Latest News, Updates, Tutorials and much more

Blog

Google EU user consent policy

Google EU user consent policy

Many services offered by Google, such as AdSense, Firebase, and Analytics, could be integrated into your website, which helps companies and developers enhance their online presence. You must comply with Google EU consent policy if you want to use these services. There are many cases when Google informs you that your website is not GDPR compliant and you need to implement the changes in your consent notice to comply with the EU User Consent Policy. In this article, we will look into the most important statements under this policy and propose the solutions you have to make to comply with the privacy laws.

Problem with Google EU user consent policy

Website owners who use Google services like Ad Manager / AdSense, Firebase, Analytics, and others, placed on their websites, are getting warnings that their websites are not compliant with the Google EU user consent policy. Google EU user consent policy is part of their GDPR compliance and is related to obtaining permissions to use cookies and to personalize ads or to collect users' data. Because Google needs permission to process users' personal data they need website owners to get that permission.

Internet forums' discussions reveal that publishers, using Google services, such as Adsense, receive emails, where they are asked to implement one of these changes in their consent notice to comply with EU user consent policy. Examples of such problems with Google EU user consent policy are listed below:

a. Disclosure about use of Cookies for Personalized Ads

We expect users to be told how the site/app will use data — e.g. making clear that cookies are used for personalized advertising in the first layer of their consent notice.

b. Disclosure about Google's Privacy Policy

You need to explain to users how Google will use their personal data when they give consent on your site/app e.g. by including a link to Google’s Privacy & Terms site.

c. Disclosure about Ad Technology Providers

When you use Google Ad Manager / AdSense services, there are certain third parties Ad Technology providers (ATPs) which serve and measure ads on your domain. Once you start using AdSense service then by default it selects the most commonly used ATPs to serve and measure ads on your domain. You need to disclose all these third parties you work with.

d. Correct wording of Google's Privacy Policy

Our policy review indicates that while the site(s)/app(s) below have a consent notice in place, its wording fails to meet the requirements of our policy. 

To solve this issue, you could use the following text for your Privacy Policy, which is accepted by Google: "We use cookies to personalise content, ads and to analyse our traffic. We also share information about your use of our site with our advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services."

e. The Cookie Banner delay does not satisfy Google's Privacy Policy

You should set your cookie banner delay for not more than 3000 ms.

Continue reading the article to learn more about how to implement the requirements of the Google EU user consent policy or use CookieScript consent management platform and we will take care of your website to comply with the Google EU user consent policy.

Legal basis for Google EU user consent policy and GDPR

Google's EU user consent policy applies to businesses or individuals who:

  • Have users located in the European Economic Area (EEA)
  • Use Google products that use cookies to show personalized ads, track users or collect users' personal data.

Google EU user consent policy reflects the requirements of the EU ePrivacy Directive and the General Data Protection Regulation (GDPR). GDPR impacts what companies can do with sensitive personal data they collect, and it is enforced with fines.

Google requirements concerning EU user consent policy could be separated into two types:

  • Properties under your control
  • Properties under third-party's control.

Properties under your control

Requirements for properties under your control involve any website or app that is under your control or that of your affiliate partner. If you use Google products on these properties, you need to manage properly cookies and cookies notice:

  • Clearly identify every and any party that may collect, receive or use the end users' personal data through the Google product
  • Inform users how and why you will use users' personal data
  • Inform users that you will use cookies
  • Obtain consent to use cookies
  • Obtain consent for collecting, sharing, and using personal data for personalized ads
  • Keep records of consent you obtain
  • Inform users how they could opt-out consent

You must get consent for using cookies and collecting personal data before most cookies can be placed on the devices of users in the EEA.

Important note: to comply with Google EU user consent policy and GDPR, website users should be able both accept and deny cookies with the same difficulty; cookies should be placed only after the consent is given; and in the case of Google AdSense, a list of all third-parties using cookies should be presented to the user.

Properties under third-party's control

Requirements for the properties under a third-party's control apply when a third-party, like Google services or others, collect end-user personal data through your website. In these cases, Google requires that you use reasonable efforts to make sure the third-party has implemented the disclosures and consent requests for end-user personal data to comply with the Privacy Policy.

When your website uses third-party's services, you have to manage the following:

  • Inform users that you use third-parties
  • Disclose the identity of the third-parties
  • Obtain consent to use cookies of the third-parties
  • Obtain consent for collecting personal data by the third-parties
  • Inform users how they could opt-out consent regarding third-parties.

