<!-- Please provide a short summary of the issue in the *Title* above --> Direct exchanges with CNIL revealed this morning that the usage of UTMs "cancels" consent exemptions. Therefore it is a very french topic. This is huge news, as customers number one criterion for choosing a web analytics tool in France is [consent exemptions](https://www.cnil.fr/fr/cookies-et-autres-traceurs/regles/cookies-solutions-pour-les-outils-de-mesure-daudience). I am currently searching for a solution or asking for features that would help to submit to consent campaign parameters only (just as Piano Analytics does with a "hybrid" consent mode). Note that this point is not directly mentioned within [CNIL configuration guide for Matomo](https://www.cnil.fr/sites/cnil/files/atoms/files/matomo_analytics_-_exemption_-_guide_de_configuration.pdf) (and i am very sorry that all relevant links are in french). <!-- Important: Please contact the Matomo community forum for questions: https://forum.matomo.org/ --> ## Summary <!-- Please provide a detailed summary of the feature --> Workaround ideas : - send (or don't send) utm parameters within URL (through custom URL) based on consent, cannot change after the hit is sent, add a layer of complexity to tagging, which is not welcome. Would also "pollute" organic data with paid data. - completely disable UTM tracking, store UTMs within visit-level dimensions if consent is granted and create custom reports. The UTMs can be given after the first pageview of the visit based on an other session cookie if the consent changes but exploiting data will be hard as custom reports are limited to 3 dimensions. Feature requests : Add require consent option for specific functionalities instead of all tracking (`_paq.push(['requireCookieConsent']);`, can also be set within tag manager configuration variable if i am not mistaken) : - require consent for Heatmaps ; - require consent for Session recordings ; - require consent for Heatmaps + Session recordings ; - require consent for UTM (UTMs needs to be stored within a cookie for it to be interpreted after the first pageview if consent is given later). The exact behaviour when the user denies consent or does not give it still needs to be debated : will the visit be counted as "not set" campaign, direct traffic or something else ? - require consent for Youtube video tracking, eventually make youtube video impression only not based on Youtube API so the youtube cookie will not be set if the user does not click on the video - require consent for e-commerce tracking Of course, consent has to be given through a simple piece of code just as `_paq.push(['setConsentGivenHeatmaps']);` for example. Wether remembering consent should stay global or be parametrable per functionality needs its own debate. Also, having a way to know how much visits consented to these features or not (like Piano Analytics does) would be nice. ## Your Environment <!-- Include as many relevant details about the environment when applicable --> <!-- You can find some of that information in the system check --> * Matomo Version: Cloud, mostly. * PHP Version: * Server Operating System: * Additionally installed plugins: Default plugins of the Cloud version.