Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
In this section, you will find information about Consent setup on your website(s) and mobile application(s)
Having the user consent is essential to send sensible information like the IDFA/AAID. To prevent having to manually save the consent asked to the user and manually using it with our SDKs, we created a module helping you do it automatically.
This module will gather the consent and will:
Display a consent page (if needed)
Save consent and reload it every time the application is launched.
Save and check the validity of the consent. The validity duration is set to 13 months.
Send a hit to our servers to record the consent.
Enable or disable the SDK. (if used alongside the SDK ServerSide)
Add the categories automatically to the hits the SDK sends. (if used alongside the SDK ServerSide)
Privacy's Implementation Guide:
https://github.com/CommandersAct/iOSV5/tree/master/TCConsent
Please refer to the subpages for implementation on mobile apps
Steps to implement Consent Module with Adobe Launch.
Commanders Act provides a plug-in to integrate with Adobe Launch. The setup requires technical installation steps.
Following you will find the required steps to implement a standard Commanders Act Consent setup.
Choose the default account configuration mode for your account (see Settings).
Setup your Commanders Act Consent categories & vendors (see Manage Categories).
Create one or multiple banner templates (see Manage Banner).
Deploy your Consent banner templates to the Commanders Act CDN or on premise target (see Deploy Banner).
Implement Commanders Act Consent JavaScript tag (see below)
Manage Adobe Launch tags with Commanders Act Consent (see below).
Delay your Adobe container. Commanders Act creates the consent variables when the privacy javascript file is loaded. You have to delay your Adobe container until Consent is ready otherwise the variables containing the consent status will be undefined.
To delay your container, update your <script>
tags loading your Adobe container in order to execute it after Commanders Act Consent JavaScript tag is loaded.
is replaced by:
The text/javascript script type has to be replaced by text/tc_privacy. In this way, Adobe is loaded only when Commanders Act Consent is ready.
Add the Consent javascript file (if possible, call it before Adobe container and after datalayer):
When Commanders Act Consent is loaded and gets the consent, a variable tcCategoriesConsent is created by Commanders Act Consent in the Adobe datalayer:
This variable contains the ID of the categories accepted by the user and separated by a coma.
You have to declare this variable in Adobe Launch interface, in the Data Elements configuration. From a Property page, open the Data Elements tab, then click Add Data Element, and add "tcCategoriesConsent" variable.
​​If your datalayer is not set in the digitalData object, set the path to tcCategoriesConsent (in this case the variable is created in the window scope: window.tcCategoriesConsent)
Then, you have to create the rules that will fire your tags based on the categories ID accepted by the users. You have to create a separate rule for each category you want to use as a firing condition (ex: "Retargeting category accepted", "Analytics category accepted"...).
In the Adobe Launch interface, open the "Rules" tab and click Create New Rule.
Set a rule based on the previously created tcCategoriesConsent. Ex: if you want to trigger a tag based on the Retargeting category (ID 6), you will have to create a rule "if tcCategoriesConsent contains 6", then the Criteo tag has to be triggered.
Google Consent Mode will evolve in March 2024!
As Google strongly recommends the use of Consent Mode on their tags, Commanders Act has developed a new built-in feature for clients who wish to implement it.
Just use our new native feature for a super smooth implementation! Please read the following documentation to learn more about this new feature, and how to use it. If you have already implemented Consent Mode v1 using our tag template and would like to keep it, you can update it on v2. Please see the following section for instructions: Migration Guide Consent Mode v1 tag template to v2
Please note: Google only requires a validated consent signal only for EEA countries and UK.
Implementing Google Consent Mode in regions beyond may negatively impact campaign performance and is not recommended.
Google Consent Mode provides 2 approaches: Basic & Advanced In both cases, you will have to activate the feature Google Consent Mode on your account. The only difference will be the following: Basic Mode: Google tags aren't triggered before consent & remains submitted to Commanders Act Consent Rules, there will be no tags firing in case of Optout Advanced Mode: Google tags are triggered before consent & the collected data will depend on the Consent Mode Signal. Tags remains fired even when user has Optout.
Just follow these 6 steps:
Login on your workspace
Go on page Data Governance > Consent Management > Settings
Turn On the option Google Consent Mode. The sub-menu "Google Consent Mode settings" will appears
Select your appropriate Privacy category from the drop-down list for each Google's category.
