Developer forum

Forum » Swift » GTM is blocked by DW's CookieManager

GTM is blocked by DW's CookieManager

Roald Haahr
Reply

Hi,

In the three master templates in Swift, there is a variable by the name allowTracking which determines whether GTM will be loaded based on the CookieManager. As I understand it GTM should be loaded when cookies are denied, so can this be changed? If e.g. a project is supposed to use Cookiebot rather than DW's CookieManager and Cookiebot should be loaded through the GTM container, this approach will not work, as GTM will never be loaded if the CookieManager is disabled. 

bool allowTracking = cookieOptInLevel == CookieOptInLevel.All || (cookieOptInLevel == CookieOptInLevel.Functional && CookieManager.GetCookieOptInCategories().Contains("Statistical"));

...

 @* Google tag manager *@
 @if (!string.IsNullOrWhiteSpace(googleTagManagerID) && allowTracking)
 {
 <script>
 (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
 new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
 j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
 })(window, document, 'script', 'dataLayer', '@(googleTagManagerID)');
 function gtag() { dataLayer.push(arguments); }
 </script>
 }

Replies

 
Nicolai Pedersen Dynamicweb Employee
Nicolai Pedersen
Reply

Yes it will not load GTM before cookies has been accepted and consent has been obtained.

You are correct that the Google Tag Manager (GTM) itself does not set cookies, but it can transmit cookies through the tags used within it. The transmission of the IP address and browser fingerprint to Google also constitutes data processing under the GDPR.

Under the GDPR, data processing requires a lawful basis, such as consent or legitimate interest. While it is still unclear whether the use of GTM requires consent or falls under legitimate interest, the recent ruling by the Wiesbaden Administrative Court suggests that obtaining consent for the use of GTM is the safest approach for ensuring GDPR compliance.

Therefore, it is important to carefully consider the way in which GTM is used and whether consent is necessary to ensure GDPR compliance.

I know it is a grey area and has tons of different opinions and interpretations. We just have to be sure to be compliant why we have chosen this approach. GDPR is one thing, which is the current problem with GTM, and cookie legislation the other thing (Where GTM itself is not an issue as it does not set cookies)

Our cookiebanner will not always be cookie directive compliant if you do not ensure to wrap loading of external tracking scripts correctly - and create the right list of cookies.
On the other hand, Cookiebot will only block client side cookies and not cookies set by Dynamicweb unless you ensure CookieOptin call to Dynamicweb in your cookiebot implementation.

So to create a 100% correct implementation you have to first obtain GDPR consent to load GTM, then take care of cookies.

I know most say they wanna follow rules when really they don't.

I think what we can do is to just load tracking if our cookiemanager is disabled. 

BR Nicolai

 

 
Roald Haahr
Reply

Hi Nicolai,

We have added the piece of code shown below to the Swift master template to fix a similar problem. As it is right now, DW's cookie manager is disabled on the project in question, but that probably means that the DW cookies are loaded. So if we were to enable DW's cookie manager and add a custom cookie template that is empty, I imagine the problem is solved. By doing this, we will not see any cookie prompt from DW and the DW cookies will not be accepted until cookies are accepted in the Cookiebot prompt. Any thoughts on this solution?

I realize that it might be better to move the script below to the custom cookie template to avoid adding custom code to the standard Swift master template.

Kind regards
Roald

 

<script>
    window.addEventListener('CookiebotOnAccept', function (e) {
        if (Cookiebot.consent.statistics) {
            const xhr = new XMLHttpRequest();
            var baseUrl = '@System.Web.HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Authority)';
            var requestUrl = baseUrl + '/admin/public/CookieOptInLevelConfig.aspx?cmd=SetCookieOptInLevel&OptInLevel=2';
            xhr.open("GET", requestUrl);
            xhr.send();
            xhr.onload = function (e) {}
        }
    }, false);
</script>
 
Nicolai Pedersen Dynamicweb Employee
Nicolai Pedersen
Reply

I think what you propose is as correct as it can be.

The script can be moved to the 'empty' template - or just a JS file that you load from CustomHeaderInclude template if that suits you better.

 

You must be logged in to post in the forum