zhongwei/gh-henkisdabro-wookstar-claude-code-plugins-ga-suite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Zhongwei Li
2025-11-29 18:32:40 +08:00
commit 0ea8352871
72 changed files with 30043 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

458
skills/ga4-privacy-compliance/SKILL.md Normal file
View File

@@ -0,0 +1,458 @@
---
name: ga4-privacy-compliance
description: Expert guidance for GA4 privacy and compliance including GDPR, CCPA, Consent Mode v2, data deletion, and privacy settings. Use when implementing Consent Mode, ensuring GDPR compliance, handling data deletion requests, configuring consent banners, or implementing privacy-first tracking. Covers consent parameters (ad_user_data, ad_personalization), data retention, IP anonymization, and compliance workflows.
---
# GA4 Privacy and Compliance
## Overview
GA4 provides privacy-focused features for GDPR, CCPA, and global privacy regulations including Consent Mode, data controls, and compliance workflows.
## When to Use This Skill
Invoke this skill when:
- Implementing Consent Mode v2 for GDPR compliance
- Setting up consent banners and consent management platforms (CMPs)
- Configuring privacy settings for EU/EEA users
- Handling GDPR/CCPA data deletion requests
- Implementing privacy-first tracking strategies
- Setting consent parameters (ad_storage, analytics_storage)
- Configuring data retention policies
- Managing user opt-outs and privacy requests
- Working with consent management platforms (OneTrust, Cookiebot)
- Implementing server-side consent tracking
- Debugging consent mode implementation
- Ensuring regulatory compliance for analytics
## Core Capabilities
### Consent Mode v2
**What is Consent Mode:**
Google's API for communicating user consent status to GA4, Google Ads, and other Google tags.
**Consent Parameters (v2):**
1. **ad_storage**
- Purpose: Advertising cookies (remarketing, conversion tracking)
- Values: "granted" | "denied"
2. **analytics_storage**
- Purpose: Analytics cookies (GA4 tracking)
- Values: "granted" | "denied"
3. **ad_user_data** (NEW in v2)
- Purpose: User data sharing for advertising
- Values: "granted" | "denied"
4. **ad_personalization** (NEW in v2)
- Purpose: Personalized advertising
- Values: "granted" | "denied"
**Additional Parameters:**
5. **personalization_storage**
- Purpose: Website personalization
- Values: "granted" | "denied"
6. **functionality_storage**
- Purpose: Essential site functionality
- Values: "granted" | "denied"
7. **security_storage**
- Purpose: Security features (fraud prevention)
- Values: "granted" | "denied"
### Implementing Consent Mode
**Basic Implementation (gtag.js):**
**Step 1: Set Default Consent State (BEFORE gtag.js)**
```html
<script>
// Set default consent to denied
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('consent', 'default', {
'ad_storage': 'denied',
'ad_user_data': 'denied',
'ad_personalization': 'denied',
'analytics_storage': 'denied'
});
// Configure GA4
gtag('config', 'G-XXXXXXXXXX');
</script>
<!-- Load gtag.js -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-XXXXXXXXXX"></script>
```
**Step 2: Update Consent After User Choice**
```javascript
// When user accepts all cookies
gtag('consent', 'update', {
'ad_storage': 'granted',
'ad_user_data': 'granted',
'ad_personalization': 'granted',
'analytics_storage': 'granted'
});
// When user accepts only analytics
gtag('consent', 'update', {
'ad_storage': 'denied',
'ad_user_data': 'denied',
'ad_personalization': 'denied',
'analytics_storage': 'granted'
});
// When user denies all
gtag('consent', 'update', {
'ad_storage': 'denied',
'ad_user_data': 'denied',
'ad_personalization': 'denied',
'analytics_storage': 'denied'
});
```
**GTM Implementation:**
**Method 1: Using Consent Mode Template**
1. **Install CMP Template** (OneTrust, Cookiebot, etc.)