The Default Status will determine the behaviour of your tags BEFORE consent. If set on "denied": Google will collect minimum information (as if the user has Optout) If set on "granted": Google will collect all information (as if the user has Optin) *You should ask to your DPO before to set a "granted" default status for any of theses categories
In all cases: once the user has given his consent (optin or optout), the default status will no longer apply. The user's choice will determine the status after consent.
If you do not set a category, the status will always be "denied". The "Default Status" dropdown menu will no longer be displayed. Example below for "security_storage" with no privacy category assigned:
enable_tcf_support
If you use TCF 2.2 CMP template: TCData update (TCData.enableAdvertiserConsentMode
) allows Google to infer ad_storage, ad_personalization, and ad_user_data settings from the TC string. This will incorporate consent mode v2 updates directly into the TC string.
Enable the feature tcf_support to let your IAB TCF privacy banner manage the advertising categories.
*Google recommends to activate this feature if your website use an IAB TCF banner template
Don't forget to add your Google associated Vendors (see dedicated documentation for more details)
wait_for_update Enabling this optional feature will send a signal to Google's tags to wait for an update. Enter a value in milliseconds to control the waiting time before the data is sent. This can be useful if you are experiencing timing issues. Otherwise, you can leave it blank!
ads_data_redaction set ads_data_redaction to ON to further redact your advertising data when "ad_storage" is "denied"
url_passthrough URL passthrough option can be used to send event and session-based analytics (including conversions) without cookies across pages.
Sources > Privacy Banners > Select your banner(s)
Go at the edition step of your privacy banner, open the settings menu to turn ON Google Consent Mode Signal
The privacy setup is done! You can now Generate and Deploy your Privacy Banner. *At this point, Consent Mode will not affect the behaviour of your tags. Please follow the next steps!
The activation of this option will automatically add an Google Policy URL, it's a legal requirement for using Google Consent Mode on your website. Feel free to adapt your introduction text if needed
To setup the version "Advanced" of the Consent Mode, remove Commanders Act Privacy rules from all the Google tags, now it's managed by Google Consent Mode
Data Governance > Consent Management > Categories
see tab assign tags
- Remove the privacy constraints from Google tags
- Save
For Basic Consent Mode, skip the step 4! Keep your Privacy rules applied on your tags
Go on Sources > WebContainers > generation step
For a single container setup, generate your container with privacy banner(s) included
For a multiple container setup, generate all your containers. The privacy banner(s) must be linked to the first loaded container to ensure that the Consent Mode signal is always sent correctly.
If you was using the Consent Mode v1 tag, don't forget to delete or deactivate it! It's useless now.
What about the triggers ?
The consent mode is compatible with the container loaded trigger. If your Google tags are already set to this, it will work without any trigger modification
But we also provide a custom trigger, if needed! When a Consent Mode signal is sent, our product pushes tC.event.consent_signal_ready You can use it to trigger your tags.
If your site is an SPA, you can keep your tC.event.page/pageview... as trigger for your Google tags. The same goes for your click/scroll tags.
We recommend to test you setup on a UAT environment if possible.
There's 3 different ways to verify your Consent Mode setup:
The easiest way to verify your setup is using the Tag Assistant plugin provided by Google. The "Consent" event should always be sent before any hits from the tags The status "On-page Default" should be the same then the ones you setup at the step 2
After Consent, the "On-page Update" status should correspond to the consent given on the privacy banner
Feel as a developer? You can also look into the console to verify the Google arguments pushed in dataLayer Google.
Type dataLayer
then press Enter
One last method to verify your setup is possible: check into the payload of your hits in the network. The consent status is fed by the "gcd" parameter
gcd
is included in all hits to Google services, even if Consent Mode isn’t active.
It encodes values for four consent signals (ad_storage
, analytics_storage
, ad_user_data
, and ad_personalization
), and it includes information how the consent signal was generated.
