When you use Consent Manager, the consent form automatically appears on your site with its default setup. In this article, we’ll show you where to change its settings and how to turn them off if you ever need to.
To turn on or off the consent form on your site, follow these steps:
- Go to Menu > Administration.
- Navigate to Sites & apps.
- On the left, pick a website or app you want to work with.
- In Settings, scroll until you see Privacy.
- Turn on or off Ask visitors for consent.
Note: You can edit the consent form by going to Consent Manager > Consent forms.
- Optionally, adjust other settings.
- In When visitors don’t consent, you can pick one option:
- Collect data using a 30-minute cookie: You’ll use a 30-minute cookie to collect session data. You won’t recognize new and returning visitors. You’ll see data about visitor’s country. Visitors’ IP addresses will be fully masked.
- Collect data without using cookies: You won’t create or store any cookies on visitors’ browsers. Nothing will be stored on visitors` devices. You won’t recognize new and returning visitors. You’ll see full data about visitor’s location. Visitors’ IP addresses won’t be masked, but you can mask them in Administration > Sites & apps > Privacy > Mask IP addresses.
Note: Some triggers in Tag Manager create cookies to work correctly. If you use one of the following conditions in triggers, we’ll set a cookie:
- Event condition > Traffic source
- Event condition > Returning visitor
- Event condition > Campaign
- Event condition > External referrer
- Multiplicity > Fire tag once per session
- Multiplicity > Fire tag multiple times per session, excluding first
- Multiplicity > Fire tag once per page view
Make sure that tags with those triggers are set with the right consent type.
We also set essential cookies that store visitor’s consent decision. More about cookies
- Don’t collect data: The tracking code won’t be fired for visitors.
Note: We observed on our sites that only 25 to 75 percent of people give full consent. So you may want to collect non-sensitive data from visitors who don’t agree to data collection and usage.
- Ask for consent in countries under the GDPR and UK GDPR: When turned on, your consent form will appear only when visitors are in countries under mentioned privacy laws. When turned off, it’ll appear for all visitors.
Note: We recognize the country based on the visitor’s IP address.
The GDPR applies in: Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czechia, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Iceland, Liechtenstein, Norway, Switzerland.
The UK GDPR applies in the UK.
- You can change how long the consent is valid for. By default, it’s valid for 12 months.
Note: Consent is stored in a consent cookie. After the set time, the cookie expires and the form asks a visitor for consent again.
- You can share consent between subdomains. For example, if you have www.example.com and www.blog.example.com and track them under one site in Piwik PRO (you use the same container), you can share consent decisions between them.
- Optionally, you can use a custom form instead of those from Consent Manager. Before turning this on, set up your custom form.
- When you’re done, click Save.
- Now your consent form is visible on your site. Remember to set the right consent type for each tag in Tag Manager.
Here is a comparison that can help you decide which option to choose. Each setting uses different mechanisms for collecting data, recognizing visitors and their sessions. It also affects what data you will collect.
|When visitors agree||When visitors don’t agree|
|Cookies & session ID||30-minute cookie||No cookies||Don’t collect data|
|Mechanisms used to collect data|
|Visitor’s IP address||Yes / No (4)||Yes / No (4)|
|Capture all traffic|
|New vs. returning visitors|
|Visitor’s location||Latitude, Longitude, Organization, Provider, City, Region, Country, Continent||Country, Continent||Latitude, Longitude, Organization, Provider, City, Region, Country, Continent|
|Channel attribution||Last-click, position-based, first-click, last-non-direct-click, time-decay, linear and custom models||Last-click||Last-click|
|Compliant with||LGPD, PDPA, GDPR, UK GDPR/ PECR (7), TTDSG (7)||LGPD, PDPA, GDPR (6)||LGPD, PDPA, GDPR (6), UK GDPR/PECR (7), TTDSG (7)||LGPD, PDPA, GDPR, UK GDPR/PECR, CCPA|
- You’ll use a 30-minute cookie to collect session data.
- We’ll set essential cookies that store visitor’s consent decision. Also some triggers in Tag Manager set cookies to work correctly. Make sure that tags with those triggers are set with the right consent type.
- We create a session ID to recognize the visitor’s session. We use it only for 30 minutes since the last event.
- You can mask IP addresses for visitors under Administration > Sites & apps > Privacy > Mask IP addresses. The IP address informs about visitor’s location. Masking it can enhance visitors privacy because you won’t recognize their full location.
- You won’t collect any consent stats about people who don’t consent to analytics.
- Assuming the product is set up not to store additional device-level information like screen resolution or browser plugins. Set it up in Administration > Sites & apps > Privacy > Don’t collect visitor’s device data (on).