2. Configure default consent in template
3. Template auto-updates consent on user choice
**Method 2: Manual GTM Setup**
**Create Consent Initialization Tag:**
1. Tag Type: Custom HTML
2. Code:
```html
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('consent', 'default', {
'ad_storage': 'denied',
'analytics_storage': 'denied',
'ad_user_data': 'denied',
'ad_personalization': 'denied'
});
</script>
```
3. Trigger: Consent Initialization - All Pages
4. Tag firing priority: 999 (fires first)
**Create Consent Update Tag (on user acceptance):**
1. Tag Type: Custom HTML
2. Code: `gtag('consent', 'update', ...)`
3. Trigger: Custom event from CMP (e.g., `consent_granted`)
### Regional Settings
**EU-Specific Consent:**
```javascript
gtag('consent', 'default', {
'ad_storage': 'denied',
'analytics_storage': 'denied'
}, {
'region': ['AT', 'BE', 'BG', 'HR', 'CY', 'CZ', 'DK', 'EE', 'FI', 'FR', 'DE', 'GR', 'HU', 'IE', 'IT', 'LV', 'LT', 'LU', 'MT', 'NL', 'PL', 'PT', 'RO', 'SK', 'SI', 'ES', 'SE', 'GB']
});
gtag('consent', 'default', {
'ad_storage': 'granted',
'analytics_storage': 'granted'
}, {
'region': ['US-CA'] // California - CCPA
});
```
### Consent Mode Behavior
**When analytics_storage = "denied":**
- GA4 uses cookieless pings
- No client_id stored in cookies
- Modeling used to fill gaps
- Limited user tracking
- Session duration not tracked
**When analytics_storage = "granted":**
- Full GA4 tracking enabled
- Cookies stored
- client_id persists
- Complete user journey tracking
**Conversion Modeling:**
When consent denied, GA4 uses:
- Machine learning to estimate conversions
- Aggregated, anonymized data
- Behavioral modeling
- "Modeled" label in reports
### Data Retention Settings
**Path:** Admin → Data Settings → Data Retention
**Options:**
- **2 months** (default)
- **14 months**
**Applies To:**
- User-level data in Explorations
- Event-level data in Explorations
- Does NOT affect standard reports
**Reset on New Activity:**
- ON: Timer resets when user returns (rolling window)
- OFF: Data deleted based on original collection date
**GDPR Compliance:**
- Shorter retention = more privacy-focused
- Document retention policy in privacy policy
- Consider BigQuery export for longer storage
### Data Deletion Requests
**User Right to Deletion (GDPR Article 17):**
**Deleting User Data:**
1. **Admin → Data Settings → Data Deletion Requests**
2. **Create Deletion Request**
3. Choose deletion parameter:
- **User ID:** Delete by user_id
- **Client ID:** Delete by client_id (user_pseudo_id)
- **App Instance ID:** Delete by app instance
4. Enter identifier value
5. Choose date range or "All time"
6. Submit request
**Processing:**
- Takes up to 72 hours
- Deletes ALL events for that identifier
- Cannot be undone
- Confirmation email sent when complete
**Best Practice:**
- Maintain deletion request log
- Respond to requests within 30 days (GDPR requirement)
- Document process in privacy policy
### IP Anonymization
**GA4 Default Behavior:**
- GA4 does NOT log or store IP addresses
- IP used only for geo-location derivation
- No additional anonymization needed
**Unlike Universal Analytics:**
- No `anonymize_ip` parameter needed
- Privacy-first by design
- IP address never in reports or exports
### Google Signals
**What It Enables:**
- Demographics reporting (age, gender)
- Interests reporting
- Cross-device tracking (without User ID)
- Remarketing audiences
**Privacy Implications:**
- Requires user consent for personalized ads
- Subject to data thresholds
- User opt-out via Ads Settings
**Enabling:**
Admin → Data Settings → Data Collection → Google Signals
**Recommendation:**
- Enable only with proper consent
- Respect user opt-outs
- Document in privacy policy
### Data Thresholds
**What Are Thresholds:**
GA4 applies thresholds to reports when:
- Small user counts could reveal individual identity
- Google Signals enabled
- User demographics requested
**When Applied:**
- Small audience sizes
- Rare combinations of dimensions
- Reports show "(thresholded)" or data withheld
**Managing Thresholds:**
- Disable Google Signals (if not needed)
- Use broader date ranges
- Aggregate dimensions
- Export to BigQuery for unthresholded data
