[UPDATE 22th november 2019]
If you are reading this guide it’s probably ‘cause you heard that Cookiebot can simplify your compliance with GDPR and you would like to install it with Google Tag Manager.
Well, I’ve got a couple of things to tell you.
Good News (yay!): you can find the official guide and learn how to install Cookiebot using Google Tag Manager on their official Website.
Here: https://www.cookiebot.com/en/google-tag-manager-gdpr/
That’s great, ‘cause this means that people are understanding the importance of GTM and the tool is spreading more and more. But…..
Bad News: There’s a problem.
I checked the official guide and noticed that it’s not as performing as it could be.
There’s a specific detail that blocks one of GTM’s most important advantages and this damages the way Google Tag Manager works internally, thus compromising other Tags and Events tracking on your website losing some key-benefits of GTM.
What? This sounds terrible, isn’t it?
No problem: it took me one sleepless night to figure it out, but I finally found a trick to solve the problem and make the installation work anyway without affecting the GTM’s system.
Are you curious to know what’s the trick?
First of all, I will show you the official guide on Cookiebot’s website. Then, I will explain to you what is not working, why and how to optimize it.
Let’s get started!
<script id="Cookiebot" src="https://consent.cookiebot.com/uc.js?cbid=00000000-0000-0000-0000-000000000000" type="text/javascript"></script>
<script>
function CookiebotCallback_OnAccept() {
if (Cookiebot.consent.preferences)
dataLayer.push({'event':'cookieconsent_preferences'});
if (Cookiebot.consent.statistics)
dataLayer.push({'event':'cookieconsent_statistics'});
if (Cookiebot.consent.marketing)
dataLayer.push({'event':'cookieconsent_marketing'});
}
</script>
As you can see, the script is pushing 3 Custom Events, according to the cookie-settings chosen by the user on your website:
The script just created is pushing the 3 Events into the Data Layer. Now, we need to set up the Custom Events.
We are going to repeat the same procedure for each of them.
To set up “cookieconsent_preferences”:
Do the same thing for the other 2 Triggers: “cookieconsent_statistics” and “cookieconsent_marketing”.
Now you will have to link the Tags you want to make GDPR-proof to the corresponding Triggers.
There are different cases listed in the official guide.
When you have a Pageview Trigger you can simply substitute it with one of the Triggers just created: “cookieconsent_preferences”, “cookieconsent_statistics” or “cookieconsent_marketing”.
For example:
and so on… for example Hotjar or AdWords Remarketing Tags.
This is how your GA Pageview will look like now:
In the second case explained by the official guide, you should create a Custom Event Trigger with these two filters:
All the other cases, like a Click Trigger or Link Trigger for example, should be treated in a completely different way.
The official guide suggests to create some JavaScript Variables related to the cookie-settings chosen by the users.
function() { return Cookiebot.consent.marketing.toString(); }
Then you should do the same with “Cookiebot.consent.preferences.toString()” and “Cookiebot.consent.statistics.toString()”.
The value returned could be “true” (meaning: the user accepted the preferences cookies) or “false” (meaning: the user did not accept them).
In order to add this condition you should go back to the new Trigger and add a new condition, for example:
Here’s the problem. The official guide states something which is apparently a detail, but in facts it’s not. Not at all.
As you can see in the screenshots, the JavaScript will be executed only after the Window Loaded event, so all the Tags should be now fired after the Window Loaded as well, not after the Page View.
WTF!
When I saw this I almost fainted: this change means that we will have to lose the Event type “Page View” and “DOM Ready”, since all the Tag will be fired after the Window Load!!
Is this a joke?? This means losing a Google Tag Manager milestone!
I didn’t like the official guide at all. So what to do? Surrender to it for the sake of GDPR? Naaaaa…. I decided to change it “slightly”.
I stayed awake one whole night to fix the problem, but it was definitely worth it:
HERE’S THE SOLUTION:
First of all, set up a Variable containing the Cookiebot ID we copied in the first step of the official guide.
Now we need to set up other 4 Variables.
Cookiebot includes a cookie for the cookie-settings chosen by users once they have stated their preference.
Therefore now we need to create a Variable to get the cookie’s values.
