A tag manager first
tarteaucitron.io is first and foremost a tag manager. Its role is to condition the loading of third-party services based on the user’s choice. It is not an analytics tool and not a legal service, but a technical mechanism running in the browser.
In the free version, this requires explicit integration. For example, a Google Analytics tag must be replaced with its tarteaucitron equivalent. Until the user gives consent, the service is not loaded. Once consent is granted, tarteaucitron triggers the loading.
The professional version works differently. An automatic mode detects existing tags on the website. As long as tarteaucitron is loaded early enough, existing scripts are blocked by default and only allowed if the user accepts.
What tarteaucitron actually does
In practice, tarteaucitron focuses on three main aspects.
- conditioning the loading of third-party services
- displaying a consent banner
- providing a detailed management panel
The panel allows service-by-service management, grouped by category. It is designed to be accessible, with keyboard navigation, clear labels, and proper color contrast. This has been a core concern since the beginning.
Going beyond the banner
In some cases, tarteaucitron acts directly within the page content. For example, when a service is loaded through an iframe, such as YouTube or Google Maps, it can be replaced by an explanatory block.
This block informs the user that a third-party service collects data and provides an explicit action to allow it. Once consent is given, the original content is loaded. This avoids loading hidden services without a clear user action.
tarteaucitron also supports several consent mechanisms used by third-party tools, including Google consent mode v2, Bing consent mode, and Piano Analytics consent mode.
What tarteaucitron does not do
tarteaucitron does not store a consent register. I do not want to collect or retain information about users, and this is not a regulatory requirement in this context. The project has always been designed to minimize data collection.
It also does not implement the IAB TCF. This is a deliberate choice. The model involves licensing fees and leads to complex interfaces with hundreds of partners and hard-to-understand terminology. This is not the approach I want to promote.
Finally, tarteaucitron is not a legal tool. It does not manage privacy policies, data storage, newsletters, or file sharing. It focuses on a specific part of GDPR compliance: managing data collection through third-party services on a website.
A matter of timing
To work properly, tarteaucitron must be loaded very early in the page. In the professional version, the script must be placed in the head, before the services it controls. This allows it to interact with the DOM and block relevant scripts or iframes.
In the manual version, the constraint is similar. tarteaucitron must be available before service loading calls. Certain technical choices, such as using defer or async on the main script, can break this behavior. These points will be detailed later.
A tool, not a global guarantee
tarteaucitron is a technical tool. It helps manage part of compliance, but it does not cover GDPR as a whole. Installing a CMP, even correctly, is not enough to make a website fully compliant.
Understanding what the tool does, how it is integrated, and what it does not do is essential. This documentation exists for that reason.
