Clickio GDPR Consent Tool

GDPR Consent Tool Overview

We offer full compliance with Google EU user consent policy and with requirements of other demand partners. All publishers using Google's ad products need to obtain end users' consent before showing personalized ads. The records of consent must be retained, and users must be able to revoke consent.

The tool provides publishers with a lot of flexibility to make your own choices. You can choose consent flow recommended by Google at Cookiechoices.org, as well as a number of alternative approaches.

  • No coding required.
  • Change look and feel with an easy interface.
  • All disclosure language is customizable. You can add your own vendors and data collection purposes.
  • At the same time, the tool provides you with the standard disclosures in multiple languages and with the list of GDPR-compliant vendors and their purposes (from both Google and IAB Framework).

You can find more information about the product and a live demo page at gdpr.clickio.com.

Technical Specifications

CMP API

When defined on the page, this function is triggered when Consent Tool renders the user dialog (prior to end-user's decision) and when the user chooses either of the options (second time). For users who have already made their choice, the callback function is called right away with the corresponding parameter value. When a user is out of scope of GDPR, the callback is called with distinguishable param value.

// define callback on page
// place this code before Clickio Consent Tool (CCT) js file
(function(){
 // isolate all generic variables from global namspace
 // define global object callback function (which will be called by CCT js)
 (window.__lxG__consent__=window.__lxG__consent__||{}).consentCallback = function (consentState) {
        // for EEA users, this callback can be triggered twice:
        // before user decision (with -1 first and 0/1 later)
        // after user decision (with 0 or 1)

        if (consentState === null) {
            // consent not applicable, non-EEA user
        } else if (consentState === -1) {
            // EEA user, consent interface shown, cmp loaded, user has not decided yet
        } else if (consentState === 0) {
            // EEA user, consent rejected
        } else if (consentState === 1) {
            // EEA user, consent accepted
        }
    };

    // // add extra timeout call, in case network issues occur with loading clickio consent js
    // setTimeout((function(){return function(){
    //     // you can add your own value for "default" call
    //     // make sure possible double-call won`t break anything (use semaphore variable)
    //     window.__lxG__consent__.consentCallback(0);
    // };})(), 1500);
})();

To integrate Clickio Consent Tool with 3rd tags, use the following method to get consent status.

window.__lxG__consent__.getState();

The method returns the following values:

   
null GDPR not applicable (non-eu user)
-1 user has not decided yet
0 personalized ads are not allowed
1 personalised ads allowed

The other way to determine the consent status is to directly check the user's 1st party cookies. Every user who made consent choice would have a cookie with the name __lxG__consent__. Its value is a string of concatenated consent state (0 - rejected, 1 - accepted) and a consent disclosure version with | (pipe) delimeter.

For example, 0|1 means that the user rejected personalisation and the consent disclosure language version was 1 (disclosure versions are available in Clickio Consent Tool settings).

How to force the consent dialog to be shown

You can use the following code to show the consent UI. Please note that it will only be shown to EEA users.

window.__lxG__consent__.showConsent();

Alternatively, you can add ?showConsent=1 parameter to the page URL.

Implementation Guide

Step 1: Install сonsent code 
  • Go to the Get code section of the GDPR Consent tool settings.
  • Copy the top script and insert it as the very first script between the <head></head> on all pages of your website.
Step 2: Add ‘Change privacy settings’ link 

To comply with GDPR, publishers must give users a way to change consent settings. A persistent link should be placed on your website, where users can easily find it and edit their consent preferences at any time. A click on this link will show the consent dialog again.

  • Copy the following code, it also can be found in the Get code section of the GDPR Consent tool settings:
<a href="#" onclick="if(window.__lxG__consent__ !== undefined) {window.__lxG__consent__.showConsent()} else {alert('This function only for users from European Economic Area (EEA)')}; return false">Change privacy settings</a>
  • The text ‘Change privacy settings’ can be edited and translated into your site’s language.
  • Place the link either on all pages of your website (for example, in footer or header) or inside your Privacy/Cookie policy.

 

Implementation Examples

Implementation Examples

Pausing Google Tag Manager tags

  1. Place this code in <head></head> section of the site, after our Consent Tool line and before GTM script:
<script>
(window.__lxG__consent__ = window.__lxG__consent__ || {}).consentCallback = function (state) {
if (state !== -1) {(window.dataLayer = window.dataLayer || []).push({'event': 'consentReady'});}};
</script>
  1. Create a custom event trigger with Event name "consentReady": img01.png

  2. Add a new trigger in "Triggering" section of the tag: img02.png

Read more about custom event triggers in Google Tag manager.