### Consent Management Platforms (CMPs)
**Popular CMPs:**
- OneTrust
- Cookiebot
- Termly
- Osano
- TrustArc
**GTM CMP Templates:**
Most CMPs provide GTM templates:
1. **Community Template Gallery** → Search CMP name
2. Install template
3. Configure CMP settings
4. Auto-updates consent to GA4
**Example: Cookiebot Integration**
1. Install Cookiebot tag on site
2. Install Cookiebot template in GTM
3. Template auto-sets default consent
4. Updates consent based on user choice
5. No manual gtag('consent') needed
### GDPR Compliance Checklist
- [ ] Privacy policy updated with GA4 usage
- [ ] Cookie consent banner implemented
- [ ] Consent Mode v2 configured (all 4 parameters)
- [ ] Default consent set to "denied" for EU users
- [ ] Consent updates on user acceptance
- [ ] Data retention configured (2 or 14 months)
- [ ] Data deletion process documented
- [ ] User opt-out mechanism available
- [ ] Google Signals consent obtained (if enabled)
- [ ] Cross-border data transfer disclosures
- [ ] DPA (Data Processing Agreement) with Google signed
- [ ] Regular privacy audit schedule
### CCPA Compliance
**Requirements:**
- Allow users to opt out of "sale" of personal information
- Provide "Do Not Sell My Personal Information" link
- Honor Global Privacy Control (GPC)
**Implementation:**
```javascript
// Detect GPC signal
if (navigator.globalPrivacyControl) {
gtag('consent', 'update', {
'ad_storage': 'denied',
'ad_user_data': 'denied',
'ad_personalization': 'denied',
'analytics_storage': 'granted' // Analytics OK, ads denied
});
}
```
**GTM Variable for GPC:**
1. Variable Type: JavaScript Variable
2. Global Variable Name: `navigator.globalPrivacyControl`
3. Use in Consent Mode logic
### Testing Consent Mode
**Verification Steps:**
1. **DebugView Test:**
- Enable DebugView
- Before consent: Check `analytics_storage = denied`
- After consent: Check `analytics_storage = granted`
2. **Check Event Parameters:**
- Events should include consent status
- Look for `gcs` parameter (Google Consent State)
3. **Cookie Inspection:**
- Before consent: No `_ga` cookie
- After consent: `_ga` cookie set
4. **GTM Preview:**
- Verify Consent Initialization tag fires first
- Verify GA4 tag respects consent
- Verify consent update tags fire on user action
**Chrome DevTools:**
```javascript
// Check current consent state
dataLayer.filter(item => item[0] === 'consent')
```
### Server-Side Consent
**Measurement Protocol with Consent:**
```json
{
"client_id": "client_123",
"consent": {
"ad_storage": "denied",
"analytics_storage": "granted",
"ad_user_data": "denied",
"ad_personalization": "denied"
},
"events": [...]
}
```
**Best Practice:**
- Pass consent status from frontend to backend
- Include in all Measurement Protocol requests
- Store user consent preferences in database
## Integration with Other Skills
- **ga4-setup** - Privacy settings during property setup
- **ga4-gtag-implementation** - Implementing Consent Mode with gtag.js
- **ga4-gtm-integration** - GTM Consent Mode setup
- **ga4-data-management** - Data retention and deletion
- **ga4-user-tracking** - User ID and privacy considerations
- **ga4-measurement-protocol** - Server-side consent parameters
## References
- **references/consent-mode-complete.md** - Complete Consent Mode v2 implementation guide
- **references/gdpr-compliance.md** - GDPR compliance requirements and workflows
- **references/ccpa-compliance.md** - CCPA compliance guide
- **references/cmp-integrations.md** - Integrating popular consent management platforms
## Quick Reference
**Consent Parameters (v2):**
- `ad_storage`: Advertising cookies
- `analytics_storage`: Analytics cookies
- `ad_user_data`: User data sharing (NEW)
- `ad_personalization`: Personalized ads (NEW)
**Set Default (Before Consent):**
```javascript
gtag('consent', 'default', {
'ad_storage': 'denied',
'analytics_storage': 'denied',
'ad_user_data': 'denied',
'ad_personalization': 'denied'
});
```
**Update After User Accepts:**
```javascript
gtag('consent', 'update', {
'ad_storage': 'granted',
'analytics_storage': 'granted',
'ad_user_data': 'granted',
'ad_personalization': 'granted'
});
```
**Data Deletion:**
Admin → Data Deletion Requests → Create

534
