Is there a setting on Google Analytics to suppress use of cookies for users who have not yet given consent

Question

According to EU Article 5(3) of the E-Privacy Directive (a.k.a \'The Cookie Laws\'), web sites that target EU users have to gain opt-in consent from users before they set a

Answer 1

Common way to handle this so far is the method used by wolf-software's jquery plugin whereby it prevents the script from running until the user opts in. The ICO updated their guidelines last week, however, to say that it is acceptable to rely on 'implied consent' of the sort used on the BBC site. While I don't really think that's within the spirit of the law, it's what's deemed acceptable by those enforcing it. Given that most of the EU has yet to implement the directive, I'd say it's highly likely they'll follow the UK's lead.

There's an interesting article about the UK updates here:

http://www.redant.com/articles/eu-cookie-law-update-ico-adopts-softly-softly-approach/

Answer 2

For a less intrusive UX solution you can set implied consent for google analytical cookies by placing a link to: cookiestatement.eu (no javascript, no popups, no ads)

Answer 3

There's a few steps to do in order to make GA work only after user accepts the cookie usage.

Disable cookies

   <script async src="https://www.googletagmanager.com/gtag/js?id=UA-XXXXXX-Y"></script>
-- <script>
-- window.dataLayer = window.dataLayer || [];
-- function gtag(){dataLayer.push(arguments);}
-- gtag('js', new Date());
-- gtag('config', 'UA-XXXXXX-Y');
-- </script>

At the point where GA is implemented, this needs to be updated by just importing the gtag.js script and removing the GA initialisation.

Enable GTag when user accepts cookies

GTag Opt In is a tool that enable and disable GA when user accepts/rejects cookies.

<script src="https://www.npmcdn.com/gtag-opt-in@2.0.0/dist/index.js"></script>
<script>
  GTagOptIn.register('UA-XXXXXX-Y');

  ...
  // On user opt in
  GTagOptIn.optIn();
  // On user opt out
  GTagOptIn.optOut();
  ...
</script>

Library is loaded. GA tracking ID is registered. Later the optIn and optOut functions can bind to user actions' accept/reject.

You can read more about it on How To Implement Google Analytics With Opt In.

Answer 4

You can use something like Legal Monster - to block cookies if user didn't give consent for analytical cookies.

legal.js currently supports blocking (and enabling) of analytics and marketing cookies; more categories will be available in the future.

Here is more detailed guide on blocking cookies.

Answer 5

EDIT: There is a Google Analytics setting for this with the Asynchronous GA snippet.

There isn't a Google Analytics setting for this, as you're suggesting, you would need to conditionally exclude the script for those that have not consented if you want to use the Google Analytics Javascript tracking script.

There are some solutions out there already that can be helpful instead of rolling your own. Javascript: http://cookies.dev.wolf-software.com/demo/index.htm

Here is a solution that allows using Google Analytics basic features without cookies, by doing the tracking server side, this example is in PHP: http://techpad.co.uk/content.php?sid=205

Answer 6

Sorry for being late to answer but I was looking for the same thing recently until I found out a way myself. It may not be the right way to do it but it works. (only works on site in question does not opt-out of GA completely). I have tested for a few days to make sure.

The way I have managed to do it is using a PHP cookie. First start off with adding the analyticstracking.php include...

<?php include_once('analyticstracking.php'); ?>

and in analyticstracking.php add the following...

<?php
if($_COOKIE['consent_cookie']=="Y"){
?>

<script type="text/javascript">
var _gaq = _gaq || [];
  _gaq.push(['_setAccount', 'UA-********-*']);
  _gaq.push(['_trackPageview']);

  (function() {
    var ga = document.createElement('script'); ga.type = 'text/javascript';     ga.async = true;
    ga.src = ('https:' == document.location.protocol ? 'https://ssl' :      'http://www') + '.google-analytics.com/ga.js';
    var s = document.getElementsByTagName('script')[0];      s.parentNode.insertBefore(ga, s);
  })();
</script>

<?php   
}
else{
//do nothing
}
?>

Before the user has consented to cookies Google Analytics won't work and once they have, the 'consent_cookie' will be saved and will allow GA to work but if the 'google' cookie is destroyed it will stop GA from working (Obviously).

Like I said it may not be the right way but I have tried and tested and it does. Hope this helps somebody.