Explicit Consent

EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) demands you to ask your website visitors for explicit consent before running external services.


UserDataTrust is a cookiebox which does everything you need to get your website compliant. Like automatically enabling and disabling your third-party tags depending the consent given by your visitors.

Sample Variant One:
Sample Variant Two:
For on your website, get explicit consent
Automatic Cookie Statement
For on your privacy policy page, view example
Consent Records
Excel downloads with all consents
Website Scanner
Finds all third-party services and cookies
Easy Setup
No changes to your third-party tags or GTM needed
Stellar Support
Free · Up to 500 pageviews daily
Pro · 25 / month unlimited pageviews
Whitelabel option · Cancel anytime
By subscribing you agree to our Terms & Privacy Policy.
We will only use your data to enable our service.
Custom Adjustments
Anything, we can assist
Login Scanning
Scan pages behind a login
Custom Cookiebox
Any Volume
Expert Advise
Implementation Hands-on
SLA + Emergency Reachability


What is EU GDPR and the CCPA?

The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.

The California Consumer Privacy Act (CCPA), enacted in 2018, creates new consumer rights relating to the access to, deletion of, and sharing of personal information that is collected by businesses.

More information about the California Consumer Privacy Act

Do I need to ask consent from the visitors on my website?

GDPR and the CCPA demands you get consent for almost all third-party services like Google Analytics, Youtube, Share and Social buttons you might use on your website.

Does it apply if I'm based in the USA or Canada?

Since California Consumer Privacy Act (CCPA) went in effect in 2020 we decided everyone will get the cookiebox no matter the location of your visitors or the location of your business.

How does it apply to Google services like Google Analytics and Youtube?

You need to ask for consent before running Google Analytics, Youtube, Adsense, Maps, Optimize.

Google Analytics collects personal data no matter how you set it up, because of their Client Id cookie (visible on the User Explorer reports) and also possible other personal data getting into the Pages and Referrers. The IP Anonymization option in Google Analytics doesn't remove all personal data, check the Network report. It will list personal names even if IP Anonymization is enabled.

Google Analytics will offer an option for visitors to be deleted through this Client Id, emphasizing that the Client Id is "personal data". It isn't possible to use Google Analytics without this Client Id.

Youtube and Google Maps embeds on your website need consent for Interest/Targeting/Advertising, since they're supported by sometimes having ads and retargeting pixels.

Do you also automatically set Google Adsense?


Our Cookiebox will automatically set the personalization options depending the consent given. No need to manually update anything regarding your Adsense tags.

How does it apply to other Analytics & Statistics services?

Like Google Analytics, all third-party analytics services use an Id of some sort to identify (device id) people. This is regarded as personal data by the GDPR, needing consent.

What is the difference between Implicit and Explicit consent?

Implied consent means you run all third-party tags right away and notify the visitor of this, the visitor has no option to deny or choose which cookies they might want or not want.

You now need to explicitely ask for consent before you let third-party services run their scripts.

Does it work with a tag manager like Google Tag Manager?

Yes, it fully works with tags in Google Tag Manager and other tag managers.

Why is my current cookiebox not GDPR or CCPA compliant?

Most if not all current cookiebox's are implied instead of explicit. Most cookiebox's run all third-party scripts no matter if consent has been given, this isn't compliant with GDPR and CCPA.

Not sure? Let us check.

Questions? Email us!