Serious GDPR violations with Google Tag Manager (GTM)

by Katrin Nebermann

Study by Utrecht University reveals serious GDPR violations with Google Tag Manager (GTM)

An examination of the Google Tag Manager with 78 client-side tags and 8 server-side tags as well as two Consent Management Platforms (CMPs) revealed considerable problems:

• For example, critical data on form interactions is collected via the Google Tag.
• The assignment of CMP purposes to GTM consent variables is not compliant.
• GTM purposes are not specific or explicit.
• Timing problems and incorrect standards lead to tags being executed without consent.
• The Google Tag sends data independently of the user’s consent decisions.

The study concludes that the GTM poses more legal challenges than solutions. Checking which tags are executed in which consent constellations and which data is processed in the process is very time-consuming and would have to be continuously monitored in order to avoid legal violations.

These risks can be easily avoided with integrated tag and consent management. That’s why we at etracker have created a practical all-in-one solution to manage consent and also control third party tags conveniently and in compliance with data protection regulations.