Guide for Setting up a CookieYes Banner with Google Tag Manager

The Ultimate Guide to Privacy and Compliance: Navigating GDPR, CCPA, Cookie Banners, and Consent Management Systems

In today’s digital landscape, privacy and compliance are no longer optional—they’re essential. With regulations like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) in place, businesses must ensure they are not only protecting user data but also being transparent about their data collection practices. This guide will walk you through the key aspects of these regulations, the difference between cookie banners and consent management systems, and provide a step-by-step tutorial on setting up a CookieYes banner integrated with Google Tag Manager.

Understanding GDPR and CCPA

GDPR (General Data Protection Regulation)

The GDPR is a comprehensive privacy regulation that went into effect in May 2018, designed to protect the personal data of individuals within the European Union (EU). It applies to any business that processes the personal data of EU residents, regardless of the company’s location.

Key Principles:

• Consent: Personal data can only be collected with explicit, informed consent.

• Right to Access: Individuals have the right to access the personal data a company holds about them.

• Right to Erasure: Individuals can request that their personal data be deleted.

• Data Minimization: Only data necessary for the specific purpose should be collected.

• Transparency: Businesses must be transparent about how they collect, use, and store personal data.

CCPA (California Consumer Privacy Act)

The CCPA, effective since January 2020, is a state-level regulation that enhances privacy rights and consumer protection for residents of California, USA. It’s similar to GDPR but has its own unique requirements.

Key Features:

• Right to Know: Consumers have the right to know what personal data is being collected about them and how it’s used.

• Right to Delete: Consumers can request the deletion of their personal data.

• Right to Opt-Out: Consumers can opt-out of the sale of their personal data.

• Non-Discrimination: Businesses cannot discriminate against consumers who exercise their privacy rights.

The CCPA applies to for-profit businesses that do business in California and meet any of the following criteria:

1. Annual gross revenues exceeding $25 million.

2. Buys, receives, or sells the personal information of 50,000 or more California residents, households, or devices.

3. Derives 50% or more of its annual revenues from selling California residents' personal information.

Cookie Banners vs. Consent Management Systems

As websites increasingly rely on cookies and other tracking technologies, the way businesses handle user consent has become critical for compliance with privacy laws like GDPR and CCPA. There are two primary tools for managing this: cookie banners and consent management systems (CMS).

Cookie Banners

A cookie banner is a simple tool that informs users about the use of cookies on a website. It typically offers options to accept, reject, or customize cookie preferences.

Pros:

• Easy to Implement: Cookie banners are relatively straightforward to set up.

• Quick Compliance: They help websites quickly comply with basic consent requirements.

Cons:

• Limited Functionality: Cookie banners may not fully cover all aspects of user consent management, especially for complex websites.

• Basic Consent Options: They often offer limited customization and tracking options.

Consent Management Systems (CMS)

A consent management system is a more sophisticated solution that allows businesses to manage and document user consent across multiple channels and devices. It’s ideal for businesses that need to comply with more stringent regulations or have complex data tracking needs.

Pros:

• Comprehensive Consent Management: CMS can handle various types of consent, including cookies, data processing, and third-party integrations.

• Detailed Reporting: Provides detailed logs and reports on user consent, helping with audits and compliance verification.

• Flexibility: Offers extensive customization options for different regions and regulations.

Cons:

• Complex Setup: Implementing a CMS can be more complex and may require technical expertise.

• Higher Cost: CMS solutions are typically more expensive than basic cookie banners.

Setting Up a CookieYes Banner with Google Tag Manager: A Step-by-Step Guide

Now that you understand the importance of privacy compliance, it’s time to implement a practical solution. While there are various tools available for managing cookie consent, we've chosen to focus on CookieYes for this guide. Integrating CookieYes with Google Tag Manager (GTM) provides a straightforward setup that ensures your tracking is compliant with privacy regulations. It's important to note that this is a basic configuration designed to meet strict data collection standards. For those looking for a more flexible and advanced setup, I plan to cover that in a future blog post.

Step 1: Install CookieYes on Your Website

1. Plugin Installation: If you’re using WordPress, install the CookieYes plugin from the WordPress Plugin Directory.

2. Activate the Plugin: Once installed, activate the plugin and access the settings from your WordPress dashboard.

Step 2: Configure CookieYes Settings

1. Customize the Banner: Go to the CookieYes settings and customize the appearance of your cookie banner to match your website’s design.

2. Cookie Categories: Define the categories of cookies used on your site (e.g., Necessary, Preferences, Statistics, Marketing).

3. Enable GCM: Under advanced settings, enable “Support GCM“.

4. Consent Modes: Disable “Allow Google tags to fire before consent“, ensuring compliance with GDPR and CCPA. This is the most strict way of data collection. For more a more advanced set up, I will post a separate guide.

Step 3: Integrate CookieYes with Google Tag Manager

1. Enable GTM Integration: In CookieYes settings, make sure to enable the integration with Google Tag Manager.

2. Set Up Consent Modes in GTM:

   • Step 1. First, you need to create a new tag.

   • Step 2. Click on Tag Configuration > Discover more tag types in the Community Template Gallery and search for CookieYes CMP.

   • Step 3. Choose the CookieYes template and click Add to workspace >  Add to add the tag.

   • Step 4. Insert the CookieYes website key, set other fields to appropriate values, and save the tag after naming it.

     • Log into your CookieYes account and go to Advanced Settings, then Get Installation Code>Copy Code.

       Copy the website key from the src attribute (e.g. src=”https://cdncookieyes.com/client_data/YOUR_WEBSITE_KEY/script.js”).

   • Step 5. Add default consent setting > “Add Setting“. In the New row tab, disable everything except for Necessary Cookies. Select region or select “All“

   • Step 6. Set a trigger for the tag > Select Consent Initialization – All Pages as the trigger for the tag and click SAVE.

Step 4: Test and Verify

1. Preview Mode: Use GTM’s Preview mode to test the implementation. Ensure that tags are firing correctly based on user consent.

2. Tag Assistant: Use Google Tag Assistant to check if the cookies and tags are firing as expected and that the user’s preferences are being respected.

3. Compliance Check: Verify that your website’s tracking setup is fully compliant with privacy regulations. This includes ensuring that cookies are not set without user consent and that your consent records are accurately logged.

Step 5: Update Your Privacy Policy

1. Transparency: Update your privacy policy to reflect the use of CookieYes and Google Tag Manager. Clearly explain how you collect, use, and manage user data, and provide information on how users can manage their cookie preferences.

Conclusion

Privacy compliance is a critical aspect of running a modern website, especially with regulations like GDPR and CCPA in place. By understanding the differences between cookie banners and consent management systems and following this guide to set up a CookieYes banner integrated with Google Tag Manager, you can ensure that your website is both compliant and respectful of user privacy. Regular audits and updates will help you stay ahead of any changes in privacy laws and maintain the trust of your users.