I am working on a website which already has the following Google Tag Manager snippets:
<script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
})(window,document,'script','dataLayer','GTM-XXXXXXX');
</script>
// ...
<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-XXXXXXX" height="0" width="0" style="display:none;visibility:hidden"></iframe>
The marketing team has started a new campaign and they have asked me to add a new GTM to the website, with a different code: GTM-YYYYYYY
<script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
})(window,document,'script','dataLayer','GTM-YYYYYYY');
</script>
// ...
<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-YYYYYYY" height="0" width="0" style="display:none;visibility:hidden"></iframe>
Is it valid to include those snippets on the same page, twice, with different codes? Or do I need to remove the old ones?
Short answer: Yes, it's valid. Technically, unlike some other TMSes, GTM doesn't conflict with other instances of itself. But if marketing does not know whether you need to keep both or delete one, then they definitely don't know what they're doing.
Longer answer: There may be logical conflicts requiring attention. If they share the same dataLayer, there may be unintended triggering. Read this for more.
Marketing may have hired a GTM specialist to implement tracking. In that case, it's fine, they will be able to tell you whether they need the old container or not. But since you're asking the question here, the answer is: No. Don't allow marketing deploying random GTM containers. Do they know that GTM can execute arbitrary JS anywhere it's deployed? Do you want to give that power over the site to third parties. Is marketing willing to take all the responsibility for it? Are they even qualified to take the responsibility for functional issues caused by the third-party container loaded?
Since marketing tends to need this kind of third party tracking on your site in cases when third parties are selling traffic and want to see how different kinds of traffic convert, GTM offers more proper ways of doing it. Give the third parties access to your GTM container, but limit their rights to only be able to propose publishing and peer-review anything they want to publish to make sure there's no malicious or incompetent code. GTM people tend to deploy unclosured minified javascript right to your DOM, taking all the sweet short (minified) global names and then conflicting with each other for those global vars, if not with the front-end code-base. Debugging something like this may take weeks. Here's more on GTM users/permissions.