Consent Management Guide

Advanced DataLayer Tracker – Privacy-First Tracking with CMP Integration

Table of Contents

1. What is Consent Management?
2. Supported Platforms
3. How ADT Handles Consent
4. Quick Setup
5. CMP-Specific Configuration
6. Consent Modes
7. Testing Your Setup
8. Advanced Configuration
9. Troubleshooting
10. Best Practices

What is Consent Management?

Consent management ensures your website respects user privacy preferences by controlling when and how tracking occurs based on user consent decisions.

Why It Matters:

• Legal Compliance: GDPR, CCPA, and other privacy laws require user consent
• User Trust: Transparent data practices build trust
• Reduced Risk: Avoid hefty fines (up to €20M or 4% of revenue under GDPR)
• Better Data: Users who consent provide higher quality data

How It Works:

1. User visits site
2. Consent banner appears (via CMP)
3. User accepts/declines
4. ADT detects consent decision
5. Tracking enabled/disabled accordingly
6. Consent stored for future visits

Supported Platforms

ADT automatically detects and integrates with these Consent Management Platforms:

Free/Open Source CMPs

CookieYes (FREE tier available)

• Detection: Automatic
• Free Tier: Yes (up to 25,000 pageviews/month)
• Setup Time: 5 minutes
• Recommended For: Small businesses, blogs
• Website: cookieyes.com

Cookiebot (FREE tier available)

• Detection: Automatic
• Free Tier: Yes (up to 100 subpages)
• Setup Time: 10 minutes
• Recommended For: Small to medium businesses
• Website: cookiebot.com

Klaro (Open Source)

• Detection: Automatic
• Cost: Free forever
• Setup Time: 15 minutes (requires code)
• Recommended For: Developers, custom implementations
• Website: kiprotect.com/klaro

Complianz (WordPress Plugin)

• Detection: Automatic
• Cost: Free version available
• Setup Time: 10 minutes
• Recommended For: WordPress users
• Website: wordpress.org/plugins/complianz-gdpr

Enterprise CMPs

OneTrust

• Detection: Automatic
• Cost: Enterprise pricing
• Setup Time: 20-30 minutes
• Recommended For: Large enterprises
• Website: onetrust.com

Termly

• Detection: Automatic
• Cost: Paid plans
• Setup Time: 15 minutes
• Recommended For: Mid-size businesses
• Website: termly.io

Osano

• Detection: Automatic
• Cost: Paid plans
• Setup Time: 15 minutes
• Recommended For: Mid-size to enterprise
• Website: osano.com

IAB TCF 2.0 Compatible

• Detection: Automatic via __tcfapi
• Works With: Any TCF 2.0 compliant CMP
• Provides: Granular vendor consent

How ADT Handles Consent

Detection Process

Priority 1: Auto-Detection (Default)

// ADT checks for CMPs in this order:
1. OneTrust
2. Cookiebot
3. CookieYes
4. Klaro
5. Complianz
6. TCF 2.0 API
7. Custom implementations

Detection Time: 0-5 seconds (configurable)

Fallback Behavior:

• If no CMP detected within timeout → fallback mode
• Configurable: Track without consent OR block until consent

Consent Categories

ADT tracks two main consent purposes:

Analytics Consent

Purpose: 'analytics'
Controls: GA4, GTM analytics tags
Includes: 
- Page views
- Engagement tracking
- Form analytics
- Video tracking (non-marketing)

Marketing Consent

Purpose: 'marketing'
Controls: Pixels (Meta, TikTok, LinkedIn, etc.)
Includes:
- Facebook Pixel
- TikTok Pixel
- LinkedIn Insight Tag
- Pinterest Tag
- Twitter Pixel
- Google Ads remarketing

Consent States

Granted: User explicitly accepted

{
  analytics: true,
  marketing: true
}

Denied: User explicitly declined

{
  analytics: false,
  marketing: false
}

Pending: Waiting for user decision

{
  analytics: null,
  marketing: null
}

Mixed: Different choices per category

{
  analytics: true,  // Accepted
  marketing: false  // Declined
}

Quick Setup

Step 1: Install a CMP (If You Don’t Have One)

