How to Implement Google Tag Manager Cookie Consent

Table of Contents

Are you looking for an effective way to get users’ permission before collecting their data? Well, that’s what you’ll learn in this article. Now with the help of Captain Compliance you can learn How to Install Consent Mode V2 with Google Tag Manager (GTM) which is undergoing changes that you will need to keep track of to stay compliant.

Google Tag Manager cookie consent allows you to add third-party cookies to your site without updating the code on your website. You can also manage the consent from different tags through a single dashboard, allowing for compliance with data privacy regulations. 

In this article, we’ll explain what Google Tag Manager is, how to implement Google Tag Manager cookie consent and discuss the pros and cons of using it for cookie consent. As a bonus, we’ll also show you how to integrate GTM cookie consent with other consent management platforms.

Let’s get started!

Key Takeaways

Google Tag Manager, a tag management tool, has built-in consent for Google-affiliated cookie tags.

You can integrate a third-party consent management solution with GTM for third-party cookie consent.

While GTM is GDPR compliant, it has limitations, and you should consider alternative cookie consent integrations to see which is best.

What is Google Tag Manager?

What is Google Tag Manager.png

What is Google Tag Manager.png

Google Tag Manager (GTM) is a tag management tool that allows you to store and manage marketing tags on a single platform. This tool also allows you to add tags to your website without manually modifying the code. 

While initially designed to manage marketing and analytical tags, GTM can now be used to store cookie tags as well.

Google Tag Manager helps prevent issues such as:

Forgotten tags.

Lost website tags.

Broken website elements.

It also only deploys tags based on necessity, which allows you to manage targeting, remarketing, and other functions more smoothly.

Let’s say you’re looking to run a remarketing campaign on your website. You’ll need to install several tags, such as Facebook Pixel, Google Ads tags, and other remarketing tags, depending on your campaign needs. 

Instead of manually adding each tag to your website’s code, simply connect your site with GTM and add all your tags there. You can easily delete unnecessary tags once the campaign ends without messing with your site’s code.

Is Google Tag Manager a Good Option for Implementing Cookies?

Google Tag Manager cookie consent can record and manage consent for several third-party tags on your site. It’s GDPR and CCPA-compliant and can be used for implementing a consent banner. 

GTM also allows users to manage their cookie preferences, which allows you to implement different levels of consent. It’s streamlined, easy-to-use and ensures fewer scripts on your site, which can improve your site’s speed.

However, GTM cookie consent is limited in the type of cookies it manages, with limitations on managing third-party cookies.

If you only use Google tools (Google Ads, Google Analytics, etc.), Google Tag Manager cookie consent is enough. But if you’re using third-party applications that implement their own cookies, you’ll need to use another cookie consent solution for compliance with GDPR requirements.

So, while GTM is pretty effective for managing Google-affiliated cookies, we suggest using a more thorough consent solution to fulfill cookie consent requirements.

How to Implement Google Tag Manager Cookie Consent (1).png

How to Implement Google Tag Manager Cookie Consent (1).png

To implement Google Tag Manager cookie consent, you’ll need to set up consent mode. This involves setting up the consent initialization trigger, tag settings, and the cookie consent page.

You can also integrate third-party cookie consent management tools with Google Tag Manager for advanced consent management. We’ll discuss how to set up these tools with GTM for managing third-party cookie consent. 

But first, let’s look at how to activate the basic consent mode on GTM:

1. Configure the Initialization Triggers

Google Tag Manager has two “initialization triggers” that fire before any other tag. These are the “consent initialization trigger” and the “initialization trigger.” The consent initialization trigger is set to “All Pages- Default” and is the first tag that will fire on your website.

You’ll need to configure this trigger to manage user consent. Select the consent pop-up tag and make sure it’s enabled with this trigger.

If you have strictly necessary cookies to deploy for the site to function properly, ensure they’re configured with the “initialization trigger.” This deploys after the consent trigger but before other triggers on the site.

Google Tag Manager cookie consent allows you to customize consent on different cookie tags. You’ll have to do this separately for each tag, provided it has a customization option.

Follow these steps to configure cookie tag consent settings:

Select a tag and click on “advanced settings.”



2. Choose “consent settings” and then “built-in consent checks.”



3. Review the built-in consent checks. Google Tag Manager cookie consent will fire a consent dialogue for Google Ads, Google Analytics, and Floodlight by default. As you can see, the selected tag above uses “ad_storage” and “analytics_storage” checks.

4. Now select “additional consent checks”. Choose “no additional consent required” if the tag doesn’t need permission. This should only apply for strictly necessary cookies but may vary depending on the privacy regulations your site falls under.

5. Choose “require additional consent” if the tag needs special permission to fire. Then, under “add required consent,” add the consent type.



6. Google Tag Manager is compatible with five consent types: ads, analytics, functionality, personalization, and security. Add the consent type(s) in the “additional consent” box.

Remember, only Google-affiliated tags have built-in consent settings. You’ll have to check the default settings of each tag and configure them accordingly.

GTM cookie consent has a helpful consent overview page that gives you a holistic view of the cookie consent settings of website tags. You can also make changes to the consent settings of tags in bulk on this page. 

To enable consent overview on your site, go into “Admin” and select “container settings.” Click on “additional settings” and choose “enable consent overview.”

