Updated: May 14th, 2018 (added support for Internet Explorer and Edge). 

Since the dawn of GDPR is getting really close, marketers, web analysts and others are rushing to be compliant. I have to be honest, I still feel confused a bit about how this (so you’re not alone), therefore do not ask for a legal compliance advice from me. I’m not the right person.

By the way, if by any accident you had been living on an uninhabited island for the last several years and just returned to the civilization today, here’s a pretty detailed but easy-to-digest guide to GDPR (prepared by my colleagues at Omnisend).

Even though I still did not get to lay my hands on an updated GDPR-compliant cookie consent, I found this another interesting topic that I wanted to play around with.

P.S. as for a cookie consent, I’ve heard that Stéphane Hamel is working on a particular solution, so maybe I’ll just be lazy here and wait for him. Also, I’ve seen several other solutions but I’m not sure whether they are the best fit, time will show.

Anyway, back to the main topic of this blog post. For those who didn’t know, there’s a parameter that internauts can enable in their browsers called Do Not Track. And in this quick guide, I’ll show you how to honor that parameter in GTM and block tracking scripts accordingly.

What is Do Not Track?

Do Not Track is a technology and policy proposal that enables users to opt out of tracking by websites they do not visit, including analytics services, advertising networks, and social platforms. You can find a more technical description here.

As far as I know, web tracking tools usually ignore this setting (GA is not an exception), therefore, if you want to respect it, you (or your developer) should set things up by yourself (directly in the code or via Google Tag Manager).

Do Not Track is a nice way to be more honest and fair as a marketer (or web analyst, or whatever) to people who have specifically requested not to be tracked, and you’ll give those people faster page load times to boot.

Anyway, correct me if I’m wrong (which is totally possible in this context), but I’m pretty sure that respecting this parameter is not required by the GDPR. There are other measures that businesses around the globe must implement, like a consent to track + manage personal data.

In this case, Do Not Track is like an additional nice-to-have instrument not to get screwed by the regulations (you know, just in case). Once again, I might be wrong but after doing various searches, I did not find Do Not Track being explicitly mentioned.

Update: One of the readers, Vincent, chimed in and gave his version of the Do Not Track and its necessity in the context of GDPR. He quotes GDPR’s Article 25:

5. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.

Vincent believes that DNT is within the scope of an automated means using technical specifications. And you know what, that sounds convincing, therefore, I updated this blog post with his comment.

Nevertheless, you should not follow this blog post as a legal advice, always consult real lawyers first. The purpose of my post is to show the technical possibilities and how GTM can help you achieve them.


How do people enable it?

By default, Do Not Track is disabled in the modern browsers but users can enable it right away. Here are several instructions, you can check if you like: Chrome, Firefox, IE, Edge, Safari, Opera.

After this is done, with every HTTP request, your browser will also send a parameter DNT: 1 (which means Do Not Track: True).


Setting Google Tag Manager to Respect Do Not Track

So here’s the plan. We’ll somehow identify whether a visitor is willing to be tracked or not (in other words, whether Do Not Track is enabled). Then we’ll use this fact in triggers which fire tracking tags.

In fact, identifying a browser with Do Not Track enabled is pretty easy. Just create a JavaScript Variable with value navigator.doNotTrack. That’s one more use case for the underrated JavaScript Variable (by the way, I’ve posted a guide about it).

In Google Tag Manager, open a Container where you’ll be implementing this feature. Go to Variables > New, then click Variable Configuration.

Choose JavaScript Variable as a Variable Type and enter navigator.doNotTrack (just like in the screenshot below):

JavaScript Variable - Do Not Track in GTM

If you want to test it, go ahead and enable GTM Preview and Debug mode (or refresh it). If you haven’t enabled the Do Not Track before, then this JavaScript variable will return null.

Now enable that Do Not Track parameter in the browser and refresh the page where you’ve enabled GTM Preview Console. Reminder – here are the links to the most popular browsers: ChromeFirefoxIEEdgeSafariOpera.

Now, the value of that JavaScript variable should be “1”.

Do Not Track in Google Tag Manager Preview Console

Update #2! READ THIS! In the comment section of this blog post, Jen pointed out that navigator.doNotTrack works only with non-Microsoft browsers. In other words, Internet Explorer and Edge would still be tracking visitors.

In response, here’s a more robust solution, custom JavaScript variable which also supports the latter two browsers. Instead of the aforementioned JavaScript variable create this one:

  • Type: Custom JavaScript
  • Paste this code (if the variable returns “1”, then Do Not Track is enabled, otherwise it will be undefined<script>

Updated Do Not Track Variable


Blocking tracking scripts

The last step, let’s block all tracking scripts if Do Not Track JavaScript variable equals to one. There are two ways how you can do that:

#1. Update all current triggers by adding an additional condition to each one of them: JavaScript – doNotTrack does not equal to 1.
Updated GTM trigger which respects Do Not Track

#2. Or create a blocking trigger and add it as an exception to all tracking tags within GTM container. Here’s a trigger:

Blocking Trigger - Do Not Track

This trigger meets the criterion of EVERY event when Do Not Track is enabled. Now add this trigger as an exception to EVERY tracking tag (GA, Adwords, etc.) that you have in the Google Tag Manager container.

Exception in GA pageview tag

Done! Whenever a visitor has enabled the Do Not Track parameter, all updated tags will not fire.


Final words regarding Do Not Track Parameter in Google Tag Manager

User and visitor privacy is becoming a greater concern every day (especially in the current context of GDPR, Facebook scandal, etc.) and Do Not Track parameter is one of the things you should take into the account while implementing tracking features on a website/web app.

If a visitor lands on a page and his browser sends “Do Not Track” parameter, this should be considered as an explicit opt-out and you should disable all tracking. Thanks to GTM, that’s pretty easy to do.

Julius Fed

Head of Developer Operations at Omnisend. I am highly interested in Google Tag Manager, Google Analytics, Adwords, Email marketing, Email Deliverability, Digital Marketing in general. You can follow me on Twitter.