Note: We’ll no longer offer Consent Manager for new Piwik PRO accounts.
After installing the Piwik PRO container on your site, the consent form will automatically appear on it with its default settings. However, you can change some of the form settings or turn it off completely if you wish.
In this article, we’ll show you how to turn your consent form on or off and adjust its settings.
Turn the consent form on or off
Note: This guide applies to the Piwik PRO version with Consent Manager included in the offer. If you’re using a version without Consent Manager, see this guide instead.
To turn on or off the consent form on your site, follow these steps:
1. Log in to Piwik PRO.
2. Go to Menu > Administration.
3. Navigate to Sites & apps.
4. On the left, pick the site or app you want to work with.
5. Navigate to Privacy.
6. Turn on or off Ask visitors for consent. This setting controls whether your consent form is displayed or not.
Note: You can edit your consent form by going to Consent Manager > Consent forms.
7. (Optional) Click View to customize the consent setting:
- Collect anonymous data from non-consenting visitors: You can collect anonymous data from visitors who haven’t given their consent. Their IP addresses will be completely masked. You will not recognize new and returning visitors. And you will only know their country. It’s up to you to decide whether to use a session hash and visitor cookies for these visitors or not.
- Use a session hash: If you use a session hash, it’ll be created for each session based on the visitor’s IP address, operating system, browser name, browser version, browser language, enabled browser plugins and site/app ID. This hash will help us recognize events that belong to the same session. Note: This setting only applies to non-consenting visitors.
- Use visitor cookies: If you use visitor cookies (_pk_id and _pk_ses), we’ll use them to recognize events that belong to the same session. They will expire 30 minutes after the last event. Note: This setting only applies to non-consenting visitors.
Note: Some triggers in Tag Manager create cookies to function correctly. If you use one of the following conditions in triggers, we’ll set a cookie:
- Event condition > Traffic source
- Event condition > Returning visitor
- Event condition > Campaign
- Event condition > External referrer
- Multiplicity > Fire tag once per session
- Multiplicity > Fire tag multiple times per session, excluding first
Make sure that tags with those triggers are set with the right consent type.
We also set essential cookies that store visitor’s consent decision. More about cookies
- Consent is valid for: The cookie storing consent preferences will expire after this time, and your form will ask a visitor for consent again.
- Share consent between subdomains: You can add subdomains to share consent between them. Enter a domain, subdomain or a wildcard like *.example.com.
Note: If you enter a few values, each will create a bucket of shared consent. Let’s look at an example.
We have the following domains:
- example.com
- blog.example.com
- help.example.com
We only want to share consent between the first two: example.com and blog.example.com. So we need to type in: *.example.com and help.example.com.
This will create two buckets of shared consents:
- One bucket for: example.com and blog.example.com.
- And another bucket for: help.example.com.
- Use a custom consent form: This consent form overrides those from Consent Manager. You can add it via the JavaScript API. Read more
8. When you’re done, click Save.
9. Done! Your consent form is now visible on your site. Just remember to set the appropriate consent type for each tag in Tag Manager.
Turn the consent management tool on or off
Note: This guide applies to the Piwik PRO version without Consent Manager included in the offer. If you’re using a version with Consent Manager, see this guide instead.
To turn on or off the consent management tool, follow these steps:
1. Log in to Piwik PRO.
2. Go to Menu > Administration.
3. Navigate to Sites & apps.
4. On the left, pick the site or app you want to work with.
5. Navigate to Privacy.
6. Turn on or off Consent management tool.
7. Pick the consent management tool you want to use. You can choose between Cookie Information Consent Management Platform (CMP) and other consent management tool.
8. If you choose Cookie Information CMP, you can create an account or add an existing one, and click Save.
Note: Remember to make sure your Cookie Information domain is set up correctly. You can edit your consent form in your consent management tool.
9. If you choose Other consent management tool, click Save.
Note: If you want to use a different consent management tool, follow our integration guide. If you use Cookiebot, Didomi, or OneTrust, check these guides.
You can edit your consent form in your consent management tool.
10. (Optional) Click View to customize the consent setting:
- Collect anonymous data from non-consenting visitors: You can collect anonymous data from visitors who haven’t given their consent. Their IP addresses will be completely masked. You will not recognize new and returning visitors. And you will only know their country. It’s up to you to decide whether to use a session hash and visitor cookies for these visitors or not.
- Use a session hash: If you use a session hash, it’ll be created for each session based on the visitor’s IP address, operating system, browser name, browser version, browser language, enabled browser plugins and site/app ID. This hash will help us recognize events that belong to the same session. Note: This setting only applies to non-consenting visitors.
