DocsBlogIntegrationsSign InSign Up
Integrations

Google: Conditionally Loading 3rd Party Tags in GTM with Concord Consent

Learn how to configure Google Tag Manager (GTM) triggers so third-party tags only fire after visitors grant consent via Concord, ensuring GDPR compliance regardless of Basic or Advanced Consent Mode.

Conditionally loading third-party tags in GTM with Concord consent

When using Google Tag Manager (GTM) with Concord, third-party tags that are not properly configured to respect consent can fire before consent is granted—potentially violating GDPR and other privacy regulations. This guide shows how to configure your tags to only fire when the visitor grants consent, regardless of whether you use Basic or Advanced Consent Mode.

Why this matters

Tags in GTM that aren't configured with consent checks will fire as soon as their trigger conditions are met (e.g., on page load). This happens regardless of your Consent Mode setting because:

  • Google tags with built-in consent checks automatically respect consent state, but many third-party tags do not have these built-in checks.
  • Third-party tags (analytics platforms, ad pixels, chat widgets, etc.) will fire immediately unless you explicitly add consent requirements.

Concord pushes consent updates to window.dataLayer in two formats:

  1. On initial load — Concord fires both a Google consentupdate command and a consent_updated custom event with the visitor's current consent state.
  2. When consent changes — If a visitor updates their preferences (e.g., grants consent after initially denying), Concord fires both events again with the new state.

This means you can use a consent_updated trigger to handle both scenarios: returning visitors who already have consent (fires on page load) and new visitors who grant consent later (fires when they opt in).

Example dataLayer payloads

Here's are some examples of what Concord pushes to the dataLayer. When consent is denied:

{
  "event": "consent_updated",
  "consent_state": {
    "analytics": "denied",
    "marketing": "denied",
    "functional": "denied"
  }
}
{
  "0": "consent",
  "1": "update",
  "2": {
    "ad_storage": "denied",
    "ad_user_data": "denied",
    "ad_personalization": "denied",
    "analytics_storage": "denied",
    "functionality_storage": "denied",
    "personalization_storage": "denied",
    "security_storage": "granted"
  }
}

When the visitor grants consent:

{
  "event": "consent_updated",
  "consent_state": {
    "analytics": "granted",
    "marketing": "denied",
    "functional": "granted"
  }
}
{
  "0": "consent",
  "1": "update",
  "2": {
    "ad_storage": "denied",
    "ad_user_data": "denied",
    "ad_personalization": "denied",
    "analytics_storage": "granted",
    "functionality_storage": "granted",
    "personalization_storage": "granted",
    "security_storage": "granted"
  }
}

Ensure you have set up consent defaults using Concord's GTM template or gtag integration. This is typically set to deny all storage types by default until Concord updates the values based on visitor consent.

For detailed setup instructions, see Understanding & Configuring Google Consent Mode (GCM) V2.

Create a custom event trigger that fires when Concord updates consent:

  1. In GTM, go to Triggers and click New.
  2. Name it Concord Consent Updated.
  3. Set the trigger type to Custom Event.
  4. Set the event name to consent_updated.
  5. Save the trigger.

This trigger fires on every page load (with the current consent state) and again if the visitor changes their preferences.

For each third-party tag that requires consent:

  1. Open the tag in GTM.
  2. Go to Advanced Settings > Consent Settings.
  3. Select Require additional consent for tag to fire.
  4. Add the appropriate consent types (e.g., ad_storage, analytics_storage, ad_user_data).

When a tag has these consent checks configured, GTM will not fire the tag until the required consent types are granted—even if the trigger conditions are met.

For tags that use a standard trigger like "All Pages":

  1. Open the tag in GTM.
  2. Add the Concord Consent Updated trigger you created in Step 2.
  3. Save the tag.
  4. Once all tags are updated and saved, publish the new version of your GTM container.

This ensures that your tags fire when consent is granted mid-session. The built-in consent checks (Step 3) prevent the tag from firing until consent is actually granted, regardless of which trigger activates.

Note: If your tag already has an "All Pages" trigger or other types of triggers, you can typically keep them in place as the consent checks will block it until consent is granted. Adding the Concord Consent Update trigger ensures the tag also fires if consent is granted after the initial page load.

Step 5: Validate in GTM Preview

  1. Enable Preview mode in GTM.
  2. Load your site with Concord active.
  3. Test scenario A (consent denied):
    • Deny consent or don't interact with the banner.
    • Confirm third-party tags do not fire.
    • Grant consent and confirm tags fire after consent_updated appears in the Data Layer.
  4. Test scenario B (consent already granted):
    • Grant consent, then refresh the page.
    • Confirm tags fire on page load.

Ghost Integration Guide

Step-by-step instructions on how to integrate Concord via Ghost

Google: Consent Mode V2 (GCM) Scanning User Guide

Guide on using Concord’s Google Consent Mode V2 scanning feature to validate your website’s compliance with Google Consent Mode V2 requirements.

On this page

Conditionally loading third-party tags in GTM with Concord consentWhy this mattersHow Concord updates consent in GTMExample dataLayer payloadsStep 1: Set up consent defaults in GTMStep 2: Create a Concord Consent Updated triggerStep 3: Configure consent checks on your tagsStep 4: Add the Concord Consent Updated trigger to your tagsStep 5: Validate in GTM PreviewRelated reading