The format of the string is this:
&gcd=11<ad_storage>1<analytics_storage>1<ad_user_data>1<ad_personalization>5
The string starts with 11
, uses 1
to separate the different consent signals, and ends with a number like 5
(or sometimes something else) to mark the end.
l
The lowercase L means that the signal has not been set with Consent Mode
11l1p1l1l5
only analytics_storage has been denied by default
p
denied by default (no update)
11p1p1p1p5
all consent states are denied by default
q
denied both by default and after update
11p1q1p1p5
the user updated their consent choice to set analytics_storage to denied after it was already set to denied by default
t
granted by default (no update)
11t1t1t1t5
all consent states are granted by default
r
denied by default and granted after update.
11r1r1r1r5
the user grants consent to all services after they were first denied by default
m
denied after update (no default)
11p1m1p1p5
all other states were denied by default, but analytics_storage was only set after the user denied it
n
granted after update (no default)
11n1n1n1n5
the site did not set a default consent state and instead set all states to granted after the user chose so
u
granted by default and denied after update.
11u1u1u1u5
the user withdrew all consents after they were set to granted by default
v
granted both by default and after update.
11v1v1v1v5
all states were granted by default and by user confirmation
To help you ensure that the consent signal is sent before your Google tags, we offer a method to get logs in the browser console
tC.privacy.explainGCMSequencingValidation()
If the Consent is set before any Google tags triggered, you will obtain the log
'valid sequencing'
If Google tags are triggered before the Consent is set, then your implementation is incorrect. The log will returns the value
'Consent is set too late, Google tags are triggered before consent set. Please verify your Consent Mode sequencing'
Need a boolean value for specific use cases ?
Use tC.privacy.validateGCMSequencing()
Will simply return true
if your sequencing is correct, otherwise the result will be false
If Google tags haven't been fired yet, the result will always be "false". To get a "valid sequencing" result, Google tags must have been fired at least once.
In case of setup modification, such as activation/deactivation of a parameter, mapping changes on categories, etc.... Web Containers & Privacy banners must be regenerated & deployed.
Google Consent Mode allows the consent management only for the declared Region(s) Our native feature does not include this parameter, for web performance reasons. If you need to use this parameter, we recommend using our TMS Tag template. Please refer to the next section of documentation for configuration details.
Still facing trouble shooting on your implementation, and looking for help ? Contact our technical support team ! As a Google CMP partner with a Gold status, we provide a dedicated email support : cact_support_cmp_google@commandersact.com They will ever gave you a personalized reply to your questions!
For customers who has already implemented the Consent Mode v1: You can activate the built in feature as described above (don't forget to deactivate your actual consent mode tag) However, if you really want to keep your actual setup and simply update your tag, then you can refer to this documentation!
Summarizing all recommended steps:
Access your Commanders Act account.
Update your tag template.
Test and deploy your container(s).
Go on page "Sources" > "Web containers"
Select you "Google Consent Mode with Trust" tag.
Update the js code block of your tag with the following code, then save to obtain the new fields
You can do your mapping on the new fields & Save again your tag
Set the by default status of the *new categories (denied or granted)
Enter the ID of your privacy categories to link them with the Google's *new categories
If needed, you can find your privacy ID on the page Data Governance > Consent Management > Categories
Don't forget to save your settings
Go on page Source > Privacy Banners > edition step
LEGAL REQUIREMENT
Add the following link to the Google Consent Mode Policy in your Privacy Center or in your Vendors menu
https://policies.google.com/privacy
Don't forget to generate & deploy your privacy banner(s) once you've made this additional setting.
You can now Generate & Deploy your privacy banner(s)
You are up to date, you can test your settings on your website. Don't hesitate to refer at the test step above to get tips & tricks.
Steps to implement Consent Module with TMS Commanders Act
Consent Module and TMS Commanders Act are natively integrated with each other. This setup requires minimal technical knowledge and can be done entirely in the interface.
Following you will find the required steps to implement a standard Commanders Act Consent module setup.
Choose the default account configuration mode for your account (see Options).
Setup your Consent categories & vendors (see Manage Categories).
Assign your Consent categories & vendors to your Commanders Act Web Container tags (see Assign categories)
Create one or multiple Consent banner templates (see Manage Banner)
Deploy your Consent banner templates to the Commanders Act CDN or on premise target (see Deploy Banner).
Connect your privacy banner templates with Commanders Act Web Container and implement rules for which the banner should be played out (see below).
To deploy a Consent banner with the Commanders Act TMS it needs to be linked to a container. Commanders Act TMS can then be use to implement detailed rules for which a Consent banner is shown to visitors.