Recommended: CookieYes (Easiest)

1. Sign up at cookieyes.com
2. Create new website
3. Copy installation code
4. Add to WordPress:
   • Option A: Use CookieYes WordPress plugin
   • Option B: Add code to theme’s header.php
5. Configure banner design and text
6. Publish

Time Required: 5-10 minutes

Step 2: Configure ADT Consent Settings

Navigate to ADT settings:

WordPress Admin → Settings → Advanced DataLayer → Advanced Tab

Basic Settings:

CMP Detection:

Preferred CMP Platform: Auto-detect (recommended)

Detection Timeout:

CMP Detection Timeout: 5 seconds (default)

Tracking Behavior:

☐ Delay Tracking Until Consent (GDPR Safe Mode)
  - Checked: Nothing tracks until user consents
  - Unchecked: Track if no CMP detected (less strict)

TCF Mode (Optional):

☐ Require TCF Consent
  - Checked: Requires vendor-specific consent (strict)
  - Unchecked: Uses purpose-level consent (standard)

Step 3: Test Detection

Open Browser Console (F12):

// Check if CMP detected
console.log(window.ADTConsentManager?.platform);
// Should output: "CookieYes", "Cookiebot", etc.

// Check consent state
console.log(window.ADTConsent);
// Output: { analytics: true, marketing: false }

Check Debug Overlay:

1. Add ?adt_debug=1 to URL
2. Open Debug Overlay
3. Look at "Consent" section
4. Should show detected CMP and consent state

Step 4: Verify Tracking Behavior

Test Scenario 1: Accept All

1. Clear cookies
2. Visit site
3. Accept all cookies in banner
4. Open browser console
5. Type: window.dataLayer
6. Should see tracking events firing

Test Scenario 2: Decline All

1. Clear cookies
2. Visit site
3. Decline all cookies in banner
4. Open browser console
5. Type: window.dataLayer
6. Should NOT see tracking events (or only non-consent events)

Test Scenario 3: Mixed Consent

1. Clear cookies
2. Visit site
3. Accept analytics, decline marketing
4. Check console
5. GA4 events should fire
6. Pixel events should NOT fire

CMP-Specific Configuration

CookieYes Setup

Installation:

Method 1: WordPress Plugin (Easiest)

1. Install “CookieYes GDPR Cookie Consent” plugin
2. Activate plugin
3. Go to Settings → CookieYes
4. Click “Scan Website”
5. Configure categories
6. Customize banner text/colors
7. Publish

Method 2: Manual Code

1. Sign up at cookieyes.com
2. Create website
3. Copy embed code
4. Add to <head> section
5. Configure via CookieYes dashboard

ADT Configuration:

Settings → Advanced → Preferred CMP: Auto-detect

ADT will detect CookieYes automatically via:

• window.cookieyes object
• cookieyes-consent cookie

Consent Mapping:

CookieYes Category → ADT Purpose
- "analytics" → analytics
- "statistics" → analytics
- "advertisement" → marketing
- "marketing" → marketing

Free Tier Limitations:

• Up to 25,000 pageviews/month
• Basic banner customization
• Email support

Pro Features ($9-99/mo):

• Unlimited pageviews
• Advanced customization
• Auto-blocking scripts
• Priority support

Cookiebot Setup

Installation:

Method 1: WordPress Plugin

1. Install “Cookiebot CMP” plugin
2. Activate plugin
3. Sign up at cookiebot.com (or use existing account)
4. Copy Domain Group ID
5. Enter in plugin settings
6. Configure categories
7. Customize banner

Method 2: Manual Code

1. Sign up at cookiebot.com
2. Add website domain
3. Get embed code
4. Add to theme <head>
5. Configure via Cookiebot dashboard

ADT Configuration:

Settings → Advanced → Preferred CMP: Auto-detect

ADT will detect Cookiebot automatically via:

• window.Cookiebot object
• window.Cookiebot.consent properties

Consent Mapping:

Cookiebot Consent → ADT Purpose
- consent.statistics → analytics
- consent.marketing → marketing
- consent.necessary → (always granted)
- consent.preferences → (not used by ADT)

Free Tier Limitations:

• Up to 100 subpages
• Basic features
• Community support

Paid Tiers:

• Unlimited pages
• Auto-blocking
• Consent statistics
• Premium support

Event Handling:

// ADT listens for these Cookiebot events:
- CookiebotOnConsentReady (initial load)
- CookiebotOnAccept (user accepts)
- CookiebotOnDecline (user declines)

OneTrust Setup

Installation:

1. Sign up at onetrust.com (enterprise sales)
2. Create new website
3. Configure cookie categories:
   • C0001: Strictly Necessary (always on)
   • C0002: Performance/Analytics
   • C0003: Functional
   • C0004: Targeting/Marketing
4. Customize banner design
5. Get script tags
6. Add to WordPress site
7. Publish preferences

ADT Configuration:

Settings → Advanced → Preferred CMP: Auto-detect

ADT will detect OneTrust automatically via:

• window.OneTrust object
• window.OnetrustActiveGroups string

Consent Mapping:

OneTrust Category → ADT Purpose
- C0002 (Performance) → analytics
- C0004 (Targeting) → marketing

Event Handling:

// ADT listens for:
OneTrust.OnConsentChanged((event) => {
  // Update ADT consent state
});

Advanced Features:

• IAB TCF 2.0 support
• Vendor consent management
• Multi-language support
• Consent receipts
• Audit trails

Klaro Setup (Open Source)

Installation:

Method 1: NPM (For Developers)

npm install klaro

Method 2: CDN

<script defer src="https://cdn.kiprotect.com/klaro/latest/klaro.js"></script>

Configuration:

// klaro-config.js
var klaroConfig = {
  version: 1,
  elementID: 'klaro',
  storageMethod: 'cookie',
  cookieName: 'klaro',
  cookieExpiresAfterDays: 365,
  
  services: [
    {
      name: 'google-analytics',
      title: 'Google Analytics',
      purposes: ['analytics'],
      required: false
    },
    {
      name: 'facebook-pixel',
      title: 'Facebook Pixel',
      purposes: ['marketing'],
      required: false
    }
  ]
};

ADT Configuration:

Settings → Advanced → Preferred CMP: Auto-detect

Consent Mapping:

Klaro Service Purpose → ADT Purpose
- 'analytics' → analytics
- 'marketing' OR 'advertising' → marketing

Event Handling:

// ADT listens for Klaro consent changes
klaro.getManager().watch({
  update: (manager, eventType, data) => {
    // ADT updates consent state
  }
});

Complianz Setup (WordPress Plugin)

Installation:

1. Install “Complianz GDPR/CCPA Cookie Consent” plugin
2. Activate plugin
3. Run setup wizard:
   • Select region (EU/UK/US/etc.)
   • Choose cookie policy
   • Configure categories
4. Customize banner
5. Scan for cookies
6. Configure cookie policy
7. Publish

ADT Configuration:

Settings → Advanced → Preferred CMP: Auto-detect

ADT will detect Complianz automatically via:

• complianz_consent_status cookie
• Complianz JavaScript API

Consent Mapping:

Complianz Category → ADT Purpose
- 'statistics' → analytics
- 'marketing' → marketing

Free vs Premium:

Free:

• Basic GDPR compliance
• Cookie banner
• Cookie policy generator

Premium ($49-249/year):

• A/B testing
• Statistics dashboard
• Consent proof
• Priority support
• More regions

Consent Modes

Mode 1: GDPR Safe Mode (Strictest)

Setting:

☑ Delay Tracking Until Consent

Behavior:

1. Page loads
2. NO tracking fires
3. User sees consent banner
4. User accepts → Tracking starts
5. User declines → Tracking blocked
6. User ignores → Tracking blocked

Use Cases:

• EU/UK audiences
• Strict GDPR compliance
• Risk-averse organizations
• Legal requirement to wait

Pros:

• Maximum compliance
• Zero risk of tracking without consent
• Clear audit trail

Cons:

