Study by Utrecht University reveals serious GDPR violations with Google Tag Manager (GTM)
An investigation of the Google Tag Manager with 78 client-side tags and 8 server-side tags as well as two Consent Management Platforms (CMPs) reveals significant problems:
- For example, critical data about form interactions is collected via the Google Tag.
- The mapping of CMP purposes to GTM consent variables is not compliant.
- GTM purposes are not specific or explicit.
- Timing issues and incorrect standards result in tags being executed without consent.
- The Google Tag sends data regardless of the user’s consent decisions.
The study concludes that GTM poses more legal risks than solutions. Checking which tags are executed in which consent constellations and which data is processed in the process is very time-consuming and would have to be continuously monitored in order to avoid legal violations.
These risks can be easily avoided with integrated tag and consent management.
That’s why we at etracker have created a practical all-in-one solution to manage consent and also to manage third-party tags conveniently and in compliance with data protection regulations.