Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Tealium Consent Management is the consent layer of the Tealium iQ Tag Management Platform. It captures user preferences, stores them in a first party cookie and gates the firing of marketing, analytics and personalisation tags. Operated by Tealium Inc., it offers a customisable banner, an audit log and synchronisation with the IAB Transparency and Consent Framework.
Tealium iQ Consent Manager is the consent management module of Tealium iQ, the enterprise tag management platform of Tealium Inc. (San Diego, California). It is bundled inside the utag.js container and runs in the visitor browser, presenting a configurable consent banner or modal, recording the user choice, propagating the choice to all downstream tags through a category based mechanism (essential, analytics, marketing, social, etc.) and exposing a JavaScript API for advanced integrations. Tealium iQ Consent Manager natively supports IAB TCF 2.2 and Google Consent Mode v2.
The Tealium Consent Manager stores the consent decision in a first party cookie CONSENTMGR with a lifetime of 13 months by default, and uses utag_main for visitor and session identifiers when the analytics extensions are active. The IAB TCF 2.2 module additionally stores euconsent-v2 to encode the consent string. The consent manager itself does not collect behavioural data; it captures only the consent decision, its timestamp, the user agent, the IP (truncated when configured) and the version of the consent banner that was displayed.
The consent banner and the CONSENTMGR cookie qualify as strictly necessary technology because they are the very mechanism that implements user choice. They can therefore load before any explicit consent. Downstream tags loaded by Tealium iQ, however, must be conditioned on the recorded consent and require their own legal basis. The CNIL has repeatedly stressed that a CMP must allow refusal as easily as acceptance, must not use dark patterns, must log proof of consent and must propagate withdrawal in real time.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Tealium iQ Consent Manager is a US service by default. To minimise Schrems II exposure, request EU region provisioning so that the Tealium iQ runtime, the consent logs and the Customer Data Hub all run from Frankfurt or Dublin. Tealium Inc. is certified under the EU US Data Privacy Framework and offers the EU Standard Contractual Clauses 2021/914 in its DPA. Customers must sign the DPA, document the Transfer Impact Assessment, restrict US support access through the Tealium just in time access controls and verify in network traces that tag and consent traffic flows to EU endpoints only.
Inside Tealium iQ, assign each tag to a consent category and configure the Tealium Consent Manager to fire that tag only when the user has accepted the category. Use the utag.gdpr.setConsentValues API to propagate consent state changes (acceptance, refusal, withdrawal) without a full page reload. For IAB TCF 2.2 integrations, configure the publisher restrictions, the vendor list version and the CMP ID. For Google Consent Mode v2, map analytics_storage, ad_storage, ad_user_data and ad_personalization to the relevant Tealium categories.
Concrete steps: 1) request EU region provisioning for Tealium iQ and the Customer Data Hub; 2) sign the Tealium DPA with EU SCCs and document the TIA; 3) configure the Consent Manager UI in line with EDPB 05/2020 (equal weight to Accept and Reject, no pre ticked boxes, no nudging); 4) map each downstream tag to a category and gate it on the consent state; 5) integrate IAB TCF 2.2 if you run programmatic advertising; 6) propagate consent to Google Consent Mode v2 if you use Google Ads or GA4; 7) retain the consent log for the same duration as the underlying processing; 8) document Tealium iQ in your Article 30 record.
Websites using Tealium Consent Management must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is recommended for any Tealium iQ deployment that orchestrates a large surface of downstream marketing tags and that involves a transfer to the United States. Document: the categories of tags managed by the container, the data each tag transmits, the recipients (Tealium Inc., downstream tag vendors), the EU residency choice for the CDH if applicable, the Standard Contractual Clauses signed with Tealium and the Transfer Impact Assessment. The Tealium consent log itself is a high integrity record of consent that helps demonstrate compliance with Article 7(1) GDPR and should be retained for the same duration as the underlying processing.
Sample consent text
We use Tealium iQ to load and orchestrate the analytics, marketing and advertising tags on this site, and the Tealium Consent Manager to record and enforce your cookie preferences. Tealium Inc. is a US company certified under the EU US Data Privacy Framework. Consent records may be processed in the European Union (Frankfurt or Dublin region) when we have selected the EU residency option.
Third-party domains contacted
tiqcdn.comtealiumiq.comtags.tiqcdn.comcollect.tealiumiq.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| OPTOUTMULTI | first_party | 13 months | Stores the consent state for every vendor category configured in the Tealium iQ Privacy Manager. |
| CONSENTMGR | first_party | 13 months | Stores the version of the consent and a timestamp used for cross domain orchestration of the consent string. |
| TAPID | first_party | 1 year | Stores the visitor identifier used by AudienceStream to stitch profiles and apply consent across sessions. |
Tealium Consent Management is an essential service, but transparency matters. Manage all your consent with FlowConsent.
The platform stores the OPTOUTMULTI cookie that holds the consent state for each configured vendor category, plus optionally CONSENTMGR for cross domain orchestration and TAPID for visitor stitching when AudienceStream is enabled. Lifetimes range from session to 13 months depending on configuration.
No. The consent cookie is treated as strictly necessary under recital 66 of the ePrivacy Directive, since it is required to record and apply the user choice. It can therefore be set before any consent action. The vendor tags downstream still require consent if they are not strictly necessary.
Tealium stores the consent log on legitimate interest under Article 6(1)(f) GDPR for fraud detection and audit, and on legal obligation under Article 6(1)(c) since Article 7 GDPR mandates a controller to demonstrate that consent has been obtained. Both grounds should be documented in your record of processing.
Yes, in most deployments. Even when the iQ profile is hosted in Frankfurt, Tealium support staff in the United States can access logs. Transfers rely on the EU US Data Privacy Framework where Tealium Inc. is self certified and on Standard Contractual Clauses for territories outside the framework.
For the consent cookie itself a DPIA is rarely mandatory. However, the broader Tealium iQ deployment usually orchestrates profiling and audience activation tags that often require a DPIA. Consider the full scope of tags you fire through Tealium when you assess risk.
Define the categories and vendors in Tealium iQ Privacy Manager, map each tag to a category, configure the banner with equal weight accept and reject buttons, log all consent changes, integrate the IAB TCF if needed and run regular tag scans to confirm no tag fires before consent.
You can use FlowConsent for a privacy first European alternative, OneTrust, Didomi, Usercentrics, Cookiebot or Axeptio. Each offers similar consent gating. Migration usually means rewriting tag firing rules in your tag manager or replacing it with a built in consent layer.
List Tealium Inc. as a processor, describe the consent cookie names and lifetimes, document the storage location and the EU US transfer mechanism, link to the Tealium privacy notice and explain how users can revisit and update their preferences through the cookie preference link.