Implement rules to display Consent banners
Sources > Overview > Web Containers > tab RULES > Privacy Banners Constraints​
In Commanders Act TMS it is possible to provide exact conditions to decide when each of the linked privacy banners should be shown to visitors. Typical use cases consist of:
Implement different banner for different languages or regions
Avoid to deploy the banner on legal pages (privacy policy) so that users can read them before providing consent.
Implement AB test for two banner designs.
You can create constrains under the PRIVACY BANNERS
section to define under which conditions a privacy banner should be shown. Privacy banner constraint work the same way as tag constraints. Please reference constraints in the Web Container documentation for more information.
You have to first deploy a banner to the Commanders Act CDN or on premise location before being able to configure constraints (see Deploy Banner).
Sources > Overview > Web Containers > tab GENERATE
Commanders Act TMS makes it easy to implement Consent banner on websites. To link a privacy banner with a Commanders Act TMS container it just has to be activated in the GENERATE
tab with the ACTIVATION
checkbox. This installs the selected privacy banner in the generated container version.
You have to first deploy a banner to the Commanders Act CDN or on premise location before boing able to link it (see Deploy Banner).
All web containers of your website should be re-generated and deployed when installing a new privacy banner.
The OnSite API allows you to reload your container(s) on consent, manage behaviour or create custom variables/rules!
You can find the full list of commands in the dedicated section.
To reload your web container(s) on user consent, here's a sample code that you can use in the custom js block of your privacy banner, or directly in your web containers
Steps to implement Commanders Act Consent Module with Google Tag Manager.
Commanders Act provides a tag template to manage the "Consent Mode" in Google Tag Manager. This seamless integration takes advantage of our Commanders Act OnSite API.
Please note: Google only requires a validated consent signal only for EEA countries and UK.
Implementing Google Consent Mode in regions beyond may negatively impact campaign performance and is not recommended.
Summarizing all recommended steps:
Access GTM.
Select your "Web" type container.
Add our tag template from the "Community Template Gallery".
Configure the related tag and its trigger.
Configure your third-party vendor tags.
Test and deploy your container.
Following the above steps, adding our template "Commanders Act CMP" from the Google "Community Template Gallery", you're presented with the following "Tag Configuration" which is the core area where you can manage your consent needs with GTM:
First, you need to input your consent category identifiers for the following 7 categories: Ad Storage
, Analytics Storage
, Functionality Storage
, Personalization Storage
, Security Storage
, Ad User Data
and Ad Personalization
. You can define/find these identifiers by logging in to our platform and follow the section:
(A)
"Data Governance" → (1)
"Consent Management" → (2)
"Categories".
Your identifiers are shown between round parentheses (see highlighted in green below):
If you have sub-categories with the same scope of the five defined by Google, you need to use their ids instead of the main category ones. You can also rename your categories or change their ids by checking the subsection "Managing categories".
If your CMP loads asynchronously, it might not always run before your GTM container. That’s why you have the option to set a "Wait for update" value in milliseconds to control how long to wait before data is sent. This field is optional and its default value is 0. In case you need to set it, we recommend starting from the base value of 500 milliseconds.
You also need to set the default status, for each of the 7 categories, before users interact with your privacy banner and taking into account region-specific behavior. This is done by clicking the "Add Row" button and selecting either "Denied" or "Granted" to match with your input regions and/or sub-regions.
Ensure that your default command accounts for regional variations in your consent strategy. For more information on customizing the default command, you can see Google’s documentation here.
To make sure that the consent is correctly managed by GTM with third-party vendor tags, we strongly recommend to enable reactive events. Turn on the (3)
"Advanced Features", (4)
"Activate Reactive Events" and (5)
"Activate [Storage-Name] Reactive Event" for each [Storage Name] you're using. Finally, enter their (6)
"Event Name". These events will be used in the next section when configuring your third-party vendor tags.
You also have the option to directly inject your CMP script by turning on the (7)
"Advanced Features", (8)
"Inject CMP Script" and input your (9)
"URL".
Disabling the default consent may come handy when you don't want to use the Consent Mode.
This is done by turning on the (10)
"Advanced Features" and (11)
"Disable Default Consent".