Implementation Examples

Troubleshooting ad pausing and unpausing

Introduction

Ad Manager
AdSense and Ad Exchange
General

Why ads might fail to pause

The main reasons why the Consent Tool might not pause the ads, along with solutions, are listed below.

1. The setting is set to "Load non-personalized ads while the user is choosing" instead of "Pause ads while the user is choosing".

If this is the case, change the setting and allow 5 minutes for the Consent Tool to update.

2. The ads are called before the Consent Tool is initiated.

In certain cases, ad units might be called before the Consent Tool has a chance to invoke corresponding pausing mechanism.

3. Some other code on the page initiates refresh() of Ad Manager ad units.

Other scripts on the page can call refresh() of ad units. You can use Google Publisher Console to detect this behavior.

4. Advertising is shown by ad tags other than Ad Manager and AdSense

By default, the Consent Tool only pauses Ad Manager and AdSense tags. If you have tags from other vendors on the site, they can communicate with the Consent Tool using CMP Javascript API, which is a standard part of the IAB's Transparency and Consent Framework. Alternatively, the tags can be paused and unpaused using the Consent Tool's simplified API.

If you use Google Tag Manager to show ad tags, please refer to our GTM integration guide.

Some ad units fail to show

After the user decision, the Consent Tool refreshes all ad units on the page. If new ad units are dynamically added on the page later (for example, when the new content is loaded in an infinite scroll), they need to be refreshed manually using refresh() method after calling display().

Callback queue pausing solution

To help you solve more complicated cases, we've created the ultimate weapon - a queue-based pausing/unpausing solution.

The following code will allow pausing any ads, but is customized for AdManager. Any parts can be ommited if there is no need in them.

// initialize Ad Manager globals
var googletag = googletag || {};
googletag.cmd = googletag.cmd || [];

// Consent tool logic ready queue
var consentCallbackQueue = (function(window, undefined) {
    let timeoutCallInSeconds  = 5; // false to disable

    let queue                 = [];
    let startImmediately      = false;
    let consentCallbackCalled = false;

    let addFunction = function (callback) {
        if (startImmediately) {
            callback();
        } else {
            queue.push(callback);
        }
    };

    let runQueue = function () {
        startImmediately = true;
        queue.map(function(callback, i){
            if (callback !== undefined) {
                callback();
                queue[i] = undefined;
            }
        });
    };

  	// callback which is executed by CCT code upon consent state determination
    (window.__lxG__consent__ = window.__lxG__consent__ || {}).consentCallback = function(consentState){
        consentCallbackCalled = true;

        if (consentState === null) {
            // consent not applicable, non-eu user, executing queue right away
            runQueue();
        } else if (consentState === -1) {
            // eu user, consent interface shown, cmp loaded, user has not decided yet
        } else if (consentState === 0) {
            // eu user, consent rejected, for custom advertisements systems be sure to turn on anonymous ads here
            runQueue();
        } else if (consentState === 1) {
            // eu user, consent accepted, executing the queue
            runQueue();
        }
    };

    // in case of network problems in loading consent.js
    if (timeoutCallInSeconds) {
        setTimeout(function () {
            if (!consentCallbackCalled) {
                // notify code there is no consent
                if (console && console.log) {
                	// debug message
                    console.log('consentCallbackQueue timeout call');
                }

                // force-disable personalized ads, if not implemented in __lxG__consent__.consentCallback
                if (window.googletag.pubads) {
                    window.googletag.pubads().setRequestNonPersonalizedAds(1);
                } else {
                    window.googletag.cmd.unshift(function () {
                        window.googletag.pubads().setRequestNonPersonalizedAds(1);
                    });
                }
				
                // calling function to trigger logic
                window.__lxG__consent__.consentCallback(0);
            }
        }, timeoutCallInSeconds*1000);
    }

    return {
        push: addFunction
    };
})(window);

// function to display AdManager slot by it`s div ID
// it supports automatic slot refresh if disableInitialLoad was called before
function displayAndRefreshSlotById(slotId) {
    consentCallbackQueue.push(function () {
        googletag.cmd.push(function () {
            if (window.google_DisableInitialLoad) {
                googletag.pubads().getSlots().forEach(function (slot) {
                    if (slot.getSlotElementId() == slotId) {
                        googletag.display(slotId);
                        googletag.pubads().refresh([slot]);
                    }
                });
            } else {
                googletag.display(slotId);
            }
        });
    });
}

// you should replace 
// googletag.cmd.push(function () {
//     googletag.display('div-id-1');
// });
// with
// displayAndRefreshSlotById('div-id-1');

The core of the logic is a special callbacks queue, which is consecutively executed upon consent determination (either user decides in the UI or consent state is read from the cookies). This queue mechanism is also fully functional for non-EU users, so no need for geo-based logic branching.

