Almost everyone likes cookies and everyone has their favorites that they like to munch on :). Marketing agencies like them too! The reason is the wonderful, informational fat they generate. However, the European Union is allergic to them. Every year, it fights harder and harder to control them and use them appropriately. Of course, we are writing here about virtual cookies that big tech companies (Google, Facebook, Amazon) give us with every visit, and which our browsers devour in hundreds, if not thousands. The EU decided to enforce its own regulations in the interests of data security. Unfortunately, this will affect, as always, every company operating on the Internet.

Note: In this article, we describe and use a specific solution from Usercentrics, but it is not a review or a sponsored post. All opinions of the author are his subjective assessment and do not constitute any advertising of this specific solution. At the end of the article, we will provide links to similar solutions, which we have not used ourselves, so these are only suggested alternatives to Cookiebot.

Grandma's cookie recipe

The European Union has had big tech companies in its sights for a long time, especially those from the US. And there’s no denying that it’s probably right to watch them quite closely! After all, they’re able to prove in their own backyard that they can’t be fully trusted (cough-cough Social Dilemma ).

The first result of these observations was the famous implementation of the GDPR, which scared many businesses and practically started a new branch of the economy for legal advisers and technology companies. However, the GDPR came and after the first scare... it spread to the bones. Some added a link to the privacy policy and an additional checkbox next to the form, others rebuilt the site, adding large popups and multi-page regulations, but generally everything calmed down. Users got used to clicking on consents and not reading anything, and that was enough for the owners of the sites. Only the EU still had a "but". It was on the basis of this "but" that the next iterations of the dispute over user privacy appeared.

First, there was a judgment of the Court of Justice of the EU, which clearly states that the user's consent cannot be implicit and that they must make a choice whether to install cookies or not. They cannot be installed before their consent and only be left to them to remove them. This is an important decision, because it means that most banners informing about cookies are useless, because they do not provide such functionality. It turns out that those who made extensive popups when implementing GDPR can sleep soundly 🙂 . Everyone else should be afraid, however. The UODO has started to impose fines for incorrect handling of GDPR, and is also looking into the issue of cookies . So this is an element that is worth taking care of now to avoid problems in the future.

What do we need to implement Consent Mode?

Fortunately, whenever there is a need, there are companies with a solution. An example is CMP – Consent Management Platform, which is supposed to help website owners manage and control cookies. Of the many options available on the market (which we write about below ), we decided to focus on one.

Cookiebot, because that's what we're talking about, is a tool that's available for free, provided that your site doesn't exceed 50 pages , which should be enough for most SMB industries. To use it, you need to create an account, generate a widget code, and you're good to go.

Unfortunately, Cookiebot alone is not enough. Each call to codes such as Google Analytics or Facebook Pixel should be appropriately "coded" to take into account the user settings entered using Cookiebot. Since as an agency in our daily work we use GTM (Google Tag Manager) to manage all tags, we decided to combine our two components to create the perfect cookies.

Correct implementation of Consent Mode

The secret to a good cookie according to the EU is to let it rise only when the customer wants it to. To do this, you need to enable a special consent mode in GTM.

Enabling Consent Overview in GTM

After launching it, new trigger options and an additional section will appear, thanks to which we can verify what consents our tags have, as well as what consents we want to add to them.

The next step is to add Cookiebot to our GTM by importing a ready-made tag from the Community Template Gallery .

Community Template Gallery with Cookiebot

We complete this new tag with the ID that we get from the Cookiebot panel and set it as the only Consent Initialization trigger – All Pages

At this stage, what we have created will appear on the website as a popup cookie (in the free version we have no influence on the colors and some appearance elements).

Cookiebot Popup

This is not the end, but rather the beginning! This panel is only a place for the user to control which cookies they accept and does not control anything in itself.

In the next step, we need to reconfigure the tags we have on the page to take into account what the user has selected in the popup.

Since each case is different, we are not able to present a complete and comprehensive configuration. However, we will show the 2 most important and most frequently needed elements - Google Analytics 4 (GA4) and Facebook Pixel settings. We have chosen these 2 to show the full spectrum of Consent Mode's operation because there is a fundamental difference between Google tags and others.

GA4 is one of the special tags in GTM. Once you enable Consent Mode support in your GTM account, all current and future GA4 and Google Ads tags will have built-in support for Consent Mode flags.

Consent mode flags built into GA4 and Google Ads tags

This means that we do not have to make any changes to their triggers. The tags will fire in the published GTM container, but they will not send any personalized data without the consent of the banner.

In the case of Facebook Pixel, as with all non-Google tags, you must manually indicate the consents required for a given tag.

Where to choose consent for non-Google tags

Additionally, in the case of non-Google tags that fire on all pages (i.e. Facebook Pixel), you need to create a new event cookie_consent_update , which will be the trigger for such tags. If we leave the default All Pages trigger in such tags – data collection will only work after refreshing the page or going to the next subpage! The cookie_consent_update event causes such a tag to fire when consent is given.

And that's it when it comes to making delicious, basic, European cookies :).

To check how well our Google tag implementation went, a special section was launched in GA4 at the data stream level, which shows whether the implementation is collecting data correctly. This status is refreshed only after 24-48 hours from the implementation, so don't panic if nothing changes here right after the implementation 🙂

Confirmation of correct data collection in GA4

How about some Muffins?

As I wrote at the beginning of the article – the browser does not live by Cookiebot alone. It can also eat from other confectioneries:

Need help implementing Consent Mode?

Want to bake something special with different ingredients?

5/5 - (2 votes)