• Lose data from users who ignore banner
• Slightly lower data volume
• Can’t track pre-consent behavior

Mode 2: Permissive Mode (Default)

Setting:

☐ Delay Tracking Until Consent

Behavior:

1. Page loads
2. CMP detection starts (5 second timeout)
3. If CMP detected → Wait for consent
4. If NO CMP detected → Track normally
5. User accepts → Track normally
6. User declines → Block tracking

Use Cases:

• US audiences
• Sites without CMP (yet)
• Gradual compliance rollout
• Development/testing

Pros:

• More data collected
• Works with or without CMP
• Flexible for testing

Cons:

• May track before consent shown
• Requires CMP for compliance
• Not suitable for strict GDPR

Mode 3: TCF Strict Mode (Enterprise)

Setting:

☑ Require TCF Consent

Behavior:

1. Only tracks if TCF 2.0 CMP present
2. Requires vendor-specific consent
3. Checks consent for each vendor:
   - Google (Vendor ID 755)
   - Meta (Vendor ID 1002)
   - TikTok (Vendor ID 1789)
4. Blocks vendor if consent denied

Use Cases:

• IAB member websites
• AdTech platforms
• Programmatic advertising
• Multi-vendor tracking

Pros:

• Granular vendor control
• Industry standard
• Programmatic ad compliance

Cons:

• Requires TCF 2.0 CMP (expensive)
• More complex setup
• Lower consent rates (more choices)

Testing Your Setup

Method 1: Browser Console Testing

Check CMP Detection:

// Open console (F12), paste:

console.log('CMP Platform:', window.ADTConsentManager?.platform);
console.log('Consent State:', window.ADTConsent);
console.log('Detection Source:', window.ADTConsentManager?.source);

// Example output:
// CMP Platform: "CookieYes"
// Consent State: { analytics: true, marketing: false }
// Detection Source: "cookieyes_api"

Check Consent Function:

// Test the consent checker
console.log('Has Analytics Consent?', window.hasConsent('analytics'));
console.log('Has Marketing Consent?', window.hasConsent('marketing'));

// Should return true/false based on user choice

Monitor Consent Changes:

// Listen for consent updates
window.addEventListener('adt_consent_updated', (e) => {
  console.log('Consent Updated:', e.detail);
});

// Now change consent via CMP banner
// Should see console log when changed

Method 2: Debug Overlay Testing

Enable Debug Overlay:

Add ?adt_debug=1 to any URL

Consent Section Shows:

• Detected CMP platform
• Consent state (analytics/marketing)
• Detection method
• Consent source
• Time to detect

What to Verify:

• ✅ CMP platform detected correctly
• ✅ Consent state matches user choice
• ✅ Detection time < 5 seconds
• ✅ Consent updates when changed

Method 3: Consent Status Panel

Access Panel:

WordPress Admin → Advanced DataLayer → Consent Status

Panel Shows:

• Detected CMP platforms
• Current consent state
• CMP version information
• API availability
• Warnings/issues
• Raw consent data

Use Cases:

• Troubleshooting setup
• Verifying detection
• Checking CMP version
• Admin debugging

Method 4: Real User Testing

Test Scenarios:

Scenario 1: First-Time Visitor

1. Open incognito/private window
2. Visit site
3. Consent banner should appear
4. Check console: consent should be pending/null
5. Accept consent
6. Check console: consent should be granted
7. Verify tracking events firing

Scenario 2: Returning Visitor (Consent Stored)

1. Visit site with consent already granted
2. No banner should appear
3. Tracking should start immediately
4. Console shows stored consent loaded

Scenario 3: Consent Withdrawal

1. Visit site
2. Open consent settings (usually in footer link)
3. Change consent preferences
4. Verify tracking stops/starts accordingly
5. Check console for consent update events

Scenario 4: Ignored Banner

1. Visit site
2. Do NOT interact with banner
3. With “Delay Until Consent”: No tracking
4. Without: Tracking may start after timeout

Method 5: dataLayer Verification

Check dataLayer for Consent Events:

// In console, after accepting consent:
console.log(window.dataLayer);

