cookie tracking in banner with GA

SOLVE
Highlighted
HubSpot Employee

Hi there, posting this on behalf of a customer: 

 

We have a problem: while the cookie banner is displayed, it will not block all the site's advanced scripts that potentially collect user data. Only when the user has given his consent(s) through an active action, such as setting check marks in the banner clicking on a button, the data processing requiring consent may actually take place (ensured by technical measures). 

 

They are looking for a customized way to use all these scripts at once, while being GDPR compliant, so that declining the initial cookie banner would make sure that no scripts are loaded against user will. 
Suggested solution was something as described by the end of this former post: https://integrate.hubspot.com/t/issues-in-hubspot-customized-tracking-code/10850/6

1 Accepted solution

Accepted Solutions
HubSpot Moderator

Hi, @cbaumert.

 

With @rick_hubspot's help, I believe I better understand your question.

 

If you wish to only fire external scripts like Google Tag Manager, Google Analytics, etc. after a visitor has granted consent, you can leverage the addPrivacyConsentListener method Derek cites in this post.

 

I just tested this script and it worked for me. My GTM script was not loaded until after I consented to cookie tracking:

 

var _hsq = window._hsq = window._hsq || [];
_hsq.push(['addPrivacyConsentListener', function(consent) {
console.log("Consent has been granted.");
(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
})(window,document,'script','dataLayer','GTM-MY-GTM-ID');
console.log("GTM-MY-GTM-ID was triggered.");
}]);

Isaac Takushi

HubSpot Developer Support
Reply
0 Upvotes
5 Replies 5
Regular Contributor

We are not looking for an individual solution but for a basic solution. to act dsgvo compliant may not be tracking until the cookie banner is approved. Hubspot therefore urgently needs to find a solution to prevent tracking.

Reply
0 Upvotes
HubSpot Moderator

Hi, @cbaumert.

 

To clarify, is your primary concern that HubSpot fires some of its own scripts before visitors approve cookie tracking? Do you believe this to be non-GDPR compliant?

 

I cannot offer legal advice, however the HubSpot Legal team approved this GDPR Playbook, which states that "Personal data [under GDPR] is anything identifiable." The document asserts anonymized analytics do not constitute personal data and can be retained even after a GDPR-compliant delete.

 

The scripts which trigger before the banner collect these anonymized analytics. This data will not be associated with a contact record unless the visitor explicitly approves cookie tracking. The HubSpot Legal team believes this type of behavior complies with the GDPR legislature.

 

I will share your feedback internally, but there are no immediate plans to overhaul the behavior of the cookie consent banner.

Isaac Takushi

HubSpot Developer Support
Reply
0 Upvotes
HubSpot Moderator

Hi, @cbaumert.

 

With @rick_hubspot's help, I believe I better understand your question.

 

If you wish to only fire external scripts like Google Tag Manager, Google Analytics, etc. after a visitor has granted consent, you can leverage the addPrivacyConsentListener method Derek cites in this post.

 

I just tested this script and it worked for me. My GTM script was not loaded until after I consented to cookie tracking:

 

var _hsq = window._hsq = window._hsq || [];
_hsq.push(['addPrivacyConsentListener', function(consent) {
console.log("Consent has been granted.");
(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
})(window,document,'script','dataLayer','GTM-MY-GTM-ID');
console.log("GTM-MY-GTM-ID was triggered.");
}]);

Isaac Takushi

HubSpot Developer Support
Reply
0 Upvotes
New Contributor

Hello Isaac,

 

This is exactly the solution I'm looking for... I'm not a developer, so where would this script go to make it work? Would it be implemented in the header above the GTM header code on all pages? (I see where the GTM ID goes in your script, I've got that, it's just where this piece of script needs to go where I'm a little out of my element)

 

Thank you!

 

Reply
0 Upvotes
HubSpot Moderator

Hey, @tgr3gory.

 

Happy to help.

 

You'd actually move your GTM and GA codes inside the privacy consent listener so that they only fire when consent is granted. If your scripts exist outside the code below, they'll fire even if consent isn't granted Smiley Wink

 

var _hsq = window._hsq = window._hsq || [];
_hsq.push(['addPrivacyConsentListener', function (consent) {
	// All of your codes go in here. You can place this wherever you want on your site, but the header is a common placement.
}]);

Isaac Takushi

HubSpot Developer Support
Reply
0 Upvotes