Once you have consent overview enabled, you can access it through the “tags” section. Simply click on “tags” and choose “consent overview.” From there, you can see which tags have consent configured and edit the consent settings of multiple tags in bulk.

Google Tag Manager allows you to integrate compatible third-party consent management tools. There are hundreds of such tools available, but we’ll look at the Trust Commander cookie API as a reference.

This tool has a GTM template as well as its own template, which allows you to manage Google tags and third-party cookies. You can easily integrate it with GTM by following these steps:

Add the Commanders Act OnSite CMP API to your Google Workspace.

On GTM, open the “Web” container.

Add the Commander’s Act tag template from “community template gallery.”

Configure Google-affiliate tags and their triggers, as discussed in the previous steps.

Configure third-party tags

Now, simply publish the container and your configuration is complete.

While some tools, like the one shown above, have seamlessly integrated templates for GTM, others only have code integrations, so choose wisely when looking for the cookie consent solution that suits your site.

Does Google Tag Manager Use Cookies?

Google Tag Manager manages web tags and will not use any cookies if it’s not previewing or debugging. However, it may contain tags that implement third-party cookies on a website. Google Tag Manager also uses strictly necessary cookies on its preview and debug mode. 

These will not deploy on all websites and will specifically target site admins. You can simply turn off debug mode to stop receiving these cookies.

GTM doesn’t collect information apart from non-personal diagnostics data and log requests, which makes it compliant with the GDPR and other data privacy regulations.

Is Google Tag Manager GDPR Compliant?

Is Google Tag Manager GDPR Compliant.png

Is Google Tag Manager GDPR Compliant.png

Google Tag Manager is fully GDPR compliant. However, you’ll need to configure cookie consent settings and triggers properly. You’ll also need to update your cookie policy when deploying cookies that collect user data. 

Remember, GTM is only a tool. Use it incorrectly, and you can still get fined for non-compliance. To ensure your website is GDPR compliant when using GTM, you’ll need to:

Properly configure first party cookie consent triggers.

Ensure the initialization consent trigger is enabled before any cookies are deployed.

Have a system for integrating third-party cookie consent in GTM (if you use them).

Update your privacy policy, detailing which cookies your site uses, what they are used for, and whether they are shared with any third-parties.

Even the smallest mistake can result in non-compliance and significant fines, which is why we recommend you outsource compliance when setting up GTM cookie consent.

Alternatives to Google Tag Manager for Cookie Consent Integration.png

Alternatives to Google Tag Manager for Cookie Consent Integration.png

If Google Tag Manager is too complex, you can try several alternatives for cookie consent management. Some solutions work only with first-party, platform-specific cookies, so we won’t look at any of those.

Instead, here are the top three cookie consent compliance alternatives that work with third-party cookies:

1. CookieBot

CookieBot is a cookie consent tool that works with all types of cookies – including Google-affiliated ones. It offers a free cookie audit, along with cookie banner design and an easily accessible consent database. 

However, unlike GTM, the free version has the CookieBot logo on the consent pop-up and you only get the analytics feature in the paid version.

2. CookieYes

CookieYes is one of the more popular consent integration tools and comes with a code for direct CMS integration. It’s reliable, has automatic updates and there’s a free version available that includes a comprehensive cookie audit. 

However, the free version is limited, and you only get advanced analytics in the paid version. In comparison, Google Tag Manager offers advanced analytics for free.

3. Captain Compliance

Getting an automated tool doesn’t always guarantee compliance, especially if you don’t integrate it properly.

Captain Compliance offers compliance services managed by experts that will conduct a cookie audit, draft privacy, and cookie policies and integrate a compliant cookie banner and other tools according to cookie consent best practices.

What makes this service different is that it’s foolproof as real compliance experts manage the whole process.


Google Tag Manager is a helpful tool for cookie consent and can help integrate first-party cookies seamlessly. However, it’s not without limitations, and you’ll need a third-party integrated service to manage consent for other cookies.

However, all these tools require expertise to implement.

At Captain Compliance, we offer just that. Our compliance experts will ensure complete corporate compliance by helping with cookie integration, drafting privacy policies, and ensuring your website implements a holistic approach to data compliance. 

Get in touch today for stress-free compliance!


Google Tag Manager doesn’t need cookie consent as it doesn’t use any cookies. It only deploys strictly necessary cookies to sites in debug mode, and these don’t require consent either.

Review our list of common Cookies

To add cookie consent on GTM, activate the initialization consent trigger and configure cookie consent settings. Add the consent settings properly based on the cookie function. Then update the consent overview page to manage cookie consent in bulk.

Understand cookie consent banner requirements for your site.

What are the Limitations of Google Tag Manager?

Google Tag Manager has a limitation of 10000 requests per project daily. When your site exceeds the quota limit, you’ll get a 403 error message. GTM is also not automatically integrated with third-party cookies and you’ll need third-party software to manage consent for these.

Learn about third-party cookies and how they function.

You should use GTM cookie consent if your site only uses cookies from Google. These include cookies deployed for Google Analytics and Google Ads. If you’re using third-party cookies, it’s best to use a more thorough cookie consent solution.

Learn How Captain Compliance can help you implement an all encompassing cookie consent solution to make your website compliant.

Online Privacy Compliance Made Easy

Captain Compliance makes it easy to develop, oversee, and expand your privacy program. Book a demo with a compliance SuperHero or get started today.