// Should see events like:
[
  {
    event: 'consent_loaded',
    consent_platform: 'CookieYes',
    consent_ready: true
  },
  {
    event: 'consent_granted',
    consent_type: 'analytics',
    consent_method: 'banner'
  },
  {
    event: 'consent_granted',
    consent_type: 'marketing',
    consent_method: 'banner'
  }
]

Advanced Configuration

Custom Consent Timeout

Default: 5 seconds

When to Change:

• Slow-loading CMPs (increase to 10-15 seconds)
• Fast sites (decrease to 2-3 seconds)
• Testing (increase for debugging)

Configuration:

Settings → Advanced → CMP Detection Timeout: [seconds]

How It Works:

// ADT waits this long for CMP to load
// If CMP not detected within timeout:
//   - With "Delay Until Consent": Block tracking
//   - Without: Use fallback behavior

Manual CMP Selection

When to Use:

• Multiple CMPs detected (conflict)
• Detection failing
• Testing specific CMP
• Custom implementation

Configuration:

Settings → Advanced → Preferred CMP Platform: [Select CMP]

Options:
- Auto-detect (recommended)
- CookieYes
- Cookiebot
- Klaro
- Complianz
- OneTrust

Effect:

• Skips auto-detection
• Only checks for selected CMP
• Faster initialization
• Avoids conflicts

Fallback Behavior

Setting: fallback_track_without_cmp

Configuration:

// In wp-config.php or theme functions.php
define('ADT_FALLBACK_TRACK_WITHOUT_CMP', true);

Or via Settings:

Settings → Advanced → Track Without CMP (when unchecked "Delay Until Consent")

When CMP Not Detected:

• true: Track normally (permissive)
• false: Block tracking (strict)

Use Cases:

• True: US sites, testing, gradual rollout
• False: EU sites, strict GDPR compliance

Custom Consent Cookies

For Custom/Self-Built CMPs:

// Hook into ADT consent detection
add_filter('adt_consent_sources', function($sources) {
    // Check your custom consent cookie
    if (isset($_COOKIE['my_custom_consent'])) {
        $consent = json_decode($_COOKIE['my_custom_consent'], true);
        
        $sources['custom_cmp'] = [
            'analytics' => $consent['analytics'] === 'granted',
            'marketing' => $consent['marketing'] === 'granted',
            'platform' => 'Custom CMP',
            'method' => 'cookie'
        ];
    }
    
    return $sources;
});

Frontend Integration:

// Update ADT consent from your custom CMP
function updateCustomConsent(analytics, marketing) {
    window.ADTConsent = {
        analytics: analytics,
        marketing: marketing
    };
    
    // Fire update event
    window.dataLayer = window.dataLayer || [];
    window.dataLayer.push({
        event: 'adt_consent_updated',
        analytics: analytics,
        marketing: marketing
    });
}

// Call when user makes consent choice
document.getElementById('accept-all').addEventListener('click', function() {
    updateCustomConsent(true, true);
});

TCF 2.0 Custom Configuration

For Advanced TCF Setup:

// Customize TCF vendor checking
add_filter('adt_tcf_required_vendors', function($vendors) {
    // Add your required vendor IDs
    $vendors[] = 755;  // Google
    $vendors[] = 1002; // Meta
    $vendors[] = 1789; // TikTok
    
    return $vendors;
});

Frontend TCF Checking:

// Check specific vendor consent
if (typeof __tcfapi === 'function') {
    __tcfapi('getTCData', 2, function(tcData, success) {
        if (success) {
            // Check Google consent (Vendor 755)
            const googleConsent = tcData.vendor.consents[755];
            console.log('Google Consent:', googleConsent);
        }
    });
}

Troubleshooting

Issue: CMP Not Detected

Symptoms:

Debug Overlay shows: "CMP: None detected"
Console: window.ADTConsentManager?.platform returns undefined

Diagnostic Steps:

1. Verify CMP is actually installed:

// Check for CMP objects in console:
typeof window.Cookiebot     // Should not be "undefined"
typeof window.OneTrust      // Should not be "undefined"
typeof window.cookieyes     // Should not be "undefined"

2. Check CMP load timing:

• CMPs load asynchronously
• May not be ready immediately
• ADT waits up to 5 seconds (default)

3. Increase detection timeout:

Settings → Advanced → CMP Detection Timeout: 10 seconds

4. Check browser console for CMP errors:

• Look for JavaScript errors
• CMP script blocked?
• Ad blocker interfering?

