• Overview
• Key Terms
• GTM-Specific Terms
• Evidon CMP-Specific Terms
• Consent Levels Supported by Evidon CMP
• Data Layer Call Details
• Typical Data Layer Format
• Callbacks
• priorConsentCallback
• closeCallback
• consentWithdrawnCallback
• consentDeclinedCallback
• consentRejectCallback
• Key differences between callbacks
• Enabling Evidon Category/Vendor Consent Support
• Steps to Enable Granular Consent
• Key Considerations
• Notice Configuration
• Steps to Create and Configure a Notice
• GTM Implementation
• Section 1: Template Implementation
• Section 2: GTM Recipe Implementation
• Disclaimer

Overview

Evidon CMP (Consent Management Platform) helps manage user consent preferences for cookies and data tracking to comply with regulations like GDPR, CCPA, and more. Google Tag Manager (GTM) is a tool for managing and deploying marketing tags on a website without modifying code. Integrating Evidon CMP with GTM ensures user consent preferences control tag behavior across your site.

Key Terms

Key Terms in Consent Management (Purposes):

• Strictly Necessary: Essential for basic website functionality (e.g., session cookies). 
• Performance/Analytics: Used for website analytics (e.g., Google Analytics). 
• Targeting/Advertising: Enables ad personalization and tracking (e.g., Google Ads). 
• Functional: Supports additional features like chatbots or enhanced UI.

GTM-Specific Terms

• Tags: Code snippets that send data to third-party tools (e.g., GA4, Facebook Pixel). 
• Triggers: Define when a tag should fire (e.g., page load, click event). 
• Variables: Store dynamic data (e.g., user consent status).

Evidon CMP-Specific Terms

• Categories: Groupings of user preferences (e.g., analytics, advertising).
• Vendors: Another name for companies who perform advertising and tracking functionality.

Consent Levels Supported by Evidon CMP

Evidon CMP maps user consent preferences to categories that control data processing. The levels typically supported are:

Data Layer Call Details

The data layer is a key GTM component that stores and transmits structured data between the website and various Google Services. Evidon CMP uses the data layer to send consent information.

Typical Data Layer Format

dataLayer.push('evidonConsentGiven', consentCategories:'', consentVendors:'');

• eventName: evidonConsentGiven  
• consentCategories: comma-separated list of category names  
• consentVendors: comma-separated list of vendor names   

The category names in the consentCategories parameter correspond to the names assigned to your category buckets within the privacy application during configuration.

The vendor names in the consentVendors parameter represent the permanent string identifiers assigned to vendors by Evidon system.

The event pushed to the data layer when user consent is provided is evidonConsentGiven. Your event triggers must monitor for this event and validate the vendors and categories listed in the consentCategories and consentVendors variables.

Callbacks

The Evidon Consent Management Platform (CMP) provides pre-defined callbacks that allow developers to customize their websites or applications based on user consent actions. These callbacks offer hooks to dynamically load, block, or manage technologies in alignment with user preferences, helping facilitate compliance with privacy regulations.

This document outlines the available callbacks, their purposes, and their implementation. It is essential to understand that while the CMP provides the tools, developers are responsible for ensuring proper integration and adherence to applicable laws.

 Here's a detailed explanation of each callback:

priorConsentCallback

Description:  The priorConsentCallback is executed whenever a consent state is detected. This can happen under the following circumstances:

• A consent cookie is present when the CMP script initializes. 
• A user performs a consent action. (e.g., accepting, rejecting, or modifying preferences)
• Consent is not required for the current region or domain.

Parameters:

• categories (Object): An object of consent categories (e.g., "Analytics", "Marketing") and their statuses (true for consented, false for declined).
• vendors (Object): An object of vendors and their consent statuses.
• cookies (Object): A key-value pair object indicating cookie states based on user consent.

Use Case:

• Developers can use this callback to dynamically load or block specific technologies (e.g., marketing tags or cookies) based on the user's consent preferences.
• Ensures that your site respects user preferences and remains compliant with privacy regulations.

Note:

Always validate the consent state before enabling third-party scripts or technologies to ensure user preferences are respected.

Example:

window.evidon.priorConsentCallback = function (categories, vendors, cookies) {

    if (categories.includes('Marketing')) {
        console.log('Marketing consent provided. Loading marketing tags...');
        loadMarketingTags();
    } else {
        console.log('Marketing consent not provided. Blocking related tags.');
    }
};

closeCallback

Description:

Triggered when a user closes the consent interface (e.g., a banner or modal) without explicitly accepting or declining consent. This callback allows developers to track user behaviour and optionally re-prompt users after a specified interval.

