> Hello from Google Tag Manager. This text is being added by a tag running from GTM.
One should note that this inclusion, without an opt-in consent banner for instance, is not GDPR compliant. The URL https://analytics-bypassing-adblockers.netlify.com/proxy/htt.... sends personal data to a third party (Google) without my explicit consent. See Article 7 and Recital 32 of the GDPR:
> Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement.
> One should note that this inclusion, without an opt-in consent banner for instance, is not GDPR compliant.
IANAL but as I understand GDPR, this is incorrect. The paragraph you cite discusses personal data. Google's FAQ on GA is instructive (emphasis mine) [0]:
> When using Google Analytics Advertising Features, you must also comply with the European Union User Consent Policy.
They admittedly keep things as vague as they can, but to me it kind of reads like: using GA to collect site usage analytics is actually fine and requires no explicit consent as long as you've configured it to anonymize the IP addresses (toggle this in GA) and you're not tracking e.g. user IDs and such.
Similarly, using GTM to deliver a paragraph like OP did is also fine.
In both cases the spirit and the letter of the law would seem to be respected if you add some notice about tracking going on in your footer. No explicit consent is needed here, because no personal data is getting tracked.
This website does collect personal data. Google's FAQ on GA simply states that the first party should obtain consent before transferring data to a third party (and transfer of consent might not be GDPR compliant, but that's another issue).
Here, the first party (analytics-bypassing-adblockers.netlify.com) has to obtain consent before collecting personal data. And IP addresses are not the only personal data that GA can collect.
As someone who just received a cold call from recruiter I never heard of, with a 4 years old CV and haven't been on a job board for more than a year I must say that GDPR didn't do much. I actually previously reported a recruiter to the ICO for 3 different violations (no data disclosure, cold call, old CV) and they did nothing but advising not to keep CVs for more than 1 year.
/rant off
I feel that your point, even if valid, doesn't quite apply to what I'm describing, which is to go around ad blockers.
One should note that this inclusion, without an opt-in consent banner for instance, is not GDPR compliant. The URL https://analytics-bypassing-adblockers.netlify.com/proxy/htt.... sends personal data to a third party (Google) without my explicit consent. See Article 7 and Recital 32 of the GDPR:
> Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement.