Microsoft Clarity wants to start passing consent status from November 1, 2025.
If you meet the following three conditions, I would not change the settings:
- You only use Clarity for heatmaps and screen recordings
- You insert Clarity via GTM
- You use Consent Mode v2
Otherwise, you need to set up Clarity measurement.
What’s happening
Microsoft implements more or less the same logic for Clarity as Google Analytics 4. They do not place cookies without consent, but they still send requests to Microsoft servers—even though the requests are flagged as not having been consented to by the user.
Clarity creates a unique ID on the page, which it stores in a JavaScript variable. When consent is given, it stores this ID in a cookie.
Sending requests to Microsoft servers without consent is problematic—requests always contain IP addresses, device information, and browser information, which the GDPR considers personal data.
The second potentially controversial issue is the storage of cookies – Clarity’s code creates them even without consent, but they are always empty. According to a very strict interpretation of the Electronic Communications Act, even this should not occur.
From my point of view, you have two configuration options:
- Configuration according to Microsoft’s instructions
- Maximum compliance with GDPR
Both options are described in detail below.
Setup according to Microsoft instructions
You can follow the procedure described in the Microsoft Clarity documentation. The steps are as follows:
1. In MS Clarity settings, select “Disable cookies.”
This setting tells the Clarity code to load with the consent status “denied.” Only after consent is granted does the status change to “granted.”
2. Run code on all pages immediately after the page loads
3. Pass the consent status to the Clarity code
window.clarity('consentv2', { ad_Storage: "granted | denied",
analytics_Storage: "granted | denied"
}); Please note: the code uses _Storage with a capital S, but Google consent mode works with _storage with a lowercase s.
First, you need to run the Clarity code, and only then can you pass the consent status.
You don’t need to worry about this if you use GTM and Consent Mode v2 or if you use CookieYes as your cookie bar. Support for CookieBot and OneTrust is in the works.
You can then verify the settings with a command that displays the consent status.
clarity('metadata', (d, upgrade, consent) => {
console.log('consentStatus:', consent);
}, false, true, true);Before approval, you must see “denied”; after approval, you must see “granted.”
Maximum compliance with GDPR
The second option fully complies with GDPR and ZEK. The disadvantage is that you will lose some of the data in the heat maps. Similarly, if people often give their consent later on the website, the initial part of their behavior will be missing from the screen recording.
If you already run Clarity only with consent (which you should), you will continue to do so. Leave cookies enabled in the administration.
Note: The settings described above currently work. However, there is no guarantee that Microsoft will not implement some form of active consent control in the future. So if you add the consent code in this case, you definitely won’t be doing any harm. The status will always be granted—because Clarity will not run without consent.
window.clarity('consentv2', {
ad_Storage: "granted",
analytics_Storage: "granted"
});If you use GTM and Consent Mode 2, you don’t need to worry about this and can simply use Clarity from the template.
Conclusion
Personally, I prefer option 2, because:
- it respects the user’s wishes
- it is safer in terms of GDPR and ZEK
- people on websites usually give their consent immediately upon arrival.
However, if you need all the data and use a less aggressive banner, the first option may also be suitable for you.
This article describes my view on the matter. I am not responsible for the settings on your website.
Do you want to be sure that everything is working as it should?