Use Case:

• Log the closure event for analytics or reporting purposes.
• Optionally, re-display the consent banner after a refresh the page or specified period if the user closes it without making a decision.
• Developers can also configure this callback to treat the closure as an implicit decline of consent, depending on business needs or regulation compliance.

Note:

The Evidon UCP Consent tool does not enforce any specific action upon closure; you must decide how to handle this scenario based on your requirements.

Example:

window.evidon.closeCallback = function () {
    console.log('Consent UI closed without user action.');
    promptUserForConsentLater();
};

consentWithdrawnCallback

Description:

Triggered when a user withdraws or revoke granted consent. This callback is crucial for ensuring compliance with regulations like GDPR, which require immediate action when consent is revoked.

Use Case:

• Developers can also configure this call back to immediately disable technologies that rely on user consent, such as analytics trackers and advertising tags.
• Clear any cookies, local storage, or session data associated with the withdrawn consent.
• Provide users with a seamless experience (e.g., refresh the page to reflect updated consent states).

While the Evidon UCP Consent tool provides this notification, it is the developer's responsibility to implement the logic for disabling third party tags or technologies and clearing cookies or stored preferences associated with third-party vendors.

Example:

window.evidon.consentWithdrawnCallback = function () {
    console.log('User has withdrawn consent. Disabling all technologies.');
    disableTracking();
    clearConsentCookies();
};

consentDeclinedCallback

Description:

Triggered when the user explicitly declines consent by interacting with a "Decline" button on the UI.

Use Case:

• Developers can also configure this call back to immediately disable all non-essential tags or services.
• Log the user's decision for audit purposes.
• Optionally suppress further consent prompts for a specified period (e.g., one year) using the dropSuppressionCookie function.

To avoid disrupting the user experience, developers can suppress further prompts using Evidon's dropSuppressionCookie function.

Example:

window.evidon.consentDeclinedCallback = function () {
    console.log('User declined consent. Blocking all non-essential tags.');
    disableTracking();
};

consentRejectCallback

Description:

Triggered when a user opts out of all consent categories by selecting an "Opt-Out All" or "Reject All" option. This is typically applicable under opt-out regulations like CCPA.

Use Case:

• You can choose to stop all services / third party tags or vendors based on user consent.
• Clear cookies or stored data related to consent categories.
• Provide a seamless experience to users by respecting their choices.

This callback ensures that users can fully exercise their right to opt-out of all consent-based services. Developers must manage the associated cookies and third-party technologies.

Example:

window.evidon.consentRejectCallback = function () {
    console.log('User opted out of all consent categories.');
    disableAllTags();
    clearCookiesAndData();
};

Key differences between callbacks

There are key differences between the consentWithdrawnCallback, consentDeclinedCallback, and consentRejectCallback. The following table will help you determine which callback to use.

Enabling Evidon Category/Vendor Consent Support  

While this document does not cover the complete setup of the Universal Consent Platform (UCP), we’ll guide you through enabling support for Category and Vendor consent at the Theme level in UCP. Follow these steps to configure granular consent within your theme.

Steps to Enable Granular Consent

1. Log in to the Evidon Privacy Application
   • Open your preferred browser and navigate to Evidon Privacy Application.
2. Access the Manage Section
   • In the dashboard, open the Manage section to view the list of notices.
3. Find the Relevant Theme
   • To locate the theme associated with a specific domain:
     • Filter the list of notices by entering the domain name where you want granular consent.
     • Identify the assigned theme next to the notice domain.
     • Click the theme name to open it in a new tab or window.

4. Enable Options Dialog v2
   • In the theme editor, switch to the Options Dialog section.
   • Look for the option to enable Options Dialog v2 and check this option.
   • Save the changes to apply granular consent settings.

Key Considerations

1. Theme-Wide Changes
   • Enabling Options Dialog v2 will affect all notices using this theme.
   • If you want to limit changes to specific properties, create a copy of the theme, modify it, and assign it to the desired web properties.
2. Updated Layout
   • Enabling granular consent will modify the layout of the options dialog.
   • Users will see new toggle controls for category- and vendor-specific selections.
   • Test these changes to ensure that the updated dialog integrates seamlessly with the page's styles.
3. Identifying the Correct Theme
   • If you’re unsure which theme to modify:
     • Go to the Notices list.
     • Filter by the target property.
     • Click the theme name next to the property to open the theme editor in a new tab or window.

4. Style Verification
   • After enabling the new options dialog, review the updated dialog’s appearance and behavior.
   • Ensure the styles and functionality align with your expectations before deploying.  

