Google Tag Manager: Hidden Data Leaks and its Potential Violations under EU Data Protection Law
CoRR(2023)
Abstract
Tag Management Systems were developed in order to support website publishers
in installing multiple third-party JavaScript scripts (Tags) on their websites.
In 2012, Google developed its own TMS called "Google Tag Manager" (GTM) that is
currently present on 28 million live websites. In 2020, a new "Server-side" GTM
was introduced, allowing publishers to include Tags directly on the server.
However, neither version of GTM has yet been thoroughly evaluated by the
academic research community. In this work, we study, for the first time, the
two versions of the Google Tag Management (GTM) architectures: Client- and
Server-side GTM. By analyzing these systems with 78 Client-side Tags, 8
Server-side Tags and two Consent Management Platforms (CMPs) from the inside,
we discover multiple hidden data leaks, Tags bypassing GTM permission system to
inject scripts, and consent enabled by default. With a legal expert, we perform
an in-depth legal analysis of GTM and its actors to identify potential legal
violations and their liabilities. We provide recommendations and propose
numerous improvements for GTM to facilitate legal compliance.
MoreTranslated text
AI Read Science
Must-Reading Tree
Example
Generate MRT to find the research sequence of this paper
Chat Paper
Summary is being generated by the instructions you defined