Google Tag Manager

What is Google Tag Manager?

Google Tag Manager is a tag management system developed by Google. It simplifies the process of managing and deploying various tags on a website without the need for manual code implementation. With Google Tag Manager, website owners and marketers can easily add and update tags for analytics, advertising, and other tracking purposes.

By implementing a single container code on their website, users can efficiently manage and control all their tags in one central platform. This eliminates the need to modify the website’s code every time a new tag or tracking script is added or modified. It provides a user-friendly interface where tags can be configured, triggers can be set, and variables can be defined.

Google Tag Manager offers a range of features, including version control, tag templates, debugging tools, and integration with various third-party services. It allows users to track conversions, monitor user behavior, and gather valuable data for marketing and optimization purposes.

With Google Tag Manager, website owners have greater flexibility and control over their website’s tracking and tagging mechanisms, enabling them to streamline their digital marketing efforts and make data-driven decisions to enhance their online performance.

How Google Tag Manager describes their service?

“Manage all your website tags without editing code. Google Tag Manager delivers simple, reliable, easily integrated tag management solutions— for free.”

What is the purpose of this service?

This service, which falls under the basic interactions and features category, is designed to assist the website or app owner in organizing the tags or scripts they need in one central place. As a result, your data might pass through these services and could potentially be processed.

Which of my data is processed when I visit a website or use an app that runs Google Tag Manager?

Google Tag Manager collects the following personal data:

• Usage Data: Usage data is the information gathered automatically about website users and their actions. It covers device type, location, browser, operating system, visited page sequence, as well as technical details like IP addresses, request times, file sizes, and server response codes.
• Trackers: A tracker is a term used to describe any technology or method that keeps tabs on users. It may involve accessing or storing information on the user’s device or browser. Common examples of trackers include cookies, unique identifiers, web beacons, embedded scripts, and fingerprinting.

More information on how Google Tag Manager processes your personal data can be found in their privacy policy.

Does Google Tag Manager require consent under GDPR?

In March 2025, the German Administrative Court of Hanover (VG Hannover) ruled that loading Google Tag Manager (GTM) requires prior user consent, even if GTM itself does not use cookies.

The court found that GTM:

• connects to Google servers on page load, sending data such as IP address, device info, and referrer URL,
• stores JavaScript (gtm.js) on the user’s device, and
• enables the execution of third-party scripts before consent.

Because of this, the court considered GTM to be active data processing, which cannot take place without explicit, informed consent.

What does this mean for iubenda users?

Currently, iubenda’s Privacy Controls and Cookie Solution already allow you to manage GTM in two different ways:

1. Block tags inside GTM (granular approach)
   • In GTM, you can set up triggers that fire only after iubenda’s consent signals are received.
   • This way, you can allow or block specific tags depending on the purposes selected by the user (e.g., analytics, marketing).
2. Block the GTM script itself (non-granular approach)
   • You can assign GTM to a specific purpose in iubenda.
   • In this case, the entire GTM container loads only after consent for that purpose is given.

By default, GTM is categorized as a strictly necessary service in our generator, because blocking GTM at the script level can break websites. But if you want to follow the strictest interpretation of the German ruling, you can switch to one of the two approaches above.

👉 For a full breakdown of the case and how it may impact GTM use across the EU, read our blog post: Google Tag Manager and GDPR: What a Recent German Court Decision Means.

What’s a privacy policy and why it matters to me?

A privacy policy is a legal document that explains how a business collects, uses, and manages your data. These documents are required under most privacy legislations worldwide, including the GDPR, CCPA/CPRA, and LGPD, and are essential for two main reasons:

• Informed Consent — Privacy policies are crucial in providing you with the necessary information to give informed consent. You’ll know exactly what data you’re sharing and the purposes it will serve, ensuring no unexpected surprises about data usage.
• Protecting Your Rights — Privacy policies are designed to uphold your rights regarding your personal data. If a company doesn’t follow its own policy, it can be held legally accountable. Thus, understanding these policies equips you with the knowledge to protect your data rights and seek legal recourse if needed.

Understanding a privacy policy is key to maintaining control over your personal information in the digital age. Don’t just click “I Agree” — take time to know what you’re agreeing to!