Once you have enabled the new version of the dialog, you will want to verify the styles look the way you want.  

This is a picture showing the correct option to enable: 

Notice Configuration

Follow these steps to create a notice in UCP and configure it with the required vendors to support consent updates for various consent types, including analytics_storage, ad_storage, ad_personalization, and ad_user_data.

Steps to Create and Configure a Notice

1. Create a Notice
   • Log in to Evidon Privacy Application.
   • Navigate to the Notices section and create a new notice for your web property.
2. Add Google Analytics
   • Ensure that the Google Analytics vendor is added to the notice disclosure.
   • This is required to enable consent updates for the analytics_storage consent type.

3. Add Advertising Vendors
   • To enable consent updates for ad_storage, ad_personalization, and ad_user_data, include one or more of the following vendors in the notice disclosure:
     • Google AdSense
     • DoubleClick
     • DoubleClick Bid Manager (formerly Invite Media)
     • Channel Intelligence (Google)
     • AdMeld (Google)
     • Google AdWords
     • Google Display Network
     • AdMob (Google)
     • Google Attribution 360 (formerly Adometry)
     • Google Tag Manager
     • Google Ad Services
     • Google Mobile Ads
     • Google IMA
     • Google Ads
     • Google Analytics

Additional Resources

Refer to the official Universal Consent Platform Getting Started Guide for more details on creating notices and managing vendor disclosures.

By ensuring these vendors are added to the notice, you enable granular consent updates required for compliance and advanced advertising configurations.

GTM Implementation

The guide is bifurcated into two sections: Template Implementation and GTM Recipe Implementation. While both methods are described, we strongly recommend using the template approach for simplicity and efficiency.  For more detail please refer.

Section 1: Template Implementation

Overview

The Template Implementation method leverages GTM's custom templates to simplify the integration process. It allows users to configure Evidon CMP settings within a predefined framework, minimizing the need for manual coding.

Step 1: Import the Template

1. Open the Templates Menu
   • In the GTM dashboard, navigate to the Templates menu.
   • The Templates screen will appear.
2. Access the Community Template Gallery
   • In the Tag Templates section, click the Search Gallery button.
   • This will open the Community Template Gallery.
   • Search for the Template
   • In the search field, type "Evidon Universal Consent CMP".
     Review the search results and locate the Evidon Universal Consent CMP template.

3. Install the Template
   • Select the Evidon Universal Consent CMP template from the search results.
   • Click the Add to Workspace button.
   • A confirmation modal will appear:

4. Confirm Installation
   • In the confirmation modal, click the Add button to complete the installation.

Once added, the Evidon Universal Consent CMP template will be available in your workspace for further configuration and deployment

Step 2: Create tag using Evidon Template

After installing the Evidon Universal Consent CMP template, follow these steps to add the Evidon Universal Consent Platform tag in GTM:

1. Add the Evidon Universal Consent Platform Tag
   • Navigate to the Tags section in your GTM workspace.
   • Click New, select the Evidon Universal Consent CMP template, and save it after configuration.
2. Set the Company ID
   • In the tag settings, locate the Company ID field.
   • Enter the Company ID assigned to your account. This ID links the tag to your consent platform.

3. (Optional) Enable URL Passthrough
   • If you need to pass consent data via URLs, enable the URL Passthrough option in the tag settings.
4. (Optional) Enable Debug Mode
   • Toggle the Debug Mode option to test the tag's configuration and behavior without affecting live data.
5. Enable Advanced Google Consent Mode
   • Locate the checkbox for Advanced Google Consent Mode and ensure it is checked.
   • This option manages granular consent signals for Google services.
   • If Advanced Consent Mode is enabled, then the default consent state is set before Evidon scripts are loaded onto the page. Google Consent is updated when the end-user provides consent to a corresponding Google service within the Evidon UCP banner/options dialog. While consent is not provided, Google tags will send cookieless pings.
   • If Advanced Consent Mode is not enabled, then the default consent state and consent update are set after the end-user provides consent to a corresponding Google service. All Google tags must be blocked (via event triggers) until user consent is provided. Please refer to Section 2: GTM Recipe Implementation later in this document for more information about how to configure event triggers.
   • For more information about the differences between Advanced Google Consent Mode and Basic Google Consent Mode, please visit this page: https://support.google.com/google-ads/answer/10000067?hl=en
6. Non-Production Notice
   • A Non-Production Notice allows you to configure and test consent notices in development or staging environments without impacting your live (production) site. This ensures proper integration and functionality testing before deployment
7. Configure Default Consent State
   • Default consent state refers to the settings applied to cookies and tracking technologies before users make their consent choices. This ensures compliance with privacy regulations while maintaining website functionality.
   • Click the “Add row” button and assign default consent (Denied/Granted) to each category (e.g., Ad Storage, Analytics Storage, Ad Personalization, Ad User Data) that are relevant to each region.