5. Verify CMP script placement:

• Should be in <head> section
• Before ADT scripts load
• Not deferred/async (or ADT must wait)

Solutions:

• Ensure CMP loads early in <head>
• Increase timeout setting
• Check for script conflicts
• Disable ad blocker for testing
• Try manual CMP selection in settings

Issue: Consent Not Updating

Symptoms:

User accepts consent in banner
ADT still shows "declined" or "pending"
Tracking not starting

Diagnostic Steps:

1. Check CMP fires events:

// For Cookiebot:
window.addEventListener('CookiebotOnAccept', () => {
    console.log('Cookiebot accepted!');
});

// For CookieYes:
window.addEventListener('cookieyes_consent_update', () => {
    console.log('CookieYes updated!');
});

If events don’t fire, issue is with CMP, not ADT.

2. Check ADT event listener:

// Should see in console when consent changes:
window.addEventListener('adt_consent_updated', (e) => {
    console.log('ADT Consent Updated:', e.detail);
});

3. Verify consent cookie:

// Check for CMP cookie:
console.log(document.cookie);

// Look for:
// - "CookieConsent" (Cookiebot)
// - "cookieyes-consent" (CookieYes)
// - "OptanonConsent" (OneTrust)

Solutions:

• Clear all cookies and test fresh
• Check CMP is firing events correctly
• Verify CMP category mapping
• Update ADT to latest version
• Contact CMP support if CMP events not firing

Issue: Tracking Firing Despite Declined Consent

Symptoms:

User declines consent
GA4/pixels still tracking
Events in dataLayer despite decline

Diagnostic Steps:

1. Check consent state:

console.log(window.hasConsent('analytics'));  // Should be false
console.log(window.hasConsent('marketing'));  // Should be false

2. Check fallback mode:

Settings → Advanced → Delay Tracking Until Consent

If UNCHECKED and no CMP detected → Will track by default

3. Check for bypass code: Look for testing code like:

// Should NOT be in production:
window.ADTData.fallback_track_without_cmp = '1';

4. Verify tags respect consent:

// GTM tags should check:
if (!hasConsent('analytics')) {
    return; // Don't fire
}

Solutions:

• Enable “Delay Tracking Until Consent” mode
• Verify GTM tags check consent
• Remove any testing bypass code
• Check for other tracking scripts outside ADT
• Ensure CMP properly blocks scripts

Issue: Mixed Consent Not Working

Symptoms:

User accepts analytics, declines marketing
Either both track or both blocked
Cannot achieve mixed state

Cause:

• CMP not granular enough
• ADT not reading granular consent
• Tags not checking specific purposes

Solutions:

1. Verify CMP supports granular consent:

// Should have separate properties:
console.log(window.Cookiebot.consent);
// Output: { statistics: true, marketing: false }

console.log(window.ADTConsent);
// Output: { analytics: true, marketing: false }

2. Check GTM tags use correct purpose:

// GA4 tags should check:
if (hasConsent('analytics')) { ... }

// Pixel tags should check:
if (hasConsent('marketing')) { ... }

3. Verify consent mapping: Some CMPs use non-standard category names. Check:

Debug Overlay → Consent Section → Raw consent data

4. Update consent mapping (if needed):

add_filter('adt_consent_mapping', function($mapping, $platform) {
    // Custom mapping for your CMP
    if ($platform === 'CustomCMP') {
        $mapping = [
            'performance' => 'analytics',   // Map 'performance' to 'analytics'
            'advertising' => 'marketing'    // Map 'advertising' to 'marketing'
        ];
    }
    return $mapping;
}, 10, 2);

Issue: Consent Banner Shows on Every Page

Symptoms:

User accepts consent
Banner reappears on next page
Consent not being stored

Cause:

• Cookie domain mismatch
• Cookie blocked by settings
• Path restrictions
• SameSite issues

Solutions:

1. Check cookie is being set:

// After accepting consent:
console.log(document.cookie);
// Should contain CMP consent cookie

2. Check cookie domain:

• Cookie domain should match site domain
• Wildcard (.example.com) vs specific (www.example.com)

3. Check browser cookie settings:

• Third-party cookies enabled?
• Incognito mode blocks cookies
• Privacy extensions (Privacy Badger, etc.)

