[CONFIRMED] Google Tag Manager Requires Consent in Germany

For years, Google Tag Manager (GTM) has been the backbone of marketing stacks, enabling teams to deploy tags and scripts without developer bottlenecks. But a recent ruling from the Administrative Court of Hannover (March 19, 2025, Case 10 A 5385/22) has changed the landscape:

👉 GTM cannot be launched without prior user consent in Germany.

This decision is not an isolated interpretation. It builds on the GDPR (EUR-Lex, 2016/679), the ePrivacy Directive (2002/58/EC), and its German implementation, the Telecommunications Telemedia Data Protection Act (TTDSG, §25) (Gesetze-im-Internet).

Let’s break down what the law actually says, why GTM is impacted, and what this means for marketers.

The Legal Foundations: GDPR and ePrivacy

The GDPR defines personal data broadly: any information relating to an identified or identifiable natural person (Article 4). Even an IP address qualifies as personal data when it can be linked to a user.

• Consent under GDPR: Article 6(1)(a) requires consent for processing unless another legal basis applies. Article 4(11) defines consent as “freely given, specific, informed and unambiguous.” (EUR-Lex GDPR text).
• Conditions for valid consent: Article 7 GDPR adds that consent must be demonstrable, distinguishable from other matters, and withdrawable at any time.

The ePrivacy Directive complements GDPR by focusing on communications and device access: Article 5(3) requires consent before storing or accessing information on a user’s device.

The German Implementation: TTDSG §25

Germany transposed ePrivacy rules into the TTDSG in December 2021. §25 TTDSG states:

“The storage of information in the terminal equipment of an end user or the access to information already stored in the terminal equipment shall only be permitted if the end user has consented … based on clear and comprehensive information.” (TTDSG §25 full text)

Exceptions exist only when:

1. The sole purpose is to transmit a communication, or
2. Storage/access is strictly necessary for an information society service expressly requested by the user.

👉 GTM does not qualify as “strictly necessary.” It is a tag management tool for marketing/analytics, not for delivering the website itself.

The Hannover Ruling: Why GTM Requires Consent

The Administrative Court of Hannover (VG Hannover) ruled in March 2025 that:

• GTM transmits IP addresses to Google servers as soon as the container loads, even if no tags are fired. This is personal data processing under the GDPR. (Court text in VORIS, German).
• Because GTM is not strictly necessary for providing the website, this processing requires prior consent under TTDSG §25.
• Therefore, websites cannot load GTM until a user has explicitly opted in.

The court also criticized manipulative cookie banners, ruling that if a banner has an “Accept all” button, it must also provide an equally visible “Reject all” option. (LfD Niedersachsen Press Release).

The Future: From Legal Risk to Legal Resilience

Marketers now face three truths:

1. Tag managers like GTM require prior consent in Germany.
2. Consent Mode v2 is legally fragile.
3. Cookies are disappearing across browsers and platforms.

The path forward is not fighting regulators but adopting privacy-first, cookieless analytics that are compliant by design.

Sealmetrics: The Future-Proof Single Source of Truth

Sealmetrics was built for this reality. Unlike traditional tracking stacks:

• It measures 100% of marketing performance without cookies or personal identifiers.
• It complies with GDPR, TTDSG, and ePrivacy across Europe.
• It gives marketers reliable, future-proof data — without the legal risk of GTM or Consent Mode.

👉 If you need a Single Source of Truth for performance marketing that will stand the test of time, Sealmetrics is the privacy-first alternative you can trust.