Now we’ll need to set up the other Variables (CookieConsent.marketing, CookieConsent.preferences and CookieConsent.statistics) in order to detect the cookie-settings chosen by users.
Ingredients: 3 RegEx Table, a smart trick and a little patience 😉
CookieConsent.marketing RegEx Table:
Do the same thing for “CookieConsent.preferences” and “CookieConsent.statistics”. Be careful: you will have to change also the Pattern field (for example marketing: true will become statistics:true).
“Why are you setting up these Variables??”
Uuuhh… let me explain.
Thanks to this new trick the JavaScript will be executed BEFORE the Window Loaded event. This means that we won’t lose the Event types “Page View” and “DOM Ready” anymore!
YAY!! 😀
[Cookiebot update from November 2019]
Cookiebot has created its own template, a Tag created by them, which executes a push (probably seeing my guide) three events:
But these three events are still not completely performing. So my suggestion is to let them stay (pretend that they don’t exist) and continue using this guide of mine. The difference between mine and them is an underscore “_” character that I marked in red.
This part will be similar to the one in the first step. Just with some changes on the snippet from the official guide 😉
<script id="Cookiebot" src="https://consent.cookiebot.com/uc.js?cbid={{CookieBotId}}" type="text/javascript"></script> <script> function CookiebotCallback_OnAccept() { if ((Cookiebot.consent.preferences) && ({{CookieConsent.preferences}} != "true")) dataLayer.push({'event':'cookieconsent_preferences'}); if ((Cookiebot.consent.statistics) && ({{CookieConsent.statistics}} != "true")) dataLayer.push({'event':'cookieconsent_statistics'}); if ((Cookiebot.consent.marketing) && ({{CookieConsent.marketing}} != "true")) dataLayer.push({'event':'cookieconsent_marketing'}); } </script>
First of all, “Tag firing options: Once per Page” avoids the Tag to be fired twice.
Secondly, I introduced new conditions (marked in bold) before each dataLayer.push. These new conditions verify the following things:
1) The CookieConsent has already been registered
2) The value for that particular cookie category (preferences, marketing or statistics) is not true.
What does this mean?
In other words the custom Event will be pushed ONLY if the user has already expressed his cookie preferences AND he didn’t accept that specific category of cookies.
Why do we need to do this? You’ll see in the following steps.
This step is exactly the same as the STEP 2 in the official guide. Let’s create the 3 Custom Events.
To set up “cookieconsent_preferences”:
Repeat the same procedure for the other 2 Triggers: “cookieconsent_statistics” and “cookieconsent_marketing”.
Here’s another trick. We will now need to create what I call “Negative Triggers”. They are basically based on the same system as the Triggers just created but represent the opposite value (not true).
We will need to add them as a Trigger Exception in the most common Tags.
This is valid only for Page View Events.
Repeat the same procedure for “cookieconsent.statistics” and “cookieconsent.marketing”.
There’s a quickest trick. You can also create just one negative trigger valid for all types of Events. Then you need to add it as an expection to Tags:
Repeat the same procedure for “cookieconsent.statistics” and “cookieconsent.marketing”.
Thanks to these two kind of Triggers (Custom Event and Negative Triggers) we can now easy link them to our Tags. You will see that once you have configured everything for the first time, it will be much easier later to manage your GDPR compliance on the Tags you will create!
We’ll divide our Tag into 2 main categories:
1) Tags fired on Page View/DOM Ready/Window Loaded
2) Tags fired on all other kinds of Triggers
Let’s see the examples together.
In order to make your GA Pageview comply with GDPR, the only thing you should do now is:
That’s all, folks!
Now your Google Analytics Pageview will be fired ONLY when the user has already expressed his explicit consent to receive statistics cookies.
“Wow, so cool! But what if I have other kind of events? Like click or link event for example.”
I’m sorry dude. In those other cases you will have to be patient and always add the conditions manually when you create new Triggers.
Here you have an example:
Let’s say we want to track when users click on a mailto link. The corresponding Trigger is related to the GA Event Tag. Therefore what we have to do is adding the condition:
This means that the user must have accepted our statistics cookies in order for the Click Mailto Event to be fired.