As the last step, you need to select the "Consent Initialization - All Pages" trigger in the "Triggering" lower area:
If your banner is hosted on your servers (on premise) or if you use our CDN 1st party feature, then you need to update the Permissions of the template.
Simply add your host URL in the tab "Injects scripts" (see block "allowed patterns").
While Google native product tags, such as "Google Analytics" or "Google Ads" ones, work out of the box, third-party vendor tags require additional settings to properly operate with the user consent. First, open your tag configuration and check under the (12)
"Advanced Settings" and (13)
"Consent Settings" if a consent type (E.g. "ad_storage") is already preconfigured, if not you need to add it by selecting the option (14)
"Require additional consent for tag to fire" and (15)
input the consent type(s) you want to include.
Then, you need to configure its triggers and this is where we're going to use our reactive events we prepared in the previous section. Locate the "Triggering" area in your tag configuration and add a "Trigger Group".
In the trigger group add (16)
any preexisting triggers and (17)
a trigger named as your configured reactive event.
The latter has to be configured as a (18)
"Custom Event" with the same (19)
"Event Name" you used in the previous section and it has to fire on (20)
"All Custom Events".
This completes your configuration. You can now start the testing phase, leading to the final deployment in production. Learn more on how you can configure and run tests with your tags in GTM by checking the section "Consent configuration" in the "Help Center". You can also read the page Consent Mode setup provided by Google for Developers
Look our "Test your configuration" page for debbuging hints!
Having the user consent is essential to send sensible information like the IDFA/AAID. To prevent having to manually save the consent asked to the user and manually using it with our SDKs, we created a module helping you do it automatically.This module will gather the consent and will:
Display a consent page (if needed)
Save consent and reload it every time the application is launched.
Save and check the validity of the consent. The validity duration is set to 13 months.
Send a hit to our servers to record the consent.
Enable or disable the SDK. (if used alongside the SDK)
Add the categories automatically to the hits the SDK sends. (if used alongside the SDK)
Privacy's Implementation Guide:
Steps to hard code Commanders Act Consent on websites.
Commanders Act Consent can be directly integrated with websites. The setup requires technical installation steps.
Following you will find the required steps to implement a standard Commanders Act Consent setup.
Choose the default account configuration mode for your account (see ).
Setup your Commanders Act Consent categories & vendors (see ).
Create one or multiple banner templates (see )
Deploy your Commanders Act Consent banner templates to the Commanders Act CDN or on premise target (see ).
Install Commanders Act Consent JavaScript tag (see below)
Manage onsite tags with Commanders Act Consent (see below).
To hard code Commanders act Consent on websites you need to add following JavaScript code to your website. This snippet should be added to the <head>
of your website.
{{ privacy_tag_url }}
has to be replaced with your privacy JavaScript tag URL. This URL can be found in the GENERATE & DEPLOY
tab of each privacy banner.
If, for some specific reasons, you cannot use our OnSite API, there's an alternative approach.
Commanders Act can manage onsite JavaScript tags by wrapping them in a script tag with a custom MIME type.
This approach only works when you install Commanders Act Consent tag in the <head>
of the document (e.g. not when injecting the Commanders Act Consent tag via Google Tag Manager)!
This Commander Act wrapper does only fire that wrapped JavaScript code in case a visitor provided consent for the specified privacy category ID.
The <script>
has to have type="text/tc_privacy"
.
{{ tag_javascript_code }}
has to be replaced with the JavaScript code of the tag you want to manage with Commanders Act Consent.
{{ vendor_id }}
has to be replaced with the vendor ID of the vendor related to the tag (Only available when native vendors are activated for the account).
Following examples shows how you would manage a Criteo Tag based on a Consent category named "retargetting".
"Retargetting" was assigned to sub-category ID 6. In case a sub-category is used you should never use the main category (2 in this case) to manage tags.
The Tag wrapper for the Criteo JavaScript tag might look like this (example shortened):
Since April 2021, Apple requires that your app provide a transparency popup to ask user permission for tracking, beginning with iOS 14.5 () and the .
