Anonymous tracking with Google Tag Manager with a third party cookie consent manager

Data collection and tags
1

Hey Piwik community :v:

What is the recommended way of setting up Piwik with GTM with a third-party consent manager where you by default track users anonymously without cookies but when they confirm analytics tracking cookies are used.

My impression is that you should:

Turn “Use a session ID” and “Use visitor cookies” off in the Piwik administration settings.

Then, you load the Piwik snippet from GTM on every pageview and that will automatically respect these privacy settings.

And then when users opt into tracking you can use
_paq.push([‘deanonymizeUser’]);
To inform Piwik to write/read cookies.

But I’m wondering how this works on subsequent pageviews. Should we call _paq.push([‘deanonymizeUser’]); on every single subsequent pageview?

Or does Piwik “read" cookies even if it’s in “anonymised” mode and see that cookies are set and automatically move out of anonymous mode? In other words - is deanonymizeUser stateful?

And if it is NOT stateful should it be added:

  • Before the pageview (In the init somewhere?)
  • After the pageview on each page (Does this double the events sent to Piwik and incur additional costs?)

Cheers, loving your product and what you guys are doing.

Related topics:

2

Hi. Glad to see that you like Piwik PRO. :slight_smile:

Piwik PRO Tag Manager is a product that controls all aspects connected with consents and setting proper anonymous tracking mode. My recommendation would be to use our Tag Manager and integrate it directly with 3rd party CMP.

We have a ready to use guide for Cookiebot, others such as Onetrust or Didomi are in the works. There is also a generic guide on how to set it up.

If you really don’t want to use the integrated tag manager, there are also other options. For my example, I’ll use a setup with anonymous tracking enabled with the use of Session ID.

  1. Use Session ID and Use Visitors Cookies should remain enabled to make sure that our backend uses those mechanism. We’ll be controlling those settings from JavaScript level.
  2. If there’s a valid consent, a standard analytics code is loaded. Here’s an example: No Piwik PRO Tag Manager: install a tracking code | Piwik PRO help center
  3. If there’s no consent, we have to reconfigure this code a bit to make sure that we don’t set and send any cookies nor store IP addresses on the backend.
    _paq.push(['setUserIsAnonymous', 1]);
    _paq.push(['disableCookies']);
  1. The moment a consent is granted, you can call the following methods:
    _paq.push(['enableCookies']);
    _paq.push(['deanonymizeUser']);

Note: be aware that those settings will be applied only until the moment when you trigger a full page refresh. After fully refreshing page, you should already have consent-related data available and based on that you can simply skip the two lines of code from point 3. The tracking code would work in the default mode then, meaning that cookies are enabled and IP addresses can be sent to the backend.

3

Hey, thanks for the detailed reply.

So, what I’ve done now is that I’ve created three tags that fire based on the consent state.

Pageload + Statistics cookie: (Piwik + consent)

<script type="text/javascript">
    var _paq = _paq || [];
    _paq.push(["trackPageView"]);
    _paq.push(["enableLinkTracking"]);
    (function() {
        var u = "https://XXX.piwik.pro/";
        _paq.push(["setTrackerUrl", u + "ppms.php"]);
        _paq.push(["setSiteId", “XXXX-XXXX-XXXX-XXXX"]);
        var d = document,
            g = d.createElement("script"),
            s = d.getElementsByTagName("script")[0];
        g.type = "text/javascript";
        g.async = true;
        g.defer = true;
        g.src = u + "ppms.js";
        s.parentNode.insertBefore(g, s);
    })();
</script>

Pageload + No statistics cookie: (Piwik No Consent)

<script type="text/javascript">
    var _paq = _paq || [];
    _paq.push(['setUserIsAnonymous', 1]);
    _paq.push(['disableCookies']);
    _paq.push(["trackPageView"]);
    _paq.push(["enableLinkTracking"]);
    (function() {
        var u = "https://XXX.piwik.pro/";
        _paq.push(["setTrackerUrl", u + "ppms.php"]);
        _paq.push(["setSiteId", “XXXX-XXXX-XXXX-XXXX"]);
        var d = document,
            g = d.createElement("script"),
            s = d.getElementsByTagName("script")[0];
        g.type = "text/javascript";
        g.async = true;
        g.defer = true;
        g.src = u + "ppms.js";
        s.parentNode.insertBefore(g, s);
    })();
</script>

When stats consent is granted:

<script>
   _paq.push(['enableCookies']);
   _paq.push(['deanonymizeUser']);
</script>

But I see that Piwik is still setting cookies when I’m firing the “Piwik No Consent” Tag.

However, in the tracker debugger the users IP is set to 0.0.0.0 so the anonymous user call seems to work.

I’m 100% certain that I’m firing the correct tags at the right time in my implementation (That I’m not mistakenly firing the “Full consent tag” when they haven’t consented to cookies. I’ve also been clearing cookies all the time

I also see that the pageviews are being attributed to a session - which I wasn’t expecting being possible if cookies was disabled. But that may just be an artefact of the cookies being set.

Any reason why cookies may still be set with this setup?

Best,

4

Ok actually it may seem like I wasn’t clearing all the session data or something and it was picking up some old session-related data or something. After I published and tested in incognito it doesn’t seem to be setting any cookies. No need to respond - I’ll test a bit more and come back if I have any questions! :slight_smile:

5

Glad to see it’s working so far :slight_smile:

Session stitching will work even without cookies unless you disable session id from the UI.