8. Using Evidon Callback Methods (Optional)

To use Evidon callbacks as optional activities within Google Tag Manager (GTM), you need to import a pre-configured GTM Template Recipe. This setup allows you to conditionally load scripts or tags based on user consent captured by Evidon CMP

Steps to Implement Evidon Callbacks with GTM Template Recipe:

I. Download the GTM Template Recipe

a. Obtain the GTM recipe JSON file from Evidon’s resources or your implementation partner.

b. Login into https://privacy.evidon.com

c. Click on “Manage” and then “Get Site Notice Tag”

d. Select “GTM Template Recipe” from the dropdown menu and further select the desired consent mode

e. Click download to download the JSON file

II. Import the Template Recipe into GTM

a. Log into GTM

i. Access your Google Tag Manager account and navigate to the desired container

b. Go to Admin > Import Container

            i. Select Import Container

c. Upload the JSON file

            i. Upload the GTM recipe JSON

d. Choose Workspace and Merger Options

           i. Select the appropriate workspace

           ii. Choose Merge (to add) or Overwrite (to replace existing tags, triggers, and variables).

           iii. A new tag “Evidon Consent Tag” has been generated

e. Update the logic in Callbacks:

i. Open “Evidon Consent Tag” in edit mode

ii. In custom HTML, update your code in the given placeholders

Step 3: Test and Deploy

1. Use GTM's *Preview Mode* to verify the functionality of the template.
2. Validate that the consent signals are correctly passed to Google Analytics and Ads. 
3. Publish the container once testing is successful.

The template implementation method ensures consistency, reduces manual errors, and simplifies future updates. This is especially beneficial for organizations managing complex CMP configurations.

The template approach is recommended due to its ease of use, lower risk of errors, and maintainability. This approach also ensures compliance with Evidon and Google’s latest updates.

Section 2: GTM Recipe Implementation

Overview

The GTM Recipe Implementation method involves importing a pre-configured GTM container that includes tags, triggers, and variables required for Evidon CMP integration. This method is suitable for users familiar with GTM and requires a higher degree of manual configuration.

Step 1: Import the Recipe

1. login into UCP Download.
2. Click on the Manage link in the menu.
3. Click on Get Notice Tag.
4. On the modal click the drop down to GTM Recipes.
5. Click the drop down to choose the level of consent: Vendor or Categories.
6. Download the file, which will be in json format.

Step 2: Configure Tags and Triggers in Google Tag Manager

1. Once the file is downloaded, log into your GTM instance. Follow these steps to import the Json file.
2. Select Admin from the top menu links.
3. Select Import Container. Here you will import the Json file as the container file.
   1. You can overwrite the workspace or merge contents of the new file. Overwriting will replace anything existing with the new data from our file. Merge will bring in any new data and combine them with what’s already been done.
4. Confirm.

Once complete, your triggers are set up. The final step is to assign the correct load rules to the tags. To support category consent on your tags you need to set up the tags to have the correct type of category consent assigned to them.

5. Open or Create the Tag you are adding to the consent wall.
6. In the Triggers section assign the All Categories trigger you imported and the appropriate Category Consent trigger for that tag.
7. Save the Tag settings.

To support vendor consent on your tags you need to set up the tags to have the correct vendor consent trigger assigned to them.

8. Open or Create the Tag you are adding to the consent wall.
9. In the Triggers section assign the All Vendors trigger.
10. Assign the specific Vendor trigger for the tag.
11. Save the Tag settings

Remember, triggers on a tag act as an “OR” condition, so if either of them execute the tag will fire. Once you have set up the tag and saved it, it should look something like the following:

Step 3: Test and Validate

1. Use GTM preview mode to test the setup thoroughly. 
2. Validate consent signals using browser developer tools and Evidon CMP’s testing tools. 
3. Ensure no conflicts exist between CMP scripts and GTM configuration.

Disclaimer

This document provides technical guidance for implementing the Evidon Consent Management Platform (CMP). It is the responsibility of the user to ensure compliance with applicable data protection laws and regulations, including but not limited to the GDPR, CCPA, or other regional privacy frameworks. Evidon offers tools and resources to support compliance but assumes no liability for errors in implementation or misuse of this documentation. Users are strongly advised to consult their legal team to confirm that all implementations meet relevant legal and regulatory requirements.