Introducing CCPA Consent Manager for Tealium iQ Tag Management

Community Manager
Community Manager

This release includes the all-new feature, CCPA Consent Manager for Tealium iQ Tag Management. The CCPA Consent Manager enables you to add a privacy banner and popup to your site in support of compliance for the California Consumer Protection Act (CCPA). Other updates in this release include improvements to tag categorization and event logging for all consent management features. 

In this announcement:

Table of Contents Placeholder

CCPA Consent Manager

The new CCPA Consent Manager for Tealium iQ Tag Management is now available to help you stay compliant with the California Consumer Protection Act. With just a few easy steps you can add a privacy banner and popup to your site without any additional coding.

What is CCPA?

The California Consumer Privacy Act (CCPA) is legislation that secures new privacy rights for California consumers. This sweeping legislation creates significant new requirements for identifying, tracking, and deleting consumer privacy information. All companies subject to CCPA must adhere to the new regulations or face fines and other legal reprimands. The date to begin enforcement for CCPA compliance is July 1st, 2020.

How Tealium Can Help

If your company is subject to CCPA you are responsible for ensuring that you provide a "Do Not Sell My Information" link on your website or mobile app and to give your users the option to opt-out of the sale of personal information. Tealium iQ Tag Management offers consent management tools to help you comply with these requirements.

The CCPA Consent Manager offers the following components in support of CCPA:

ccpa-banner-popup.pngBanner and Popup

Configure both a banner and popup to cover the full "Do Not Sell" experience. The banner displays the necessary message to the user at the bottom of the screen and includes a link that pops up the "Do Not Sell" prompt and a link to your policy about the sale of personal information.


Configure a dedicated "Do Not Sell" popup for for use with your existing privacy banner. The popup provides a link to your "Do Not Sell My Information" disclosure page and a toggle for the user to opt-in or opt-out of the sale of information.


  • Multi-Language Support
  • Customizable Content: Message, Do Not Sell link, Call to Action Button, etc.
  • Fully Customizable Presentation: HTML, JavaScript, and CSS
  • Global Settings (for multiple profiles)
  • Preview Mode

Tags Affected by Do Not Sell

The CCPA Consent Manager improves to the way that tags are categorized to allow more flexibility over which tags are governed. 

In the CCPA Consent Manager tags are governed by by their UID, which means that two instances of the same tag can appear in different categories. This allows tags to be categorized based on their specific behavior (for example, whether they sell personal information), instead of based on their general purpose.

Release Notes

  • Added the CCPA Consent Manager, with banner and popup workflow.
  • Tags can be categorized as “Do not sell personal information”.
  • Updated the consent cookie to include an opt-out option of “DNS” (do not sell).
  • Updated the consent change event specifications  to include the CCPA policy and a "do not sell" tag list attribute.
  • Event Logging now applies to all consent management workflows.
  • Tag categories can be renamed within GDPR Consent Preferences.
  • Changed the default consent cookie expiration to 12 months for GDPR.
  • The Tealium Collect tag is now categorized under "Big Data".
  • Added ability to select a profile for event data logging.


Frequently Asked Questions

We already have a cookie banner, how do we integrate the popup for the CCPA Consent Manager?
The CCPA Consent Manager is designed to work with an existing cookie banner. With the popup configured, a JavaScript function that triggers the pop-up is made available in your Universal Tag (utag.js). To integrate the CCPA popup with your banner, add a link with an "on click" action to call the JavaScript function.

Learn more: CCPA Consent Manager: JavaScript Functions

How does Tealium use cookies?
See the article How Tealium Uses Cookies.

We are already GDPR compliant. Does that mean we are also CCPA compliant?
No. Being GDPR compliant does not mean that you are CCPA compliant. You need to make changes to your privacy policy, include a “Do Not Sell My Personal Information” link on your home page and footer, establish methods for requests for access, change, and erasure of data, establish a method for verification of the identity of the person making a data-related request, and establish a method for obtaining prior consent by minors before selling their personal data.

1 Kudo
Tealium Expert
Tealium Expert
@TealiumJustin, any recommendations for using geolocation for triggering the CCPA workflow? (thanks)
Community Manager
Community Manager

@mitchellt You should be able to use geolocation to populate a data layer variable, then use that in a load rule, which can be set as the Display Rule in the CCPA Consent Manager.

More info: Using GeoLocation API Services

Tealium Expert
Tealium Expert
Thanks @TealiumJustin, I hope that before long the TiQ CDN will provide this info natively, not sure why it does not already...
Tealium Employee

Hi @mitchellt

I saw on another post you were still interested in this capability and I know we've solved this for other customers already using the response headers from our CDN endpoint.

The TiQ CDN has a location service we can hit at

Using the response headers, you should be able to output the desired data layer variables you need for location based consent (or any other creative purpose you can think of).

Here is an extension that was developed by our Technical Trainer here in Melbourne, Aus (I'm not taking credit for this - Thanks Zac). Feel free to customise based on your needs.

// Grab script (async)
var xhr = new XMLHttpRequest();'GET', '', true);

// If successful, grab the x-edgescape-location header, create a hash table and build UDO variables
xhr.onload = function (e) {
  if ((xhr.readyState === 4) && (xhr.status === 200)) {
    var edgescape = {};
    var str = xhr.getResponseHeader('x-edgescape-location');
    var pieces = str.split(','), part;
    for (var i = 0; i < pieces.length; i++) {
      part = pieces[i].split('=');
      edgescape[part[0]] = part[1];
    utag_data.current_city =;
    utag_data.current_region_code = edgescape.region_code;
    utag_data.current_country_code = edgescape.country_code;
  } else {

// Fail semi-gracefully
xhr.onerror = function (e) {

// Do magic

This will output the relevant data layer variables you need. Use the CSV import for your Tealium iQ profile and paste the following.

current_city,UDO Variable,Current City,Populated from the TiQ CDN location service
current_region_code,UDO Variable,Current Region Code,Populated from the TiQ CDN location service
current_country_code,UDO Variable,Current Country Code,Populated from the TiQ CDN location service

Would love to hear how you go with this, please keep us posted.

Good luck