4. Check CMP configuration:

• Cookie expiration set correctly?
• Storage method (cookie vs localStorage)?
• Cross-domain configuration?

5. Check for conflicts:

• Multiple CMPs installed?
• Cache clearing cookies?
• Security plugins blocking cookies?

Best Practices

Compliance Best Practices

1. Always Show Privacy Policy Link

<!-- In consent banner -->
<a href="/privacy-policy">Privacy Policy</a>

2. Provide Cookie Settings

<!-- Persistent link in footer -->
<a href="#" onclick="showConsentSettings()">Cookie Settings</a>

3. Document Consent Practices

Privacy Policy Should Include:
- What data is collected
- Why it's collected
- How long it's stored
- Who it's shared with
- How to opt-out
- How to request data deletion

4. Regular Audits

Monthly: Check consent rates
Quarterly: Review cookie list
Yearly: Update privacy policy

5. Record Keeping

Required for GDPR:
- Consent timestamp
- Consent choices
- Consent method (banner/settings)
- IP address (optional)

ADT logs these automatically in consent events

Performance Best Practices

1. Optimize CMP Load Speed

<!-- Load CMP early, async -->
<script async src="cmp-script.js"></script>

<!-- But ensure it fires before tracking -->

2. Use Appropriate Timeout

Fast sites: 2-3 seconds
Normal sites: 5 seconds (default)
Slow sites: 10 seconds

3. Minimize Banner Complexity

• Simple design loads faster
• Fewer options = faster decisions
• Clear copy = higher acceptance

4. Cache Consent Decisions

• ADT automatically caches consent
• Reduces CMP API calls
• Faster subsequent pageviews

User Experience Best Practices

1. Banner Design

✅ Good:
- Clear, concise copy
- Prominent Accept button
- Easy-to-find Decline
- Not covering content
- Mobile responsive

❌ Bad:
- Wall of legal text
- Hidden Decline button
- Blocks entire page
- Hard to close

2. Consent Options

Recommended:
- Accept All (primary button)
- Decline All (secondary button)
- Cookie Settings (link)

Advanced:
- Purpose toggles (analytics, marketing)
- Vendor list (TCF)
- Cookie details

3. Reminder Frequency

Don't show banner again for:
- 30 days (if declined)
- 365 days (if accepted)
- Until cookie expires

Show again if:
- User clears cookies
- Cookie expires
- Privacy policy updated

Developer Best Practices

1. Test All Consent States

// Automated testing
describe('Consent Handling', () => {
    test('Tracks when consent granted', () => {
        window.setADTConsent('analytics', true);
        // Verify tracking fires
    });
    
    test('Blocks when consent denied', () => {
        window.setADTConsent('analytics', false);
        // Verify tracking blocked
    });
    
    test('Waits when consent pending', () => {
        window.setADTConsent('analytics', null);
        // Verify tracking queued
    });
});

2. Handle Consent Changes

// React to consent updates
window.addEventListener('adt_consent_updated', (e) => {
    const { analytics, marketing } = e.detail;
    
    // Update UI state
    if (analytics) {
        enableAnalyticsFeatures();
    } else {
        disableAnalyticsFeatures();
    }
});

3. Progressive Enhancement

// Don't break if no consent system
if (typeof hasConsent === 'function') {
    if (hasConsent('analytics')) {
        // Track with analytics
    }
} else {
    // Fallback: track anyway or skip
}

