OneTrust and Google Tag Manager Integration
Table of Contents
- Problem Description
- Common Causes
- Step-by-Step Configuration
- Common Configuration Issues
- Advanced Configuration
- Troubleshooting Checklist
- Testing Your Setup
- Still Having Issues?
- Related Documentation
Problem Description
Google Tag Manager (GTM) is supposed to respect OneTrust consent preferences, but tags are firing regardless of user consent choices. Analytics, marketing, and other tracking scripts are running even when users haven't given permission.
Common Causes
1. OneTrust Not Set for Automatic Blocking
OneTrust is configured to only show the banner without actually blocking scripts.
2. GTM Consent Mode Not Configured
Google Tag Manager isn't properly configured to use OneTrust consent signals.
3. Missing Consent API Integration
The connection between OneTrust and GTM isn't properly established.
4. Incorrect Trigger Configuration
GTM triggers aren't set up to check consent status before firing tags.
Step-by-Step Configuration
Step 1: Verify OneTrust Automatic Blocking
-
Navigate to OneTrust Admin Panel
- Go to
Admin→Data Governance→Cookie Compliance - Or use:
https://yourcompany.onetrust.com/app/admin/
- Go to
-
Check Script Blocking Settings
- Go to
Scripts→Script Management - Verify that "Automatic Script Blocking" is enabled
- Check that scripts are properly categorized
- Go to
-
Verify Cookie Categories
- Go to
Cookies→Cookie Inventory - Ensure cookies are assigned to correct categories
- Verify blocking rules are set for each category
- Go to
Step 2: Configure GTM Consent Mode
-
Enable Consent Mode in GTM
- In GTM, go to
Admin→Container Settings - Enable "Consent Mode"
- Set default consent to "denied" for all purposes
- In GTM, go to
-
Configure Consent Types
- Go to
Tags→Consent Mode - Set up the following consent types:
analytics_storagead_storagefunctionality_storagepersonalization_storagesecurity_storage
- Go to
Step 3: Set Up OneTrust-GTM Integration
- Create OneTrust Consent Variables
- In GTM, go to
Variables→New - Create a custom JavaScript variable:
- In GTM, go to
function() {
// Check if OneTrust is loaded
if (typeof OneTrust !== 'undefined') {
return {
analytics: OneTrust.IsAlertBoxClosed() && OneTrust.IsAlertBoxClosedAndValid(),
marketing: OneTrust.IsAlertBoxClosed() && OneTrust.IsAlertBoxClosedAndValid(),
functionality: OneTrust.IsAlertBoxClosed() && OneTrust.IsAlertBoxClosedAndValid(),
personalization: OneTrust.IsAlertBoxClosed() && OneTrust.IsAlertBoxClosedAndValid()
};
}
return {
analytics: false,
marketing: false,
functionality: false,
personalization: false
};
}
- Create Consent Triggers
- Go to
Triggers→New - Choose "Consent Initialization - All"
- Set up triggers for each consent type
- Go to
Step 4: Configure Tag Triggers
-
Update Existing Tags
- For each tag that should respect consent:
- Go to
Tags→ Select the tag - In "Triggering", add the appropriate consent trigger
- Example: Analytics tags should only fire when
analytics_storageconsent is granted
-
Set Up Consent Overrides
- In tag settings, go to "Advanced Settings"
- Enable "Consent Settings"
- Select the appropriate consent types
Step 5: Test the Integration
-
Preview Mode Testing
- Use GTM Preview mode
- Check that tags only fire with proper consent
- Verify consent state changes when banner is interacted with
-
Browser Console Verification
- Open DevTools → Console
- Look for OneTrust consent events
- Check GTM consent mode status
Common Configuration Issues
Issue 1: Scripts Still Firing
Cause: Tags not configured with consent triggers Solution: Add consent triggers to all tags that should respect user choices
Issue 2: Consent State Not Updating
Cause: OneTrust events not properly connected to GTM Solution: Verify OneTrust script is loaded before GTM and events are firing
Issue 3: Default Consent Too Permissive
Cause: GTM default consent set to "granted" Solution: Set default consent to "denied" for all purposes
Advanced Configuration
Custom Consent Events
If you need more granular control, create custom events:
// In OneTrust script
window.dataLayer = window.dataLayer || [];
window.dataLayer.push({
'event': 'consent_update',
'consent_state': {
'analytics_storage': OneTrust.IsAlertBoxClosed() && OneTrust.IsAlertBoxClosedAndValid(),
'ad_storage': OneTrust.IsAlertBoxClosed() && OneTrust.IsAlertBoxClosedAndValid()
}
});
Consent State Persistence
Ensure consent state persists across page loads:
// Check for existing consent
const existingConsent = localStorage.getItem('OneTrustConsent');
if (existingConsent) {
// Update GTM consent mode
gtag('consent', 'update', JSON.parse(existingConsent));
}
Troubleshooting Checklist
- OneTrust automatic blocking is enabled
- GTM consent mode is enabled
- Consent types are properly configured
- OneTrust-GTM integration variables are set up
- Tags have appropriate consent triggers
- Default consent is set to "denied"
- Consent events are firing properly
- No JavaScript errors in console
Testing Your Setup
-
Clear Browser Data
- Clear cookies and local storage
- Refresh the page
-
Check Initial State
- Verify no tracking scripts load initially
- Check GTM consent mode shows "denied"
-
Accept Consent
- Accept all cookies in OneTrust banner
- Verify scripts now load properly
-
Deny Consent
- Deny cookies and refresh
- Ensure scripts remain blocked
Still Having Issues?
If the problem persists:
-
Check OneTrust Logs
- Look for consent events in OneTrust admin
- Verify script blocking is working
-
GTM Debug Mode
- Enable GTM debug mode
- Check consent state in real-time
-
Browser Extensions
- Disable ad blockers and privacy extensions
- Test in incognito/private mode