skills/ga4-privacy-compliance/references/consent-mode-implementation-examples.md Normal file
View File

@@ -0,0 +1,534 @@
# Consent Mode v2 Implementation Examples
## Basic gtag.js Implementation
### Complete Setup (EU GDPR Compliant)
```html
<!DOCTYPE html>
<html>
<head>
<!-- Step 1: Set default consent BEFORE any tags load -->
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
// Default consent for EU users (denied)
gtag('consent', 'default', {
'ad_storage': 'denied',
'ad_user_data': 'denied',
'ad_personalization': 'denied',
'analytics_storage': 'denied',
'wait_for_update': 500 // Wait 500ms for consent update
});
</script>
<!-- Step 2: Load gtag.js -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-XXXXXXXXXX"></script>
<!-- Step 3: Configure GA4 -->
<script>
gtag('config', 'G-XXXXXXXXXX');
</script>
<!-- Your consent banner library here -->
</head>
<body>
<!-- Consent banner UI -->
<div id="consent-banner" style="display:none;">
<p>We use cookies to improve your experience.</p>
<button onclick="acceptAllConsent()">Accept All</button>
<button onclick="acceptAnalyticsOnly()">Analytics Only</button>
<button onclick="rejectAllConsent()">Reject All</button>
</div>
<script>
// Show banner if no consent stored
if (!localStorage.getItem('consentStatus')) {
document.getElementById('consent-banner').style.display = 'block';
} else {
// Apply stored consent
applyStoredConsent();
}
function acceptAllConsent() {
gtag('consent', 'update', {
'ad_storage': 'granted',
'ad_user_data': 'granted',
'ad_personalization': 'granted',
'analytics_storage': 'granted'
});
localStorage.setItem('consentStatus', 'all');
document.getElementById('consent-banner').style.display = 'none';
}
function acceptAnalyticsOnly() {
gtag('consent', 'update', {
'ad_storage': 'denied',
'ad_user_data': 'denied',
'ad_personalization': 'denied',
'analytics_storage': 'granted'
});
localStorage.setItem('consentStatus', 'analytics');
document.getElementById('consent-banner').style.display = 'none';
}
function rejectAllConsent() {
gtag('consent', 'update', {
'ad_storage': 'denied',
'ad_user_data': 'denied',
'ad_personalization': 'denied',
'analytics_storage': 'denied'
});
localStorage.setItem('consentStatus', 'none');
document.getElementById('consent-banner').style.display = 'none';
}
function applyStoredConsent() {
const status = localStorage.getItem('consentStatus');
if (status === 'all') {
acceptAllConsent();
} else if (status === 'analytics') {
acceptAnalyticsOnly();
} else {
rejectAllConsent();
}
}
</script>
</body>
</html>
```
## Regional Consent Settings
### EU vs US Default Consent
```javascript
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
// EU/EEA: Default denied
gtag('consent', 'default', {
'ad_storage': 'denied',
'ad_user_data': 'denied',
'ad_personalization': 'denied',
'analytics_storage': 'denied'
}, {
'region': ['AT', 'BE', 'BG', 'HR', 'CY', 'CZ', 'DK', 'EE', 'FI', 'FR', 'DE', 'GR', 'HU', 'IE', 'IT', 'LV', 'LT', 'LU', 'MT', 'NL', 'PL', 'PT', 'RO', 'SK', 'SI', 'ES', 'SE', 'GB', 'IS', 'LI', 'NO']
});
// US (except California): Default granted
gtag('consent', 'default', {
'ad_storage': 'granted',
'ad_user_data': 'granted',
'ad_personalization': 'granted',
'analytics_storage': 'granted'
});
// California (CCPA): Analytics granted, ads denied
gtag('consent', 'default', {
'ad_storage': 'denied',
'ad_user_data': 'denied',
'ad_personalization': 'denied',
'analytics_storage': 'granted'
}, {
'region': ['US-CA']
});
```
## Google Tag Manager Implementation
### Method 1: Custom HTML Tags
**Tag 1: Consent Initialization (Fires First)**
```html
<!-- Tag Name: Consent Mode - Initialization -->
<!-- Tag Type: Custom HTML -->
<!-- Firing Trigger: Consent Initialization - All Pages -->
<!-- Advanced Settings → Tag firing priority: 999 -->
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('consent', 'default', {
'ad_storage': 'denied',
'ad_user_data': 'denied',
'ad_personalization': 'denied',
'analytics_storage': 'denied',
'wait_for_update': 500
});
</script>
```
**Tag 2: Consent Update - Accept All**
```html
<!-- Tag Name: Consent Mode - Accept All -->
<!-- Tag Type: Custom HTML -->
<!-- Firing Trigger: Custom Event - consent_granted -->
