I have a question about consent settings: Do we need to apply these settings only to the base configuration tags, or do all event tags require them as well? When I read online materials, I found mixed answers. Some suggest that tags with built-in consent handling don’t need additional tweaks.
Until now, my understanding was that for Google tags, we need to select the “No additional consent” option since they already have built-in consent handling, whereas for non-Google tags, we need to apply consent under the Additional Consent Checks. However, one of my clients mentioned that consent configuration is only needed for the base (installation) tags for non-Google platforms (e.g., social media platforms).
So, I’m curious about tags for platforms like Facebook or TikTok. Should I focus solely on preventing the base configuration tag from firing until ad_storage is allowed, or do individual social media conversion tags, such as the Facebook Purchase tag and TikTok Purchase tag, also need separate consent settings?
Your guidance on this would be greatly appreciated.
You need to apply consent to all tags. Even if you block the initialisation tag, but the event tags continue to work - they can still send data (in the case of some platforms) and set cookies. So the best practice is to apply consent settings on all tags.
Also note that the built in GA4 and Google ADS consent works fine, but some lawyers believe this violates GDPR or any local laws. This seems to be due to the fact that GA4 and Google ADS work in a cookie-less ping format when the consent is rejected, i.e. they continue to send data even though it is not actually displayed anywhere, but is used for consent modelling.
And also note that displaying that a tag has a consents check does not mean that the tag will block when consents are rejected, it just means that the tag is accessing consents statuses. For example, Data tag has this designation, but only because Data tag has a function to send the status of a consent.
Thank you so much, @Alex
My takeaway is that all non-Google tags should have consent settings applied to both base and event tags.
For Google tags, since they send cookie-less pings with advanced setups (which can be debatable in EU regions), even though they have base consent by default, I should add them under Additional Consent to prevent the tags from sending cookie-less pings—especially when dealing with EU sites or similar applicable cases.