Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Yahoo Tag Manager (YTM) is the tag management system operated by LY Corporation (Japan), the successor of Yahoo Japan. It works like Google Tag Manager : the publisher installs a single JavaScript container snippet, then configures inside the YTM dashboard which third party tags (Yahoo Japan ads, Google Ads, Meta Pixel, custom HTML) should fire and under which conditions. Because YTM itself is just a script loader, the privacy impact comes from the tags it deploys rather than from the container; the container is hosted in Japan, which benefits from an EU adequacy decision.
Yahoo Tag Manager (YTM) is the tag management system maintained by LY Corporation, the Japanese parent of Yahoo Japan, born from the 2023 merger of Z Holdings and LINE Corporation. The product is functionally close to Google Tag Manager : the publisher installs one container snippet, then uses the dashboard to deploy any number of marketing and analytics tags without touching the site code. It is the dominant TMS on the Japanese consumer web.
The container loader stores a small configuration cookie (ytm_config), processes the visitor IP and User Agent in Japan and downloads the latest tag configuration. On its own this is a minimal processing under Article 6(1)(f) GDPR with no real privacy risk : Japan benefits from the EU adequacy decision and the data plane stays in Tokyo (AWS ap northeast 1).
The privacy footprint of YTM is the sum of the tags it deploys. Yahoo Japan ad pixels (B, YJSID cookies) implement large scale retargeting on the Yahoo Japan ad network. Google Ads, Meta Pixel, TikTok Pixel deployed through YTM each carry their own US or non EEA transfers. Custom HTML tags can fire arbitrary JavaScript and are the most common source of compliance leaks because they bypass YTM''s category controls.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Wire YTM to your CMP. Each tag must be fired only after the user has consented to its category. The Yahoo Japan ad pixels must be classified as marketing; analytics tags as analytics; custom HTML tags should be reviewed individually before they ship. The container loader itself can run before consent because it does not carry trackers, but if you want a fully gated banner you can also block it until acceptance.
Enumerate every tag deployed via YTM in your processing register and cookie policy. Wire the CMP to YTM through a consent variable that gates each tag category. Audit custom HTML tags at every change. Sign the YTM DPA with LY Corporation. Reference the EU Japan adequacy decision for the container hosting. Add each individual tag''s destination country (US for Google or Meta, etc.) to the privacy notice.
Websites using Yahoo Tag Manager must obtain user consent under GDPR regulations.
DPIA considerations
YTM itself is a tag dispatcher, so the privacy analysis splits in two layers. (1) The container loader sets a minimal session and configuration cookie and processes the visitor IP and User Agent in Japan; this part benefits from the EU adequacy decision for Japan and from the APPI. (2) Each tag fired through YTM (Yahoo Japan ad pixels, Google Ads, Meta Pixel, TikTok Pixel, custom HTML) has its own controller, retention, data flows and DPIA scope. Key considerations : (a) the publisher must enumerate every YTM tag in the cookie policy and apply the right consent gate per category; (b) Server side tagging features can shift the data flow to a Japan based endpoint, reducing US transfers; (c) custom HTML tags in YTM are a recurring risk because they bypass the standard category controls. A DPIA is recommended whenever YTM is used to deploy persistent identifiers, retargeting or large scale analytics.
Sample consent text
Our site uses Yahoo Tag Manager (LY Corporation, Tokyo, Japan) to load marketing and analytics tags such as Yahoo Japan Display Ads, Google Ads and Meta Pixel. The container itself stores only a minimal configuration cookie and sends your IP and User Agent to a Japanese data centre; Japan benefits from an EU adequacy decision so this transfer is treated like a transfer inside the EU. Each marketing or analytics tag has its own purpose, cookies and possibly its own destination country; you can refuse them individually in our cookie banner.
Third-party domains contacted
yahoo.co.jps.yimg.jpyjtag.yahoo.co.jpb92.yahoo.co.jptags.yahoo.co.jpCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| ytm_config | Strictly necessary | Session | Stores the container configuration version pulled from the YTM dashboard so the loader does not refetch on every page view. |
| ytm_ev | Analytics | 30 days | Aggregates dataLayer event metrics inside YTM to power container, level analytics and debug tools. |
| B | Marketing | 1 year | Yahoo Japan persistent visitor identifier used by Yahoo Japan ad pixels deployed through YTM (cross site advertising attribution). |
| YJSID | Marketing | Session | Yahoo Japan session identifier used by Yahoo Japan ad and conversion tracking pixels. |
Yahoo Tag Manager collects user analytics data — you legally need a consent banner. Try FlowConsent free.
The container itself sets ytm_config (strictly necessary, session) and ytm_ev (analytics, 30 days). The Yahoo Japan ad pixels deployed through YTM additionally set B (marketing, 1 year) and YJSID (marketing, session). Other tags fired via YTM set their own cookies.
Yes for any tag deployed through YTM that is not strictly necessary (marketing, analytics, retargeting). The container loader itself can be loaded before consent because it does not carry trackers, but every tag it deploys must be gated by category.
Consent (Article 6(1)(a) GDPR) for marketing and analytics tags deployed through YTM. Legitimate interest (Article 6(1)(f)) for the container loader processing the IP. Each tag must be analysed separately for its own basis.
The container itself is hosted in Japan, an adequate country under Implementing Decision 2019/419, so no SCCs are needed for it. The tags deployed through YTM may transfer data to other third countries (US for Google or Meta) and each has its own transfer chain.
Recommended for any deployment that uses YTM to fire persistent identifiers, retargeting or large scale analytics. The container alone does not warrant a DPIA, but the combined tag stack often does.
Wire YTM to your CMP through a consent variable that gates each tag category. List every tag in the cookie policy. Audit custom HTML tags before release. Sign the YTM DPA with LY Corporation. Reference the EU Japan adequacy decision for the container; add the destination country of each downstream tag in the privacy notice.
Yes : Google Tag Manager (US), Tealium iQ (US with EU regions), Commanders Act (France), Matomo Tag Manager (open source), Piwik PRO Tag Manager (Poland), Sourcepoint (US, EU regions). For an EU first stack, Commanders Act, Matomo or Piwik PRO are the strongest options.
List ytm_config, ytm_ev, B and YJSID in the cookie table with their domain, duration and purpose. Add LY Corporation to the recipient list with Japan as the destination country and reference the EU adequacy decision. For each downstream tag (Google Ads, Meta Pixel) add a separate section.