Wow, this guide was kinda complicated but totally worth it!
Now you can be sure of your GDPR compliance, thanks to GTM and my optimized guide to install and manage CookieBot with Google Tag Manager.
If something is still not clear and you need help don’t be shy and contact me (you have to be registed on CookieBot via this link: https://manage.cookiebot.com/goto/signup?rid=TMITA )
If you are a member of Club Tag Manager Italia you will have:
Here you find also Cookiebot’s official installation guide via GTM (remember: this version is not optimized):
https://www.cookiebot.com/en/google-tag-manager-gdpr/
LUISAVIAROMA è uno dei principali fashion e-tailer di lusso al mondo, con oltre 5 milioni…
All’interno del vasto e competitivo mercato della Grande Distribuzione Organizzata (GDO), Mondo Convenienza rappresenta uno…
Se ti occupi di marketing o advertising, saprai che i funnel rappresentano il percorso che…
È stato un nuovo record per il GA4Summit: oltre 500 professionisti e professioniste del web…
Negli ultimi mesi hai notato in Google Analytics 4 un calo improvviso e inspiegabile nelle…
Se ti trovi su questa guida è perché hai compreso che solo attraverso la Data…
View Comments
Sorry, caught one other. Did you meant to name this the same as the negative trigger?
https://www.tagmanageritalia.it/how-to-fix-cookiebot-official-guide-and-protect-yourself-from-gdpr/#page-irblog:~:text=There%E2%80%99s%20a%20quickest%20trick.%20You%20can,Event%20Name%3A%20.*
Hi, yep this is the "universal" negative trigger :)
We have implemented the auto mode using cookiebot, we want to enable our custom js not to be blocked out and keep as necessary always.
not ale to figure out the attribute to add to the js script with auto mode.
Hi Vikash did you ask Cookiebot directly?
Hi Matteo,
Thanks a lot for this guide! It was really painful to implement the CookieBot via tag manager. The official documentation recommends to implement the triggers that allows to setup the specific type of scripts. But I already had got about 100 triggers, and for 3 categories of cookies I had to implement 300 additional triggers. I've tried to implement the "reject" trigger with official CookieBot CMP GTM plugin, but it just doesn't work as expected. But your solution works exactly as I want!
Thank you very much and say if I can somehow buy beer for you!
Best regards,
Fedor.
Hi Fedor :) Thank you so much for your feedback!
I hope to see you in future's web analytics events around the world :) Please keep in touch on Linkedin: https://www.linkedin.com/in/zambonmatteo/ send me a connection :)
Thanks for this great guide, Matteo, it has been very helpful.
Last September, Cookiebot introduced a new autoblocking feature and made some changes which have impacted implementations I have set up similar to above. Their guide to using Google Tag manager along with this autoblocking feature can be found at: https://support.cookiebot.com/hc/en-us/articles/360009192739. As far as I can see this guide doesn't work either, in that tags will only fire once immediately after the consent is submitted but not on subsequent pages. It also breaks Tag Manager in the ways you explained above. Using your script that pushes the 3 Custom Events for cookie preferences (at the start of the article) on every page fixed that for me.
Also worth noting, as far as I can see, Cookiebot has renamed their cookieconsent_category evets by adding an extra hyphen e.g. cookieconsent_marketing is now cookie_consent_marketing
Hi Matthew, thanks for your feedback. I will check and I will fix the new events name. I will upgrade this guide with their owner tag (you can found it on the template in GTM).
Thanks again :)
I update the article ;)
Sorry that last paragraph should say...
Also worth noting, as far as I can see, Cookiebot has renamed their cookieconsent_category events by adding an extra underscore e.g. cookieconsent_marketing is now cookie_consent_marketing
No worry I understood :)
You wrote:
"When I saw this I almost fainted: this change means that we will have to lose the Event type “Page View” and “DOM Ready”, since all the Tag will be fired after the Window Load!!
Is this a joke?? This means losing a Google Tag Manager milestone!"
Can you, please, explain me why is so important to not lose those events?
And what do you mean by "a GTM milestone"?
Hi Aerendir :)
Events type "Page View", "DOM Ready" and "Window Load" are three built-in events in GTM. This is why I called them "milestone". If you want to track Google Analytics Pageview, the right event in GTM is "Page View".
If you use the cookiebot check after "Window Load", you have to wait for cookiebot events and you cannot use the three milestone events :)
Let me know if now is more clear :)
Hi Matteo,
thanks so much for your guide!
We are still in the phase of testing Cookiebot using the „Active Consent“ method and settings at „Page scroll“.
However, right now cookies only fire when the user navigates to another site on our webpage (at least that’s what the GTM preview mode shows). Do you have any idea why that might be?
Thanks a lot in advance,
Andrea
Hi Andrea, do you see the custom events (step 4) in the scroll event by cookiebot?
Hi Matteo,
do you have an idea to solve this problem:
advertising features in google analytics should only be able to set the cookie if marketing cookies are accepted. There is the allowAdFeatures field in GTM, but i'm not sure how to best set the field in the cookiebot environment. Do you have an idea?
Hi Jennifer :)
You can use CookieConsent.marketing variable as value to set up allowAdFeatures in GA tag :)
Let me know ;)
Hi Matteo,
Thanks for this article!
Initially we use Cookiebot GTM implementation and got two issues: 1. Some of our GTM events stopped working, 2. The cookies won't create on visitors' browser after he accept cookies on consent banner until refreshing his browser or going to other page of the web site. So we switched to your implementation and fixed those two issues.
Now we found our GA bounce rate dropped about 50% right after this implementation.
We don't have multiple GA implementation in our site. Also we set the cookie consent to show to only EU visitors. And beside the Cookiebot GTM script we also have the following tag in our web template:
That's because we have the following script need to use cookiebot property to make the cookies it produces gdpr compliant:
var _adara_script = document.createElement("script");
var pathName = location.pathname;
_adara_script.setAttribute("src", "//tag.yieldoptimizer.com/ps/ps?t=s&p=1553&pg=px&ph=" + pathName);
document.getElementsByTagName("head")[0].appendChild(_adara_script);
Any suggestion?
Thanks a lot!
Hi Matteo,
Thanks for your response!
From our testing it was not the adara_script and the extra reference to cookiebot script library in out web template that caused the bounce rate drop.
.
Through my testing in GA/GMT the bounce rate sudden drop happened right after implementing the STEP 7 in your article above, when I added those cookieconsent_statistics triggers to those UA tags:
STEP 7. LINK THE NEW TRIGGERS
1) Google Analytics Pageview
If I remove those triggers and only keep the negative triggers as exceptions for those UA tags the bounce rate would be very similar as before the cookibot implementation. But then GA won't catch the data from EU visitors right after they agree those cookies via consent until they refreshing the page.
Also can I send you our website url through email, instead of posting here?
Thank you so much, have a great weekend!
Hi Limei, yep. Send all information to info@tagmanageritalia.it ;)
I'm glad that your problems was done. So, do you think adara script is the problem?
What type of GA events do you send after pageview?
Can I see your website?
Hello Matteo,
Thanks for the article!
I am trying to figure out whether cookiebot is worth or not, I can see you totally recommend it, why? are there any other alternatives to consider?
Thanks in advance
I chose this solution because I'm independent from website development. It's no care if is a CMS or custom website :)
Another service is Iubenda.
;)
Hello. Matteo. What a great post.
I hope you can help me with this issue.
I have 1 domain (example.com) and 1 subdomain (account.example.com). I have Cookiebot premium subscription. The Bulk consent for all domains is enabled in the setting page. I can see the CookieConsentBulkTicket cookie configured.
The main domain has its own CookieConsent cookie. Subdomain has its own CookieConsent cookie too.
The visitor's consent for the main domain is working. The problem is that we cannot honor the visitor's consent for the subdomain.
How can i sync the CookieConsent across domains and subdomains? I want only one consent for all my sites.
Best regards,
Wilt Rovira
Hi Wilt :D
Thank you ;)
I suggest you to create the CookieConsent of CookieBot in the subdomain with the same parameters with GTM.
I don't know if you can set this configuration on CookieBot panel.
Let me know :)