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('consent', 'update', {
'ad_storage': 'granted',
'ad_user_data': 'granted',
'ad_personalization': 'granted',
'analytics_storage': 'granted'
});
</script>
```
**Tag 3: Consent Update - Analytics Only**
```html
<!-- Tag Name: Consent Mode - Analytics Only -->
<!-- Tag Type: Custom HTML -->
<!-- Firing Trigger: Custom Event - consent_analytics -->
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('consent', 'update', {
'ad_storage': 'denied',
'ad_user_data': 'denied',
'ad_personalization': 'denied',
'analytics_storage': 'granted'
});
</script>
```
### Method 2: Using CMP Template (Cookiebot Example)
1. **Install Cookiebot Template:**
- GTM Templates → Template Gallery
- Search "Cookiebot"
- Add to workspace
2. **Configure Cookiebot Tag:**
- Tag Type: Cookiebot CMP (Community Template)
- Cookiebot ID: Your Cookiebot ID
- Default consent: All denied
- Trigger: Consent Initialization - All Pages
- Priority: 999
3. **Cookiebot auto-handles:**
- Default consent setting
- Consent updates on user choice
- Consent persistence
- Regional settings
## JavaScript Event Listeners
### Listening to Consent Changes
```javascript
// Monitor consent state changes
window.addEventListener('consent-update', function(event) {
console.log('Consent updated:', event.detail);
// Send custom event to analytics
gtag('event', 'consent_update', {
'consent_status': event.detail.analytics_storage,
'timestamp': new Date().toISOString()
});
});
// Trigger on user action
function updateConsent(status) {
gtag('consent', 'update', status);
// Dispatch event for other scripts
window.dispatchEvent(new CustomEvent('consent-update', {
detail: status
}));
}
```
## CCPA / Global Privacy Control (GPC)
### Detecting and Honoring GPC
```javascript
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
// Check for Global Privacy Control signal
if (navigator.globalPrivacyControl === true) {
// User has GPC enabled - deny advertising
gtag('consent', 'default', {
'ad_storage': 'denied',
'ad_user_data': 'denied',
'ad_personalization': 'denied',
'analytics_storage': 'granted' // Analytics OK
});
} else {
// No GPC signal - use standard defaults
gtag('consent', 'default', {
'ad_storage': 'denied',
'ad_user_data': 'denied',
'ad_personalization': 'denied',
'analytics_storage': 'denied'
});
}
```
### GTM Variable for GPC
**Variable Configuration:**
- Variable Type: Custom JavaScript
- Name: "GPC - Global Privacy Control"
```javascript
function() {
return navigator.globalPrivacyControl === true ? 'enabled' : 'disabled';
}
```
Use in consent logic to conditionally set consent.
## Consent with Server-Side Tracking
### Measurement Protocol with Consent
```python
import requests
import json
MEASUREMENT_ID = "G-XXXXXXXXXX"
API_SECRET = "your_api_secret"
ENDPOINT = f"https://www.google-analytics.com/mp/collect?measurement_id={MEASUREMENT_ID}&api_secret={API_SECRET}"
def send_with_consent(client_id, event_name, consent_status):
payload = {
"client_id": client_id,
"consent": {
"ad_storage": consent_status.get('ad_storage', 'denied'),
"analytics_storage": consent_status.get('analytics_storage', 'denied'),
"ad_user_data": consent_status.get('ad_user_data', 'denied'),
"ad_personalization": consent_status.get('ad_personalization', 'denied')
},
"events": [{
"name": event_name,
"params": {}
}]
}
response = requests.post(ENDPOINT, json=payload)
return response.status_code == 204
# Example: User has granted analytics only
send_with_consent(
client_id="client_123",
event_name="purchase",
consent_status={
"ad_storage": "denied",
"analytics_storage": "granted",
"ad_user_data": "denied",
"ad_personalization": "denied"
}
)
```
## SPA (Single Page Application) Consent
### React Example
```javascript
import { useEffect, useState } from 'react';
function ConsentManager() {
const [showBanner, setShowBanner] = useState(false);
useEffect(() => {
// Initialize consent on app load
window.dataLayer = window.dataLayer || [];
function gtag(){window.dataLayer.push(arguments);}
// Set default
gtag('consent', 'default', {
'ad_storage': 'denied',
'analytics_storage': 'denied',
'ad_user_data': 'denied',
'ad_personalization': 'denied'
});
// Check for stored consent
