0

Suppose one had a facebook pixel tags set up on google tag manager, and they are firing with google consent mode, meaning, if people refuse the cookies, a cookieless ping will be sent (for instance) facebook, and then facebook will be able to track clicks and so on.

Assuming the web site operator, who is the data controller, was relying on the "consent" legitimate purpose, would they be required to obtain consent from the user to allow this behaviour on their web site?

Improve this question
5
  • 1
    A) Legal advice is off topic here, you should make you question in the third person B) You need to clarify what you are asking. If you are asking if google consent mode will prevent facebook pixel from capturing personal info from your users that is probably a technical question that should be asked elsewhere, but I am fairly sure the answer is no.
    – User65535
    Commented Feb 19 at 11:15
  • the scenario is: We have facebook pixel tags seted up on google tag manager, and they are firing with google consent mode, meaning, if people refuse the cookies, a cookieless ping will be sent (for instance) facebook, and then facebook will be able to track clicks and so on. My opinion is that, if the user is refusing I don't think we should use consent mode on this case. Because we lying to the users. What is your thoughts on this?
    – PTaq
    Commented Feb 19 at 11:45
  • My thought is you need to add that information to the question, but also it will be closed until you change it to a hypothetical/third person tense. You are probably right though.
    – User65535
    Commented Feb 19 at 12:04
  • I have made an edit, I expected it to give you an approve before it made it live but it did not. I hope it is OK, feel free to change it as you wish of course.
    – User65535
    Commented Feb 19 at 12:10
  • 1
    There is an excellent (but German only) article discussing Google's consent mode. Consent mode is primarily there to protect Google, and doesn't affect your obligations under GDPR or ePrivacy ("cookie law"). If you review cases like Fashion ID or the Munich Google Fonts case, you will see that embedding third party content (such as pixel trackers) will likely require consent per the GDPR. Fashion ID said that merely causing a network request to FB already discloses personal data like IP addresses and thus needs legal basis.
    – amon
    Commented Feb 19 at 12:21

1 Answer 1

Reset to default
1

Where a person clicks on your website is personal information subject to the GDPR

You must have a lawful reason to collect this data and you are ruling out consent: what is your lawful basis?

Cookies are an irrelevant distraction.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .