructions are intercepted. Please seek assistance from a Google representative in this case. 

 

Review Osano on G2