- Use visitor cookies: If you use visitor cookies (_pk_id and _pk_ses), we’ll use them to recognize events that belong to the same session. They will expire 30 minutes after the last event. Note: This setting only applies to non-consenting visitors.
Note: Some triggers in Tag Manager create cookies to function correctly. If you use one of the following conditions in triggers, we’ll set a cookie:
- Event condition > Traffic source
- Event condition > Returning visitor
- Event condition > Campaign
- Event condition > External referrer
- Multiplicity > Fire tag once per session
- Multiplicity > Fire tag multiple times per session, excluding first
Make sure that tags with those triggers are set with the right consent type.
We also set essential cookies that store visitor’s consent decision. More about cookies
- Consent is valid for: The cookie storing consent preferences will expire after this time, and your form will ask a visitor for consent again.
- Share consent between subdomains: You can add subdomains to share consent between them. Enter a domain, subdomain or a wildcard like *.example.com.
Note: If you enter a few values, each will create a bucket of shared consent. Let’s look at an example.
We have the following domains:
- example.com
- blog.example.com
- help.example.com
We only want to share consent between the first two: example.com and blog.example.com. So we need to type in: *.example.com and help.example.com.
This will create two buckets of shared consents:
- One bucket for: example.com and blog.example.com.
- And another bucket for: help.example.com.
11. When you’re done, click Save.
12. Done!
When set up the consent management tool correctly, your tags will only fire if the visitor gives the right type of consent.
Just remember to set the appropriate consent type for each tag in Tag Manager, and to set up your consent management tool correctly.
Comparison of options
Here’s a comparison table to help you choose the right option. Each setting uses different mechanisms for collecting data and for recognizing visitors and their sessions. Settings also affect what data you collect.
| Consenting visitors | Non-consenting visitors | |||||
|---|---|---|---|---|---|---|
| Cookies & session hash | Visitor cookies & session hash | Visitor cookies only | Session hash only | No visitor cookies & session hash | Don’t collect data | |
| Mechanisms used to collect data | ||||||
| First-party cookies | ||||||
| Local storage | ||||||
| Session hash | ||||||
| Collected data | ||||||
| Visitor’s IP address | Yes / No | |||||
| Visitor ID | ||||||
| Capture all traffic | ||||||
| New vs. returning visitors | ||||||
| Visitor’s session | ||||||
| Visitor’s location | Latitude, Longitude, Organization, Provider, City, Region, Country, Continent | Country, Continent | Country, Continent | Country, Continent | Country, Continent | |
| Events | ||||||
| Traffic sources | ||||||
| Channel attribution | Last-click, position-based, first-click, last-non-direct-click, time-decay, linear and custom models | Last-click | Last-click | Last-click | ||
| Consent stats | ||||||
| Privacy laws | ||||||
| Compliant with | LGPD PDPA GDPR UK GDPR/ PECR TDDDG HIPAA |
LGPD PDPA GDPR HIPAA |
LGPD PDPA GDPR HIPAA |
LGPD PDPA GDPR UK GDPR/PECR TDDDG HIPAA |
LGPD PDPA GDPR UK GDPR/PECR TDDDG HIPAA |
LGPD PDPA GDPR UK GDPR/PECR CCPA HIPAA |
How does consent management work in Piwik PRO?
Consent Manager is connected to Tag Manager and fires tags only when visitors give their consent, assuming tags require it. It also controls how the tracking tag works. Depending on the settings you choose and the visitor’s consent, the Piwik PRO tag, containing the tracking code, will activate in consent mode, anonymous mode, or not activate at all.
Note: If you’re using a Piwik PRO version without Consent Manager, you can still use your own consent management tool the same way. Read more on how to integrate your consent management tool with Piwik PRO.
The graph below illustrates how the tracking tag fires and what happens to tags that require analytics consent.
Note:
- The Piwik PRO tag that contains the tracking code requires analytics consent by default. This can be changed. However, if you’re collecting anonymous data, don’t set it to “No consent is required” as this will cause errors.
- Anonymous data collection only works for the Piwik PRO tag.
- The mechanism sets three values for the consent parameter: 0, 1 or -1. -1 is set when visitors ignore the form and informs Piwik PRO that these visitors can be asked for consent again.
- If third-party consent forms are not integrated and don’t communicate with Piwik PRO via API, all visitors are treated as if they ignored the form, and the analytics parameter is set to -1.