After installing the Piwik PRO container on your site, the consent form will automatically appear on it with its default settings. However, you can change some of the form settings or turn it off completely if you wish.
In this article, we’ll show you how to turn your consent form on or off and adjust its settings.
Turn the consent form on or off
To turn on or off the consent form on your site, follow these steps:
1. Log in to Piwik PRO.
2. Go to Menu > Administration.
3. Navigate to Sites & apps.
4. On the left, pick the site or app you want to work with.
5. Navigate to Privacy.
6. Turn on or off Ask visitors for consent. This setting controls whether your consent form is displayed or not.
Note: You can edit your consent form by going to Consent Manager > Consent forms.
7. (Optional) Click View to customize the consent setting:
- Collect anonymous data from non-consenting visitors: You can collect anonymous data from visitors who haven’t given their consent. Their IP addresses will be completely masked. You will not recognize new and returning visitors. And you will only know their country. It’s up to you to decide whether to use a session hash and visitor cookies for these visitors or not.
- Use a session hash: If you use a session hash, it’ll be created for each session based on the visitor’s IP address, operating system, browser name, browser version, browser language, enabled browser plugins and site/app ID. This hash will help us recognize events that belong to the same session. Note: This setting only applies to non-consenting visitors.
- Use visitor cookies: If you use visitor cookies (_pk_id and _pk_ses), we’ll use them to recognize events that belong to the same session. They will expire 30 minutes after the last event. Note: This setting only applies to non-consenting visitors.
Note: Some triggers in Tag Manager create cookies to function correctly. If you use one of the following conditions in triggers, we’ll set a cookie:
- Event condition > Traffic source
- Event condition > Returning visitor
- Event condition > Campaign
- Event condition > External referrer
- Multiplicity > Fire tag once per session
- Multiplicity > Fire tag multiple times per session, excluding first
Make sure that tags with those triggers are set with the right consent type.
We also set essential cookies that store visitor’s consent decision. More about cookies
- Consent is valid for: The cookie storing consent preferences will expire after this time, and your form will ask a visitor for consent again.
- Share consent between subdomains: You can add subdomains to share consent between them. Enter a domain, subdomain or a wildcard like *.example.com.
Note: If you enter a few values, each will create a bucket of shared consent. Let’s look at an example.
We have the following domains:
- example.com
- blog.example.com
- help.example.com
We only want to share consent between the first two: example.com and blog.example.com. So we need to type in: *.example.com and help.example.com.
This will create two buckets of shared consents:
- One bucket for: example.com and blog.example.com.
- And another bucket for: help.example.com.
- Use a custom consent form: This consent form overrides those from Consent Manager. You can add it via the JavaScript API. Read more
8. When you’re done, click Save.
9. Done! Your consent form is now visible on your site. Just remember to set the appropriate consent type for each tag in Tag Manager.
Comparison of options
Here’s a comparison table to help you choose the right option. Each setting uses different mechanisms for collecting data and for recognizing visitors and their sessions. Settings also affect what data you collect.
| Consenting visitors | Non-consenting visitors | |||||
|---|---|---|---|---|---|---|
| Cookies & session hash | Visitor cookies & session hash | Visitor cookies only | Session hash only | No visitor cookies & session hash | Don’t collect data | |
| Mechanisms used to collect data | ||||||
| First-party cookies | ||||||
| Local storage | ||||||
| Session hash | ||||||
| Collected data | ||||||
| Visitor’s IP address | Yes / No | |||||
| Visitor ID | ||||||
| Capture all traffic | ||||||
| New vs. returning visitors | ||||||
| Visitor’s session | ||||||
| Visitor’s location | Latitude, Longitude, Organization, Provider, City, Region, Country, Continent | Country, Continent | Country, Continent | Country, Continent | Country, Continent | |
| Events | ||||||
| Traffic sources | ||||||
| Channel attribution | Last-click, position-based, first-click, last-non-direct-click, time-decay, linear and custom models | Last-click | Last-click | Last-click | ||
| Consent stats | ||||||
| Privacy laws | ||||||
| Compliant with | LGPD PDPA GDPR UK GDPR/ PECR TDDDG HIPAA |
LGPD PDPA GDPR HIPAA |
LGPD PDPA GDPR HIPAA |
LGPD PDPA GDPR UK GDPR/PECR TDDDG HIPAA |
LGPD PDPA GDPR UK GDPR/PECR TDDDG HIPAA |
LGPD PDPA GDPR UK GDPR/PECR CCPA HIPAA |
How does consent management work in Piwik PRO?
Consent Manager is connected to Tag Manager and fires tags only when visitors give their consent, assuming tags require it. It also controls how the tracking tag works. Depending on the settings you choose and the visitor’s consent, the Piwik PRO tag, containing the tracking code, will activate in consent mode, anonymous mode, or not activate at all.
The graph below illustrates how the tracking tag fires and what happens to tags that require analytics consent.
Note:
- The Piwik PRO tag that contains the tracking code requires analytics consent by default. This can be changed. However, if you’re collecting anonymous data, don’t set it to “No consent is required” as this will cause errors.
- Anonymous data collection only works for the Piwik PRO tag.
- The mechanism sets three values for the consent parameter: 0, 1 or -1. -1 is set when visitors ignore the form and informs Piwik PRO that these visitors can be asked for consent again.
- If third-party consent forms are not integrated and don’t communicate with Piwik PRO via API, all visitors are treated as if they ignored the form, and the analytics parameter is set to -1.