Cookies Compliance GDPR

Google Tag Manager and Cookie Consent [Explained]

May 28, 2025 | Time to read 10 min read
Google Tag Manager and Cookie Consent [Explained]
By purchasing through the links on this page, you are giving us the opportunity to earn a commission. Your support is greatly appreciated!

Google Tag Manager (GTM) is a free tool for managing marketing and analytics tags without coding. It also helps manage your website cookies, ensuring your GTM tags that use third-party cookies comply with GDPR requirements.

Cookie law compliance is essential for building user trust and avoiding hefty fines. Keep reading to learn Google Tag Manager cookie consent requirements under GDPR and how to implement it on your website.

Get GTM-compliant cookie consent on Shopify
CheckmarkOne-click setup
CheckmarkFree plan available
Try TinyCookie

Google Tag Manager doesn’t require cookie consent because the tool doesn’t use cookies. However, the tracking tags added through GTM may contain third-party cookies. For example, platforms like Google Analytics or Hotjar track user behavior, so obtaining user consent from site visitors is necessary.

To ensure GDPR compliance, you should configure Google Tag Manager tags to load only if the user gives consent. That’s where Google Consent Mode V2 comes into play. It helps you control when and if tags fire based on what the user chooses.

Although Google Tag Manager doesn’t use cookies by default, some of the tags that website owners deploy through GTM, like those for advertising, may set cookies. This makes it essential for websites to comply with privacy laws like the GDPR and obtain consent.

One of the features that helps GDPR cookie consent management on GTM is Google Consent Mode. It helps communicate user consent preferences to tags and adjust how the tags behave accordingly.

However, Consent Mode doesn’t block tags entirely and rather adjusts their behavior so that only basic measurements and no personal data is collected.

To set consent check rules for a tag, you should open GTM, head to Tags, click the tag you want, press the Edit icon by “Tag Configuration” and head to Advanced Settings. Here, you can set Consent Mode preferences in Consent Settings.

Google Tag Manager Consent Settings

Google Consent Mode is supported by many Google services, including Google Ads, Google Analytics, Conversion Linker, and Floodlight. However, many third-party services, including Hotjar, Facebook Pixel, and LinkedIn, can also be set up to work with it.

Does Google Tag Manager comply with GDPR regulations?

Google Tag Manager doesn’t ensure GDPR compliance inherently, but it can be set up to adhere to privacy law requirements. So, if your website uses tags that collect personal data, under GDPR, you must:

  • Obtain informed user consent (that involves affirmative action) for the use of cookies
  • Block any non-essential cookie usage before consent is given
  • Inform users about the purpose of data collection and the types of cookies used
  • Use clear and simple language so that all users can understand what they’re agreeing to
  • Record user consent safely for proof of compliance

GDPR requirements are only applicable to websites that collect or process the personal data of European Union (EU) residents. This includes all companies, even the ones based outside of the EU.

How to comply with cookie laws using Google Tag Manager?

Complying with GDPR and the ePrivacy Directive while using Google Tag Manager is quite straightforward if you know what to do. Here are the main requirements:

  • Get a Consent Management Platform (CMP). Use a Consent Management Platform (CMP) to help gather user consent preferences before you fire any tags. For example, TinyCookie automatically records user consent and blocks cookies for users who haven’t consented.
  • Audit tags. Review all of your tags in GTM and note down which ones use cookies. Take into account the categories of cookies these tags are using, such as essential, marketing, or performance, to understand user consent requirements.
  • Implement Consent Mode V2. Google Consent Mode V2 helps Google tags, like Google Analytics, Google Ads, and Conversion Linker, adjust behavior based on user consent. That’s why you need to use a cookie banner that’s integrated with Consent Mode.
  • Set consent settings. Go to the advanced settings of each of your tags and specify what consent types it depends on. This can be consent checks like ad_storage or ad_personalization. For more control over third-party tags, you can create consent variables like analyticsConsent = true to register consent choices and set custom triggers.
  • Test your tags. Go to the Preview and Debug mode of Tag Manager and verify that tags fire only if consent is granted. The only exceptions are tags with essential cookies – these don’t require consent under GDPR because they’re strictly necessary for the website to function.
  • Add a cookie banner with granular consent. Adopt a cookie banner that lets users easily choose whether they want to accept all, partially accept, or reject all cookies. Additionally, provide your site visitors with an option to checkmark which cookies they want to accept.
Adopt a free cookie banner on Shopify

How to implement Google Tag Manager with TinyCookie CMP

To ensure your company complies with privacy laws like the GDPR while using Google Tag Manager, you can use the TinyCookie consent management platform on Shopify. Here’s how to implement GTM to work with TinyCookie:

1. Install TinyCookie on Shopify and follow the setup instructions.

2. Go to Shopify Admin > Online store > More (...) > Edit code > theme.liquid. Make sure your scripts are ordered in the <head> section as follows: Google Consent Mode (1) and Google Tag Manager (2). It should look something like this:

GTM and Consent Mode code

3. Make sure your GTM and Consent Mode scripts are marked with data-cookieconsent=”ignore” to prevent them from being auto-blocked.

4. Go to your GTM account and set custom triggers that will fire based on custom events, including cookie_consent_preferences, cookie_consent_statistics, and cookie_consent_marketing.

You can find the detailed tutorial in our guide on how to implement Consent Mode with TinyCookie on Shopify.

Implement Google Consent Mode on Shopify
CheckmarkCustomizable cookie banner
CheckmarkFree plan available
Try TinyCookie free
× Enlarged Image

Frequently asked questions

No, the Google Tag Manager doesn’t use cookies itself. It can only view the first-party cookies that your website has set. However, GTM can load tags that may use third-party cookies and place it on the user’s device.

Yes, Google Tag Manager can read the first-party cookies set by the website on a user’s device. A website owner can create a variable so that GTM can read the value of a specific cookie. For example, you can document whether users have given consent and control which tags fire based on it. Please note that if your website uses cookies, you’re required to get cookie consent from users.

Yes, Google Tag Manager can affect your website performance, user experience, and SEO if it’s not optimized correctly. To prevent poor loading times, audit your tags, remove unnecessary ones, and load tags based on their performance instead of all at once.

About the author
Kristina Jaruseviciute
Kristina Jaruseviciute
Kristina is a Senior Writer at TinyCookie, where she specializes in providing educational content for readers interested in web cookies and compliance. She covers an extensive scope of subjects, from cookie types, definitions, and tutorials to compliance tips for website owners.