Skip to Content (Press Enter)
D3 Creative
D3 Creative Logo
Contact

How Termly is Used to Manage Cookie Consent

If you have been asked by a stakeholder how your cookie consent works, what "Decline" really does, and whether you can prove it, this post gives you the full picture.

What Is Termly?

Termly is a Consent Management Platform (CMP), a specialist tool that handles the legal and technical requirements around cookies and user consent. It is not just a banner. It is the underlying system that controls which cookies and tracking scripts are allowed to run, based on what each individual visitor has agreed to.

.

I use Termly to comply with privacy regulations including the UK GDPR, the EU's ePrivacy Directive (commonly known as the Cookie Law), and the UK's Privacy and Electronic Communications Regulations (PECR).

Termly is also a certified Google CMP Gold Partner, which means it integrates directly with Google Consent Mode v2 and Google Tag Manager, ensuring that Google's own advertising and analytics tools respond correctly to each visitor's consent decision.

When I set up a website with Termly, the platform scans the site to identify and categorise every cookie in use, generates a cookie policy based on the results, and embeds a consent banner tailored to the privacy laws that apply to each visitor's location.

What Happens When a Visitor Clicks "Decline"?

The answer depends on where the visitor is located, because Termly serves a different banner based on each visitor's IP address. The consent rules it applies vary by region.

Europe

Europlean Termly banner.

The cookie consent banner as seen by visitors from Europe: Preferences, Decline, and Accept are all presented with equal prominence before any non-essential cookies are set

For visitors from Europe (including the UK, EU, and EEA), Canada, Brazil, and US states with their own consumer privacy laws, the banner operates on an opt-in basis.

Non-essential cookies are blocked until the visitor actively accepts them. These visitors see a Decline button as well as a Preferences button, giving them full control before any tracking begins.

When a visitor clicks Decline, Termly immediately passes that consent state to Google Tag Manager via Google Consent Mode v2, which prevents analytics, advertising, and marketing tags from firing.

US States

For visitors from US states without specific consumer privacy legislation, or from anywhere else in the world outside the EU and US, the banner operates on an opt-out basis.

US Termly banner.

The banner as seen by visitors from US states without consumer privacy legislation: no Decline button is shown, as tracking is permitted by default unless the visitor opts out via Preferences.

Tracking is permitted unless the visitor actively objects. These visitors do not see a Decline button on the banner itself - instead, they can manage their preferences through the preference centre, accessible at any time from the site footer.

In all cases, strictly necessary cookies continue to function regardless of the visitor's choice. These cover only what is essential for the site to operate - things like session management - and do not involve the collection of personal data.

One technical detail worth noting: declining does not delete cookies already stored in the browser from a previous visit, because cookies sit on the visitor's own device.

What changes immediately is that the associated scripts are blocked from running going forward. For the purposes of UK GDPR and equivalent laws, stopping further processing is what the regulation requires.

Visitors can revisit and update their choices at any time through the preference centre. When preferences change, Termly passes the updated consent state to GTM immediately.

How Do We Know the System Is Working?

Termly maintains a consent log for every visitor interaction with the banner. Each log entry records what choice was made, when it was made, which version of the banner was shown, and the mechanism used (whether via the banner itself or the preference centre). These logs are stored in the Termly dashboard and are accessible at any time.

Termly consent log.

In accordance with the GDPR, Termly will store your consent log data for the past 180 days. You can download your consent log report for any date range within the 180 days.

This audit trail is not just a useful feature - it is a legal requirement. Article 7 of the UK GDPR places the burden of proof on the data controller to demonstrate that valid consent was obtained. Termly's consent logs provide exactly that evidence if a regulator, such as the ICO, ever requests it.

Beyond the logs, the technical architecture of the site provides enforcement. All third-party scripts - analytics, advertising, marketing pixels - are loaded through Google Tag Manager (GTM).

Termly passes the visitor's consent decision directly to GTM via Google Consent Mode v2, a Google standard that tells each connected tag whether it is permitted to fire.

This means the enforcement happens at the tag level, controlled by Google's own consent infrastructure rather than relying on individual third-party scripts to self-police.

If Someone Declines, Do Third-Party Cookies Still Fire?

No. Because all third-party scripts are loaded through Google Tag Manager, and Termly passes the consent state directly to GTM via Google Consent Mode v2, tags for analytics, advertising, and marketing are blocked from firing when a visitor has declined.

This is an important distinction. Some basic cookie setups display a notice and record a preference but do not technically enforce it - third-party scripts can still fire in the background regardless of what the visitor chose.

The Termly implementation I configure on client sites avoids that problem because all third-party tags run through Google Tag Manager. Termly passes the consent state to GTM via Google Consent Mode v2, and Google controls whether each tag fires based on that signal. There is a single point of control rather than scripts operating independently of the consent decision.

The result is that a visitor who declines all non-essential cookies will not have analytics, advertising, or marketing tags fire during their session.

In Summary

Termly is the consent management platform I use on all client sites to manage cookie compliance. It serves region-appropriate banners based on each visitor's IP address - opt-in for visitors from Europe, Canada, Brazil, and US states with consumer privacy laws; opt-out for everyone else.

Consent decisions are passed directly to Google Tag Manager via Google Consent Mode v2, which controls whether tracking tags are permitted to fire. A timestamped consent log is maintained automatically in the Termly dashboard, providing the documentation needed to demonstrate compliance if ever required.

If you have specific questions about how the configuration has been set up for your site, or you would like to review the consent logs together, get in touch and we can walk through it.

Updated: 25th March, 2026 by Stephen Meehan in Privacy & Compliance
.

Get a measurably better website

Your online presence matters, increase engagement, lower bounce rates, and improve conversions.
Design & Build