const storedConsent = localStorage.getItem('userConsent');
if (storedConsent) {
const consent = JSON.parse(storedConsent);
gtag('consent', 'update', consent);
} else {
setShowBanner(true);
}
}, []);
const acceptAll = () => {
const consent = {
'ad_storage': 'granted',
'analytics_storage': 'granted',
'ad_user_data': 'granted',
'ad_personalization': 'granted'
};
window.gtag('consent', 'update', consent);
localStorage.setItem('userConsent', JSON.stringify(consent));
setShowBanner(false);
};
const rejectAll = () => {
const consent = {
'ad_storage': 'denied',
'analytics_storage': 'denied',
'ad_user_data': 'denied',
'ad_personalization': 'denied'
};
window.gtag('consent', 'update', consent);
localStorage.setItem('userConsent', JSON.stringify(consent));
setShowBanner(false);
};
if (!showBanner) return null;
return (
<div className="consent-banner">
<p>We use cookies to improve your experience.</p>
<button onClick={acceptAll}>Accept</button>
<button onClick={rejectAll}>Reject</button>
</div>
);
}
export default ConsentManager;
```
## Testing Consent Mode
### DebugView Verification
```javascript
// Enable debug mode for testing
gtag('config', 'G-XXXXXXXXXX', {
'debug_mode': true
});
// Set consent
gtag('consent', 'update', {
'analytics_storage': 'granted'
});
// Send test event
gtag('event', 'test_consent', {
'test_parameter': 'test_value'
});
// Check in DebugView:
// 1. Event appears
// 2. Event details show consent status
// 3. Look for "gcs" parameter (Google Consent State)
```
### Console Verification
```javascript
// Check consent state in console
dataLayer.filter(item => item[0] === 'consent')
// Expected output:
// [
// ['consent', 'default', {...}],
// ['consent', 'update', {...}]
// ]
```
### Cookie Inspection
**Before Consent (analytics_storage = denied):**
- Open DevTools → Application → Cookies
- Should NOT see `_ga`, `_ga_*` cookies
**After Consent (analytics_storage = granted):**
- `_ga` cookie present
- `_ga_<container-id>` cookie present
## Advanced: Granular Consent Options
### Custom Consent Categories
```javascript
// Your custom consent preferences
const userPreferences = {
necessary: true, // Always on
analytics: true, // User accepted
marketing: false, // User denied
personalization: true // User accepted
};
// Map to Google consent parameters
const consentMapping = {
ad_storage: userPreferences.marketing ? 'granted' : 'denied',
ad_user_data: userPreferences.marketing ? 'granted' : 'denied',
ad_personalization: userPreferences.personalization ? 'granted' : 'denied',
analytics_storage: userPreferences.analytics ? 'granted' : 'denied'
};
// Update consent
gtag('consent', 'update', consentMapping);
```
## Consent Revocation
### Allowing Users to Change Consent
```javascript
function showConsentSettings() {
// Show modal/settings page
document.getElementById('consent-settings-modal').style.display = 'block';
}
function updateConsentPreferences(newPreferences) {
gtag('consent', 'update', newPreferences);
localStorage.setItem('userConsent', JSON.stringify(newPreferences));
// Optional: Reload page to apply changes
// window.location.reload();
}
// Example: User clicks "Withdraw Consent"
function withdrawConsent() {
const deniedConsent = {
'ad_storage': 'denied',
'analytics_storage': 'denied',
'ad_user_data': 'denied',
'ad_personalization': 'denied'
};
updateConsentPreferences(deniedConsent);
// Delete existing GA cookies
document.cookie.split(";").forEach(function(c) {
if (c.trim().startsWith('_ga')) {
document.cookie = c.replace(/^ +/, "").replace(/=.*/, "=;expires=" + new Date().toUTCString() + ";path=/");
}
});
}
```
## Compliance Checklist
- [ ] Default consent set to "denied" before tags load
- [ ] Consent banner shown before tracking
- [ ] User can accept/reject consent
- [ ] Consent choices persist across sessions
- [ ] Consent can be withdrawn/changed later
- [ ] All 4 v2 parameters included (ad_storage, analytics_storage, ad_user_data, ad_personalization)
- [ ] Regional settings configured if needed
- [ ] GPC honored for CCPA compliance
- [ ] Consent status tested in DebugView
- [ ] Cookie behavior verified (no cookies before consent)
- [ ] Privacy policy updated with consent information