Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Adobe Dynamic Tag Management (DTM) is Adobe's legacy tag manager, served from assets.adobedtm.com. It loads Adobe Analytics, Adobe Target and any third party marketing tag onto a page. Adobe declared DTM end of life in 2020 and recommends migration to Adobe Experience Platform Tags (formerly Launch).
Adobe Dynamic Tag Management, commonly called DTM, is Adobe''s first generation tag manager. It is loaded from assets.adobedtm.com and provides a hosted UI where marketers can configure tags, rules and data elements without IT involvement. Adobe announced end of life for DTM in 2020 and pushes customers to Adobe Experience Platform Tags, also known as Launch. Many production sites still rely on legacy DTM containers, especially when Adobe Analytics has been embedded for years.
DTM itself does not set tracking cookies; it is the orchestration layer. The tags it deploys do. Once loaded, DTM injects Adobe Analytics (s_cc, s_sq, s_vi, AMCV_, AMCVS_), Adobe Target (mbox), Adobe Audience Manager (demdex), and any other marketing pixels (Facebook, Google, LinkedIn, etc.) that the customer has configured. Adobe also receives the visitor IP address and user agent when serving the library from assets.adobedtm.com.
Because DTM is a tag delivery mechanism, the lawfulness analysis follows the downstream tools. Adobe Analytics, Target, Audience Manager and most marketing pixels rely on cookies and identifiers that fall under Article 5(3) of the ePrivacy Directive and process personal data under Article 6 GDPR. Loading the DTM library itself also reveals IP and user agent to Adobe in the United States, which counts as processing.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
All analytics and marketing tags deployed through DTM require prior, informed, freely given consent. Configure your Consent Management Platform to release the DTM library only after consent is granted, or use DTM rule conditions to wait on a CMP signal before firing third party scripts. The legacy DTM admin UI does not include a native consent integration; you must implement the gate yourself in the page template.
DTM is served from a US controlled Adobe CDN. Even if the downstream tools are configured for EU collection regions, the loading of the DTM container itself transmits IP and user agent to Adobe. Migrating to Adobe Experience Platform Tags (Launch) gives access to the consent extension and better integration with the Adobe Web SDK, which supports buffering events until a CMP grants consent.
Inventory every tag DTM deploys, gate the entire DTM library load on a CMP signal for the analytics and marketing categories, plan a migration to Adobe Experience Platform Tags within the next maintenance cycle since DTM is no longer evolving, document the integration in your record of processing, and reference Adobe in your privacy notice as the joint processor for the loaded tools.
Websites using Adobe DTM must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA may be appropriate where DTM deploys multiple analytics, personalisation and ad tech tags at scale. The risk concentrates in the downstream tools (Adobe Analytics, Adobe Target, ad pixels) and in the centralised IP and ECID processing that DTM enables. Document the full tag inventory before assessing Art. 35 GDPR obligations.
Sample consent text
We use Adobe Dynamic Tag Management to load Adobe Analytics and Adobe Target on this site. These tags collect behaviour and device data processed by Adobe Inc. in the United States. Please confirm your consent below.
Third-party domains contacted
assets.adobedtm.comadobedtm.com2o7.netomtrdc.netdemdex.neteveresttech.netCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| AMCV_* | first_party | 2 years | Adobe Experience Cloud Visitor ID dropped by the visitorAPI.js library loaded through DTM. Identifies the visitor across Adobe Analytics, Adobe Target and Audience Manager. Set under the publisher domain. Requires consent. |
| AMCVS_* | first_party | Session | Indicates that the Adobe Visitor ID Service has been initialised for the current session. Used to throttle the cross domain identifier negotiation. |
| s_cc | first_party | Session | Adobe Analytics test cookie used to verify whether cookies are enabled in the browser. Strictly informational, set per session. |
| s_sq | first_party | Session | Adobe Analytics cookie that stores the previous link the visitor clicked. Used for ClickMap and Activity Map heatmaps. |
| s_vi | third_party | 2 years | Adobe Analytics legacy visitor identifier when first party Experience Cloud ID is not enabled. Set under 2o7.net or omtrdc.net. |
| demdex | third_party | 180 days | Adobe Audience Manager identifier used to segment visitors into audiences and synchronise IDs across the Audience Marketplace. Requires consent. |
| dpm | third_party | 180 days | Adobe Audience Manager device partitioning cookie used for cross device matching. |
Adobe DTM collects user analytics data — you legally need a consent banner. Try FlowConsent free.
The DTM container itself does not set tracking cookies, it orchestrates other tags. Those tags typically set AMCV_* (Adobe Experience Cloud ID), s_cc and s_sq (Adobe Analytics), demdex (Adobe Audience Manager) and any third party pixel cookies the marketer enables.
Loading the DTM library is usually treated as a strictly necessary technical layer when no tag fires before consent. Each tag deployed through DTM, including Adobe Analytics, Adobe Target, Audience Manager and third party pixels, requires prior, freely given, specific, informed and unambiguous consent under Article 5(3) ePrivacy and Article 6(1)(a) GDPR.
Analytics, personalisation and advertising tags rely on consent. Strictly necessary tags such as fraud prevention may rely on legitimate interest. The DTM container itself is a tag orchestrator and does not create its own legal basis: the legal basis is determined per tag.
Yes. The DTM library is served from a US based CDN (assets.adobedtm.com) and Adobe operates global infrastructure with US datacentres. Adobe Inc. self certifies under the EU US Data Privacy Framework and includes Standard Contractual Clauses in its DPA. EU dimensions for Adobe Analytics can keep raw hit data inside the EEA.
A DPIA is required at enterprise scale, because the combined processing of Adobe Analytics, Target and Audience Manager involves systematic monitoring, profiling under Article 22 GDPR and international transfers. Document each tag, its purpose, its retention, the legal basis and the consent gate in the DPIA.
Sign the Adobe DPA, integrate the Adobe Privacy JS Library with your consent management platform, configure DTM rules so non essential tags wait for the consent signal, enable Adobe Analytics privacy settings (IP obfuscation, opt out cookie support), and maintain a tag inventory documenting each tag, its retention and its third country transfer status.
Alternatives include Adobe Experience Platform Tags (the modern successor), Google Tag Manager, Tealium iQ, Piwik PRO Tag Manager, Matomo Tag Manager and Commanders Act. Several of these (Matomo, Piwik PRO, Commanders Act) offer EU only hosting if data residency in the EEA is a hard requirement.
List Adobe DTM as a tag orchestrator and add a dedicated section for every tag deployed through it: Adobe Analytics, Adobe Target, Audience Manager, plus third party pixels. For each tag, document its name, purpose, retention, processor and third country transfer status, and link to the relevant Adobe Privacy Center and processor privacy notices.