Google uses its consent policy for the website users inside the European Economic area along with the United Kingdom (UK). For other countries, you may need to implement your Privacy Policy according to other privacy laws.

Scan your website for free and see what cookies, including Third-Party Cookies, your website uses:

How to comply with EU privacy laws

If you want your website to comply with GDPR, CCPA, and other privacy laws, your website must fulfill all of these criteria:

Disclosure

To comply with GDPR, CCPA, and other privacy laws, you have to disclose the use of cookies, how and why you will use users' personal data, and the identity of the third-parties, as described above. The disclosure must be clear and unambiguous.

Consent

After you disclosed the required information, you have to get appropriate consent from your website users. Google uses Google Consent Mode, which was launched in September 2020, and allows to comply with the privacy regulations without disabling services provided by Google. Google Consent Mode allows running Google services, while the users give consent to collect and use their personal data. So, Google Consent Mode satisfies both marketing and privacy interests by respecting user consent responses. More information about Google Consent Mode is available in the official Google Consent mode documentation.

A good way to disclose your use of cookies, third-parties, and get appropriate consent from your users is through a cookies banner notice.

According to Article 4 of the GDPR, your Cookie Consent should be:

  • Freely given
  • Informed
  • Specific
  • Unambiguous
  • Revocable
  • Demonstrable

There are implied and explicit cookie consent modes. To be compliant with privacy laws, you should provide your users an opportunity to choose whether or not they want their data to be collected. Website users should have the possibility to choose between implied or explicit Cookie Consent modes for their data tracking.

Privacy Policy | Cookies Policy

You also have to write your Privacy policy or Cookies policy, which includes all the requirements of the Google EU user consent policy. Your company or website needs to have a privacy policy. If your website uses cookies, you also need to have a Cookie Policy. A Privacy Policy is a more general legal document that discloses how to deal with users' personal data, including cookie management. If your website already has a privacy policy, which includes a Cookie Policy, it is not mandatory to have a separate Cookie Policy.

Your privacy policy has to incorporate Google products' policy, such as AdSense, Google Analytics advertising features, and certain Firebase features. Your Privacy Policy needs to have the appropriate third-parties' information and links to the third-parties' privacy or user consent policy.

The links for Google services' privacy policy are present below:

Google Adsense EU User Consent Policy.

Google Analytics Advertising Features EU User Consent Policy.

Google Analytics for Firebase EU User Consent Policy.

So, if you disclosed all required information; got appropriate consent for using users' personal data and cookies, including Third-Party Cookies; and updated your privacy policy accordingly, your website should comply with the latest privacy laws.

Still, looks confusing? You can use CookieScript consent management platform which is easy to use and complies with Google EU user consent policy and GDPR.

A practical guide for complying with Google EU user consent policy

The easiest way to comply with Google EU user consent policy, GDPR, and other privacy laws is through a consent management platform. Use CookieScript Consent Management Platform and we will make sure that your website:

You can create a privacy policy for your website, which complies with Google EU user consent policy, in a fast and easy way. For example, you just need to select show cookie categories or show cookie declaration inside the control panel to disclose the use of cookies and how you will use users' personal data.

 Selecting cookie banner settings

If you select to show the Cookie Policy link inside the control panel, your website user will have the possibility to visit your Cookie Policy, which incorporates the Google EU user consent policy.

Cookie banner control panel

Cookie Script installation through Google Tag Manager

You could customize our cookies banner notice, which could have a similar style to your website, could disclose your use of cookies, and get appropriate consent from your users. Google Tag Manager (GTM) is the most popular platform for scripts and tags insertion into a website without modifying website source code. We have created GTM Tag templates that do all the necessary coding for you. These templates fully comply with Google EU user consent policy.

See the guides on how to install CookieScript with Google Tag Manager how to use the Google Tag Manager Consent State Variable templateVariable template.

If you want to create a user-defined variable that can later be used to read the current user consent state, you could read a guide on how to block Tags with CookieScript Consent State variable.

Read more about how to add custom styles to your Cookie Consent banner.

We also offer you a Cookie Declaration table, which allows you to notify the website users about what cookies are actually used on the website and includes Provider information together with a provider Privacy policy link. CookieScript allows you to include Cookie Declaration automatically on any page.

CookieScript has full integration with Google Consent Mode. Google allows using its own EU consent policy to comply with the privacy regulations without disabling services provided by Google.

Visit our updates about GTM templates and Provider privacy policy, which ensure that your website is compliant with Google EU user consent policy.