Before attempting to use the IDFA from an iOS device, you must first display the ATT tracking permission alert, according to Apple's guidelines. If permission is not requested or if the user declines, the IDFA will be unavailable to your app and any embedded third-party SDKs. Third-party SDKs may not function properly in this case.To really complies with both Apple and GDPR requirements, you must open the ATT popup to get user permission as well as open CMP popup to get user consent for GDPR purpose. ATT isn't currently compliant with the IAB TCF or with GDPR prerequisites, so it can't be utilized as the lone consent collection system and should be utilized with the Commanders Act CMP.
From customer's experiences, the most accepted solution by Apple is to :
Open the ATT popin
Depending of user's choice on ATT :
if the user choose to allow the tracking, then open the TrustCommander popin to collect the consent
If the user refuse the tracking in the ATT popin, the user has to be considered as optout without opening the TrustCommander popin
For some customer's this solution worked also :
Open the Commanders Act Consent popin
Whatever the consent, open the ATT popin just after
This setup offers the advantage of allowing the user to consent certain purposes whatever his choice regarding the popin ATT tracking. Neverthe less this implementation is some time refused by some Apple reviewers
We recommend to use our , to trigger your tags only if user has accepted the related category. If you are looking for your categories ID's, please refer to the section ''
{{ category_or_subcategory_id }}
has to be replaced with the category or sub-category of the Commanders Act Consent category that should manage this tag (see ). Be careful when you create sub-categories associated to a category: you have to enter the sub-category ID in the attribute, not the category ID, as the user will be able to activate or deactivate only sub-categories and not the main category in the banner:
To go further, here a for France customers the position of the competition authority on this subject:
Google recommends that GTM customers use our "Commanders Act CMP" This template includes the Google Consent Mode feature.
For further information, please read the documentation Google Tag Manager (GTM) - Consent Mode
In this section, you will find a complete guide to integrate Commanders Act Consent banners in your Google Tag Manager
Enclosed you'll find two sample configuration files, a very simple setup that you'll need to reproduce you'll need to reproduce on your site. The first and most common configuration is the gtm_category_template.json, a category-based configuration (example with only 1 category). The other possibility is a vendor-based configuration, with only the Cact allows Statistical variable changing in gtm_partner_template..json.
In GTM, create a new account so as not to overwrite your current configuration.
In this new test account, go to Admin, then on the right side of the screen click on Import Container and select the file attachment gtm_category_template.json
Observe the configuration to constrain a simple Google Analytics page view tag
"Google Analytics Page view" is only a basic tag example, "Cact consent given Statistical" trigger is applied on
"Consent Cact - Start" tag refers to the "Consent Banner - URL" variable, and is the tag that "activates" the privacy module* and is the only tag that will be triggered with a simple All pages trigger. All other tags must have a trigger that includes the user's consent. *if you need more information about setup of your Consent banner, you can read our Consent management starter kit documentation)
"Cact consent given Statistical" which triggers the page view tag as soon as the user has given consent on a first visit. consent has been given by the user on a first visit. The page view hit from consent pushes a tcConsentChanged event in GTM's dataLayer for each interaction with the privacy module
Trigger name
Cact consent given Statistical
Trigger Type
CUSTOM_EVENT
Event name
Cact allows Statistical
This trigger fires on
When the user interact with the consent banner and on each page view
"Cact consent given Statistical" is an arbitrary name, you can call it "Consent on page view for Analytics" or "Consent Analytics".
It is dedicated to a specific category, you will need to create "Cact on page view Advertising" and/or "Consent on page view Functional" for example, depending on your needs.
"Cact consent given Statistical" should also be reproduced and adapted for your other categories and coupled with custom triggers
The trigger should therefore refer to the variable for its category and trigger the associated tag if it returns "allowed"
"Cact - User consent": will return different values, depending of user consent choice (no_consent, optout, all_consent or the list of consent categories IDs accepted by the user)
"Cact allows Statistical": return "allowed" or "refused", depending of the choice of the user *Don't forget to personalize the ID with the value of your own setup on the Commanders Act Platform
"GA4 - ID": Change this value by your own GA4 - ID
"Browser language": will detect the browser language, do not modify this variable. It will be helpful if you have a multi-language website
"Consent banner - URL": to be personalized with the your Consent banners url.
To obtain your privacy banner url, go on the page Sources > Privacy banners > Deploy
You can also have a look on this page for more information
To make your tags are submitted to user consent, you need to verify consent in each of your triggers