In the example above, there is also an utility function (displayAndRefreshSlotById) which incorporates adding callback to the consent queue and triggering display and refresh for the AdManager slot found by its div ID. Implementaion may vary for other advertising systems.

Implementation Examples

CMP API usage

Introduction

As an approved IAB Consent Management Platform, Clickio Consent Tool fully supports the standardised CMP Javascript API for user consent data retrieval.

Non-EU visitors and CMP API

By default, non-EU version of the Consent Tool code (automaticaly served by our geo-aware CDN) does not include CMP API functionality (to minimize load traffic/time), but that is server-side configurable - feel free to contact support if you need it.

General information

Current version API documentation can be found here. Clickio CMP API implementation fully supports all the described functionality.

When implementing the CMP API integration, you should bear in mind that it loads aynchronously, so you can not directly call __cmp function to pass commands from your scripts. Avoid implementing any await cycles/timeouts, which create parasitic load or delays. Instead, you can use a simple CMP API stub, which gracefully handles all the calls for you, while the full code loads.

(function (window) {
    window.__cmp = (function () {
        var listen = window.attachEvent || window.addEventListener;
        listen('message', function (event) {
            window.__cmp.receiveMessage(event);
        });

        var commandQueue   = [];
        var cmp            = function (command, parameter, callback) {
            if (command === 'ping') {
                callback({"cmpLoaded": false}, true);
            } else {
                commandQueue.push({
                    command:   command,
                    parameter: parameter,
                    callback:  callback
                });
            }
        };
        cmp.commandQueue   = commandQueue;

        cmp.receiveMessage = function (event) {
            var data = event && event.data && event.data.__cmpCall;
            if (data) {
                commandQueue.push({
                    callId:    data.callId,
                    command:   data.command,
                    parameter: data.parameter,
                    event:     event
                });
            }
        };

        return cmp;
    }());
})(window);

After installing this code on the page, you can then call the API as usual (getConsentData dump example is shown below).

window.__cmp('getConsentData', null, function (consentData, consentDataSuccess) {
    console.groupCollapsed('getConsentData called ('+consentDataSuccess+')');
    console.log(consentData);
    console.groupEnd();
});

The stub stores the request and replies as soon as the full code loads. PostMessage commands are also supported.

FAQ

Are pop-ups targeted to EEA?
Yes, only users based in EEA will see the consent pop-ups.

Can I add my own disclosures and additional partners?
Yes, you can modify all the texts in the consent interface, and add custom detailed disclosures using “Introduction” and “Custom disclosures” fields.

Can users revoke consent using the tool?
Yes. We provide publishers with the link that must be placed on the site. When the user clicks on the link, the consent dialog reappears.

  1. For a new user, Consent Tool either pauses ad requests or switches all Google tags into the non-personalised mode (depending on the settings).
  2. User can see the full listed of Google Vendors in the consent dialog.
  3. When the user makes a choice, the tool resumes Google tags in either personalised or non-personalised mode.

I have Google Ad Manager/Ad Exchange/AdSense tags that are not managed by Clickio on my site. Will Clickio Consent Tool work with these tags?
Yes, the consent tool will automatically declare a correct personalization mode to all Google tags. Personalized ads will be requested for users who granted consent, non-personalised for those who rejected this option.

Clickio participates in the Framework as a registered Consent Management Provider (CMP ID 63). We are fully compatible with the framework.

How often is the IAB vendor list updated?
We store a cached version of the IAB vendor list to speed up delivery, but it is updated every few hours.

How long is the consent stored for? In which cases the consent dialog is shown again?
The user’s privacy choice is remembered for 13 months. The consent dialog will be shown before in the following cases.

  1. The user clicks on the “Change Privacy Settings” link.
  2. The publisher changes the disclosure version in the Consent Tool settings.
  3. New vendors have been added to the IAB vendor list and a certain number of days have passed since the last user decision. According to the GDPR, when new vendors are added, the publisher needs to ask the user for consent again, in order to pass personal information to new vendors. Once the user gives consent to a particular version of the IAB vendor list, the Consent Tool will not ask the user again for a certain number of days, even if the vendor list changes. However, after some time, the tool will prompt the consent dialog again, so that the site can utilize new vendors. This specific interval depends on how frequently the IAB list changes and the relative importance of added vendors.

There is a problem with the way pop-ups look on my site.
In rare cases, site’s HTML/CSS can interfere with the way pop-ups look. If there is a problem, please contact support and we will resolve it as fast as possible.