Set up OneTrust to obtain user consent

To capture valuable insights while protecting user privacy, you need to collect consent from your website users. We recommend you use a Consent Management Platform (CMP) or work with your Content Management System (CMS) to collect consent and send it to Google.

Step 1: Set up a consent banner

Scan a website

  1. Sign up for a OneTrust account.
  2. Scan your website to determine which cookies are being dropped. This is done from the Websites screen.
    An illustration of how to scan your website in OneTrust.

Categorize cookies

  1. From the “Categorizations” screen, categorize the cookies based on their function. The category a cookie is put in will determine how it’s handled, so make sure that Google cookies are categorized according to your company’s requirements.

Create website templates

  1. After you’ve categorized the cookies on your site, navigate to the “Templates” screen and create a template for “Cookie Banner”, “Preference Center”, and “Cookie List”. There are pre-configured templates to support compliance for the various consent frameworks. Choose the template that fits your compliance needs.
    An illustration of how to add a new template in OneTrust.

Create and assign Geolocation Rule Groups

  1. After you’ve created a “Template”, navigate to the “Geolocation Rules” screen and use that template to create a “Geolocation Rules Group''. These settings will allow you to comply with consent requirements based on region, country, or state.
  2. After you have defined your Geolocation Rules Group, assign it to your “Domains''.
  3. Confirm whether the banner should be opt-in or opt-out in each region you configure, and double check that consent mode is turned on in the region(s) where you intend to use it, with appropriate purposes assigned to each of the available consent types.
    An illustration of the Geolocation Rules section in OneTrust.
    An illustration of Google Consent Mode categories in OneTrust.
    An illustration of how to assign geolocation rules to domains in OneTrust.

Step 2: Set up consent mode

Set up using Google Tag Manager

  1. Open Google Tag Manager and navigate to your container.
  2. In “Tags”, click New and name your tag.
  3. Click Tag Configuration, then click Discover more tag types in the Community Template Gallery. From the gallery, search for “OneTrust” and install “OneTrust CMP” by OneTrustCMP.
  4. In OneTrust Cookie Consent, go to Integrations, then select Scripts and select your website from the list.
  5. Go to Production Scripts, and copy the ID from the first code box. From the code box, copy the bolded portion below. Your code will differ from the example provided.
    https://cdn.cookielaw.org/consent/1edbd598-c92a-49e7-ad81-d9a3b1f9ef60/OtAutoBlock.js 
  6. Navigate back to Tag Manager and paste your ID into the Data Domain Script box.
  7. Toggle “Do you want to use Google Consent Mode?” to “Yes”.
  8. Click Add GCM Category one time for each of the following values, then set the default consent you would like to use globally (including in places without privacy regulations).
    • ad_storage
    • analytics_storage
    • ad_user_data
    • Ad_personalization
  9. For alternative settings, such as defaulting consent to denied in some locations, click Add Region-specific default. Select the default settings you want for each of the listed consent types. In the first box, add the list of countries these defaults should apply to, using codes from the ISO standard list. You can review a list of European countries in the EU and EEA.
  10. Click Add, then click Triggering.
  11. Select “Consent Initialization - All Pages”, then click Save.
  12. Click Preview in the top right corner to test your container. View instructions for testing below.
  13. Publish your container.

Set up using another platform or directly from your website’s code

  1. From OneTrust, choose your website from the “Integrations” section and select Scripts.
  2. Copy the code from the first text box in Production Scripts.
  3. If you use a website builder, review their documentation to find out how to implement code in the “head tag” of each page. Otherwise, skip to step 4.
  4. In the <head> tag of each page (review the instructions above if you use a website builder), paste the following code, followed by the CMP script you copied earlier at the very top of the <head> tag. Note that this step is critical in order to ensure the CMP functions properly.

<script>

// Define dataLayer and the gtag function.

window.dataLayer = window.dataLayer || [];

function gtag(){dataLayer.push(arguments);}

 

// Set default consent for specific regions according to your requirements

gtag('consent', 'default', {

  'ad_storage': 'denied',

  'ad_user_data': 'denied',

  'ad_personalization': 'denied',

  'analytics_storage': 'denied',

 'regions':[<list of ISO 3166-2 region codes>]

});

// Set default consent for all other regions according to your requirements

gtag('consent', 'default', {

  'ad_storage': 'denied',

  'ad_user_data': 'denied',

  'ad_personalization': 'denied',

  'analytics_storage': 'denied'

});

 

</script>

<!--Banner script here!-->

  1. Publish your site.

Testing using Tag Assistant

Learn more about how to Troubleshoot consent mode with Google Tag Manager.

Was this helpful?

How can we improve it?
true
Search
Clear search
Close search
Google apps
Main menu
2755614776798868610
true
Search Help Center
true
true
true
true
true
69256
true
false