4. Document Your Setup

# Consent Setup Documentation

## CMP: CookieYes Pro
## Version: 2.5.3
## Configuration:
- Analytics: Tracks with GA4
- Marketing: Tracks with Meta Pixel, TikTok
- Storage: 365 days
- Mode: GDPR Safe Mode enabled

## Testing:
- Accept: All tracking enabled
- Decline: All tracking blocked
- Mixed: Granular per purpose

## Maintenance:
- Monthly consent rate review
- Quarterly CMP version check
- Yearly privacy policy update

Consent Events Reference

Event: consent_loaded

Fires: When CMP finishes loading

Parameters:

{
  event: 'consent_loaded',
  consent_platform: 'CookieYes',
  consent_ready: true,
  detection_time: 1.234
}

Use Cases:

• Track CMP load performance
• Verify CMP working
• Troubleshoot timing issues

Event: consent_granted

Fires: When user grants consent

Parameters:

{
  event: 'consent_granted',
  consent_type: 'analytics',  // or 'marketing'
  consent_method: 'banner',   // or 'settings'
  all_consents: {
    analytics: true,
    marketing: false
  }
}

Use Cases:

• Track consent rates
• A/B test banner copy
• Measure impact on data quality

Event: consent_denied

Fires: When user declines consent

Parameters:

{
  event: 'consent_denied',
  consent_type: 'analytics',
  consent_method: 'banner',
  all_consents: {
    analytics: false,
    marketing: false
  }
}

Use Cases:

• Track decline rates
• Analyze decline patterns
• Optimize banner messaging

Event: consent_updated

Fires: When consent changes

Parameters:

{
  event: 'consent_updated',
  consent_changes: {
    analytics: { from: false, to: true },
    marketing: { from: null, to: false }
  },
  update_source: 'settings'
}

Use Cases:

• Track user behavior changes
• Monitor consent withdrawals
• Compliance auditing

FAQ

Q: Which CMP should I use? A: For most small businesses, CookieYes Free is perfect. For enterprises, OneTrust or Cookiebot. For developers, Klaro.

Q: Is ADT GDPR compliant? A: ADT respects consent decisions. Combined with a proper CMP and privacy policy, yes. (But we’re not lawyers – consult legal counsel.)

Q: Can I track without a CMP? A: Technically yes (in permissive mode), but not GDPR compliant for EU visitors. Get a CMP!

Q: What if user ignores the banner? A: Depends on your mode. GDPR Safe Mode: no tracking. Permissive mode: may track after timeout.

Q: How long is consent stored? A: Controlled by your CMP. Usually 365 days. ADT reads whatever the CMP sets.

Q: Can I customize the consent banner? A: Yes, but through your CMP, not ADT. ADT just reads consent decisions.

Q: Does ADT work with Google Consent Mode? A: Yes! ADT automatically integrates with Google Consent Mode v2 when GTM is present.

Q: What happens to queued events after consent? A: ADT Event Queue holds events until consent granted, then fires them. Or discards if denied.

Q: Can I have different rules for different regions? A: Yes, but handled by your CMP. ADT reads whatever consent the CMP provides.

Q: Does server-side tracking bypass consent? A: No! ADT respects consent server-side too. If denied, server-side tracking is also blocked.

Support Resources

ADT Support:

• WordPress Admin → Advanced DataLayer → Support
• Documentation: [Your doc site]
• Community: [Forum link]

Legal Resources:

• GDPR: europa.eu/gdpr
• CCPA: oag.ca.gov/privacy/ccpa
• IAB TCF: iabeurope.eu/tcf

Summary

Quick Checklist:

• ✅ CMP installed and configured
• ✅ ADT detecting CMP correctly
• ✅ Consent mode set (Safe Mode recommended for EU)
• ✅ Tested accept/decline scenarios
• ✅ Verified tracking respects consent
• ✅ Privacy policy updated
• ✅ Cookie settings link in footer
• ✅ Regular monitoring set up

Remember:

• Consent management protects users AND your business
• A good CMP builds trust
• Compliance is ongoing, not one-time
• Test regularly
• Document everything

You’re protecting user privacy while maximizing data quality. Well done! 🎉