Turn on or off the consent form on your site

Consent Manager

Needed permissions: owner

When you use Consent Manager, the consent form automatically appears on your site with its default setup. In this article, we’ll show you where to change its settings and how to turn them off if you ever need to.

To turn on or off the consent form on your site, follow these steps:

  1. Log in to Piwik PRO.
  2. Go to Menu > Administration.
  3. Navigate to Sites & apps.
  4. On the left, pick a website or app you want to work with.
  5. Navigate to Privacy.
  6. Turn on or off Ask visitors for consent.
    Ask visitors for consent in Piwik PRO

    Note: You can edit the consent form by going to Consent Manager > Consent forms.

  7. Optionally, adjust other settings.
  8. In When visitors don’t consent, you can pick one option:
    • Collect data using a 30-minute cookie: You’ll use a 30-minute cookie to collect session data. You won’t recognize new and returning visitors, but you’ll get data on the visitor’s country. Visitors’ IP addresses will be fully masked.
    • Collect data without using cookies: You won’t create or store any cookies on visitors’ browsers. Nothing will be stored on visitors’ devices. You won’t recognize new and returning visitors, but you’ll get data on the visitor’s country. Visitors’ IP addresses will be fully masked.

    Note: Some triggers in Tag Manager create cookies to function correctly. If you use one of the following conditions in triggers, we’ll set a cookie:

    • Event condition > Traffic source
    • Event condition > Returning visitor
    • Event condition > Campaign
    • Event condition > External referrer 
    • Multiplicity > Fire tag once per session
    • Multiplicity > Fire tag multiple times per session, excluding first
    • Multiplicity > Fire tag once per page view

    Make sure that tags with those triggers are set with the right consent type.

    We also set essential cookies that store visitor’s consent decision. More about cookies

    • Don’t collect data: The tracking code won’t be fired for visitors.
    Consent settings in Piwik PRO

    Note: We observed on our sites that only 25 to 75 percent of people give full consent. So you may want to collect non-sensitive data from visitors who don’t agree to data collection and usage.

  9.  Ask for consent in countries under the GDPR and UK GDPR: If turned on, your consent form will only appear for visitors who are in countries with the privacy laws mentioned. If turned off, it will appear for all visitors.
    Consent settings in Piwik PRO

    Note: We recognize the country based on the visitor’s IP address.

    The GDPR applies in: Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czechia, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Iceland, Liechtenstein, Norway, Switzerland.

    The UK GDPR applies in the UK.

  10.  You can change how long the consent is valid for. By default, it’s valid for 12 months.
    Ask visitors for consent in Piwik PRO

    Note: Consent is stored in a consent cookie. After the set time, the cookie expires and the form asks a visitor for consent again.

  11. You can share consent between subdomains that are tracked under one site/app in Piwik PRO (you use the same container). Each value you type in will create a bucket of shared consents.

    Example: If you have https://example.com/, https://blog.example.com/ and https://help.example.com/ and want to share consent between them, type in *.example.com.

    Share consent between subdomains in Piwik PRO

    Note: You can type in a domain (example.com), subdomain (help.example.com) or wildcard (*.example.com). Full URLs are not accepted.

    Note: If you enter a few values, each will create a bucket of shared consent. Let’s look at an example.

    We have these domains:

    • example.com
    • blog.example.com
    • help.example.com

    We only want to share consent between the first two: example.com and blog.example.com.

    So we need to type in: *.example and help.example.com. This will create two buckets of shared consents:

    • One bucket for: example.com and blog.example.com.
    • And another bucket for: help.example.com.
  12.  Optionally, you can use a custom form instead of those from Consent Manager. Before turning this on, set up your custom form.
    Custom consent form in Piwik PRO
  13. When you’re done, click Save.
  14. Now your consent form is visible on your site. Remember to set the right consent type for each tag in Tag Manager.
    Consent types in Piwik PRO

Comparison of options

Here’s a comparison table to help you choose the right option. Each setting uses different mechanisms for collecting data and for recognizing visitors and their sessions. Settings also affect what data you collect.

When visitors agree When visitors don’t agree
Cookies & session ID 30-minute cookie No cookies Don’t collect data
Mechanisms used to collect data
First-party cookies (1) (2)
Local storage
Session ID (3)
Visitor’s IP address Yes / No (4)
Visitor ID
Collected data
Capture all traffic
New vs. returning visitors
Visitor’s session
Visitor’s location Latitude, Longitude, Organization, Provider, City, Region, Country, Continent Country, Continent Country, Continent
Events
Traffic sources
Channel attribution Last-click, position-based, first-click, last-non-direct-click, time-decay, linear and custom models Last-click Last-click
Consent stats (5)
Privacy laws
Compliant with LGPD, PDPA, GDPR, UK GDPR/ PECR (7), TTDSG (7), HIPAA (8) LGPD, PDPA, GDPR (6), HIPAA (8) LGPD, PDPA, GDPR (6), UK GDPR/PECR (7), TTDSG (7), HIPAA (8) LGPD, PDPA, GDPR, UK GDPR/PECR, CCPA, HIPAA (8)
  1. You’ll use a 30-minute cookie to collect session data.
  2. We’ll set essential cookies that store each visitor’s consent decision. In addition, some triggers in Tag Manager will set cookies in order to funcion correctly. Make sure that tags with these triggers are set with the right consent type.
  3. We create a session ID to recognize the visitor’s session. We only use it for 30 minutes since the last event.
  4. You can mask visitors’ IP addresses under Administration > Sites & apps > Privacy > Mask IP addresses. An IP address gives you a visitor’s location. Masking it removes the selected number of bytes from the address before saving it to the database. Nobody will ever see the full address. Masking an address can enhance visitor privacy, as you won’t be able to see their precise location.
  5. You won’t collect any consent stats about people who don’t consent to analytics.  
  6. Check the cookie policy in your local guidelines; different countries can have their own policy.
  7. Assuming the product is set up to avoid storing additional device-level information, such as screen resolution or browser plugins. You can set it in Administration > Sites & apps > Privacy > Don’t collect visitor’s device data (on).
  8. If you have the Enterprise plan and have signed a BAA with us.

Was this article helpful?

Technical support

If you still have any questions, visit our community.
There’s always someone happy to help!

Back to help center