Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
consentmanager is a Consent Management Platform operated by consentmanager AB from Stockholm, Sweden, with EU data centres in Frankfurt and Amsterdam. It supports the IAB TCF v2.2 framework, the IAB GPP signal for US privacy laws, Google Consent Mode v2 integration and an audit ready consent log stored in the EEA. consentmanager is one of the largest EU based CMPs and a frequent choice for German speaking publishers and e commerce that need strict EU data residency for the CMP layer.
consentmanager is a Consent Management Platform operated by consentmanager AB, headquartered in Stockholm, Sweden, with operating teams in Germany and Spain. The CMP combines a configurable consent banner, the IAB Transparency and Consent Framework v2.2, the IAB Global Privacy Platform signal for US privacy laws, a native Google Consent Mode v2 integration and a server side consent receipts API. consentmanager is one of the largest EU based CMPs and a frequent choice for German speaking publishers, e commerce platforms and SaaS apps that require strict EU data residency.
The banner sets a first party consent cookie on the operator domain holding the visitor preferences, an anonymous visitor identifier and a timestamp. The server side consent receipt contains the truncated IP, the user agent, the language, the TCF or GPP consent string, the list of categories and vendors accepted or refused and the source of the choice. All this data is processed and stored exclusively in EU data centres operated by consentmanager AB. No content from the page itself is collected.
As with every standard CMP, the consentmanager cookies are strictly necessary because they constitute the storage device required to demonstrate consent under Article 7(1) GDPR, Article 5(3) of the ePrivacy Directive and TTDSG paragraph 25 in Germany. The CMP itself does not require a separate consent prompt. The operator must ensure that every non essential service gated by the CMP only fires after granular opt in, and configure the IAB TCF v2.2 vendor list to match its actual stack.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
consentmanager runs its CMP entirely on EU data centres located in Germany and the Netherlands. Consent receipts, truncated IPs and consent strings remain inside the EEA. The platform is therefore a strong fit for operators in high risk sectors (health, finance, public administration) and for operators with strict no transfer policies. The cross border data flow concerns are limited to the downstream IAB TCF vendors the controller decides to expose to its visitors.
Sign a Data Processing Agreement with consentmanager AB. Configure the banner so that no non essential tag fires before consent, connect consentmanager to your tag manager through the Google Consent Mode v2 integration and curate the IAB TCF v2.2 vendor list to remove vendors you do not need. Document the configuration in the privacy policy with the link to consentmanager and the cookie list. Review the configuration whenever you add a new tag or change traffic regions.
Websites using Consent Manager must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is generally not required for the consentmanager CMP itself: it only processes data needed to evidence consent under Article 7(1) GDPR and the production infrastructure is fully located in the EEA. A targeted DPIA is recommended when consentmanager controls a wider IAB TCF v2.2 vendor chain with extensive profiling, when the operator activates cross domain consent, or when integration with US ad partners introduces transfers outside the CMP scope.
Sample consent text
We use the consentmanager consent management platform to record your cookie and tracking preferences. consentmanager is operated from the European Union and sets a strictly necessary cookie to remember your choices. Your consent receipt is stored in EU data centres. You can change your preferences at any time through the consent button.
Third-party domains contacted
delivery.consentmanager.netcdn.consentmanager.neta.delivery.consentmanager.netconsentmanager.netCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| cmpcc | http | 12 months | Stores the visitor consent state recorded by consentmanager. First party, strictly necessary to provide the consent recording service. |
| cmapi_cookie_privacy | http | 12 months | Cache of the CMP API state for the current operator. Strictly necessary for the banner to render correctly. |
| cmapi_gtm_bl | http | 12 months | Blocklist used by consentmanager to control Google Tag Manager triggers based on consent state. |
| euconsent-v2 | http | 12 months | Standard IAB TCF v2.2 consent string, set when the operator participates in the IAB framework. |
Consent Manager is an essential service, but transparency matters. Manage all your consent with FlowConsent.
consentmanager sets a small set of strictly necessary cookies on the operator domain: cmpcc and cmapi_cookie_privacy (consent state and CMP API cache, 12 months), cmapi_gtm_bl (blocklist for Google Tag Manager, 12 months) and euconsent v2 (IAB TCF v2.2 string when the framework is enabled). All cookies are first party and contain no behavioural data.
No. The consentmanager cookies are strictly necessary to provide the consent recording service the user has effectively requested under Article 5(3) of the ePrivacy Directive and TTDSG paragraph 25. The banner can therefore appear without prior consent. What requires consent is every non essential service the CMP gates afterwards.
The legal basis is Article 6(1)(c) GDPR (legal obligation) for storing proof of consent required by Article 7(1) GDPR. A secondary Article 6(1)(f) basis (legitimate interest) covers fraud and abuse prevention on the consent script.
No. consentmanager operates its CMP entirely on EU data centres in Germany and the Netherlands. No visitor IP, user agent or consent string leaves the EEA for the CMP itself. Cross border data flows only happen through the IAB TCF v2.2 vendors the operator chooses to expose.
Usually not for the CMP itself: it only processes the minimum data needed to evidence consent and is fully EU based. A DPIA is recommended when consentmanager is part of a wider tracking stack involving large scale profiling, cross domain consent or significant IAB TCF v2.2 vendor chains with non EU partners.
Block every non essential script in your tag manager and gate it on consentmanager categories. Enable Google Consent Mode v2 if the site relies on Google Ads or GA4. Curate the IAB TCF v2.2 vendor list to remove vendors you do not use. Document the configuration in the privacy policy and the cookie policy and review it at every tag or region change.
Other EU friendly CMPs include Cookiebot (Cybot, Denmark), Usercentrics (Germany), Didomi (France), Axeptio (France), CookieFirst, Iubenda, Borlabs Cookie (WordPress) and Real Cookie Banner. consentmanager is one of the EU based alternatives to US owned CMPs like OneTrust, Termly or Osano.
Add a section describing consentmanager as the CMP, identify consentmanager AB in Sweden as the processor and the EU data centre locations (Frankfurt, Amsterdam), list the consentmanager cookies (cmpcc, cmapi_cookie_privacy, cmapi_gtm_bl, euconsent v2) with their retention and clarify that they are exempt from consent. Document the legal basis (Article 6(1)(c) GDPR) and link to the consentmanager privacy policy.