Troubleshooting of Google warning emails, related to EU user consent policy

You created your privacy policy, prepared cookie declaration, and got consent to use cookies and to use users' private data, but still, your website does not comply with the Google EU User Consent Policy? There are several ways how to troubleshoot the problem with the Google EU User Consent Policy:

1. Use IAB TCF.

Businesses throughout Europe find complying with the transparency requirements and privacy regulations of the European Union a challenging task. Interactive Advertising Bureau ( IAB) Europe has created a solution to establish a standard for acquiring consent from users that ensures businesses stay compliant with the requirements and regulations set forth by the GDPR. That solution is the Transparency and Consent Framework (TCF). CookieScript is a registered Consent Management Platform at IAB and has full integration with the latest version of IAB TCF 2.0 and stays up to date with the latest EU regulations. CookieScript can be fully integrated into the vast majority of popular hosting platforms, from WordPress and Wix to Shopify, SquareSpace, and more.

You could enable TCF 2.0 compliance features as a supplement to the regular CookieScript functionality by simply going to Banner Settings > Enable IAB TCF 2.0. Read more about IAB TCF integration

2. Adjust the text to match Google requirements

In some cases, you may have your privacy policy and cookie declaration, but still, Google asks to correct the wording of the Google privacy policy. In this case, adjusting text to match the Google requirements could solve the problem.

Frequently asked questions

What is the EU user consent policy?

Google's EU user consent policy is part of GDPR compliance and requires that users of Google's services disclose their use of cookies and obtain consent from users who use a website or an app in the European Economic Area. Consent is needed to use cookies and personalize ads or collect users' data. Certain Consent Management Platforms, such as CookieScript, offer cookie banners and privacy policy generators, which help to incorporate Google's and other third-parties' EU user consent policy into your privacy policy.

I have received an email to comply with the Google EU User Consent Policy, what should I do?

You need to ensure the site or app mentioned in the email complies with the Google EU User Consent Policy. See the following checklist that might help you to implement proper consent:

  • Have you informed the users how and why their personal data is collected?
  • Have you identified every and any party that may collect, receive, or use the end users' personal data through the Google product?
  • Have you informed users that you use cookies?
  • Have you checked that your consent notice is being displayed when your site or app is accessed by users from all EEA countries?
  • Is your consent notice easily readable and visible?
  • Do the users have the choice to choose between accepting or rejecting the consent?
  • Do you keep records of consent you obtained?
  • Do you stop collecting, sharing, and using websites users' personal data if they do not give consent to use their data?
  • Have you disclosed all third-parties, including Google, could access user data you collect on your website or app?
  • Have you included a link to Google’s and other third-parties Privacy & Terms site?
  • If you use an IAB CMP have you included "Google Advertising Products" as a vendor?
  • Visit the CookieScript guide to see how to comply with the Google EU User Consent Policy.

Can Google review my consent notice and confirm it complies with the Google EU User Consent Policy?

No, Google cannot validate consent notices for compliance with GDPR since Google doesn’t know the circumstances of each individual company. It is recommended to use CookieScript consent management platform, which ensures that your consent notice complies with the GDPR.

How to choose a Consent Management Platform to ensure that my website or app complies with the Google EU User Consent Policy?

Interactive Advertising Bureau ( IAB) Europe has created a solution to establish a standard for acquiring consent from users that ensures businesses stay compliant with the requirements and regulations set forth by the GDPR. That solution is the Transparency and Consent Framework (TCF). You should choose a Consent Management Platform, which is registered at IAB. CookieScript is a registered Consent Management Platform at IAB, has full integration with the latest version of IAB TCF 2.0, and stays up to date with the latest EU regulations. CookieScript can be fully integrated into the vast majority of popular hosting platforms, from WordPress and Wix to Shopify, SquareSpace, and more.

Do I need Cookie Consent for Google ads?

Yes, if your website or app uses Google Ads, you need to get your website user to get consent to use cookies by third-parties, such as Google. You need Cookie Consent from users in the European Economic Area (EEA) countries to which the EU ePrivacy Directive's cookie provisions apply. Learn more about cookie consent.

What data do Google ads collect?

Google Ads collects the URL of the page you're visiting and your IP address. Apps that use Google advertising services also information with Google, such as the name of the app and a unique identifier for advertising. Read more about Google Ads, other Google services, and how to implement Google Consent ModeGoogle Consent Mode.

New to CookieScript?

CookieScript helps to make the website ePrivacy and GDPR compliant.

We have all the necessary tools to comply with the latest privacy policy regulations: third-party script management, consent recording, monthly website scans, automatic cookie categorization, cookie declaration automatic update, translations to 34 languages, and much more.