Many services offered by Google, such as AdSense, Firebase, and Analytics, could be integrated into your website, which helps companies and developers enhance their online presence. You must comply with Google EU consent policy if you want to use these services. There are many cases when Google informs you that your website is not GDPR compliant and you need to implement the changes in your consent notice to comply with the EU User Consent Policy. In this article, we will look into the most important statements under this policy and propose the solutions you have to make to comply with the privacy laws.
Problem with Google EU user consent policy
Internet forums' discussions reveal that publishers, using Google services, such as Adsense, receive emails, where they are asked to implement one of these changes in their consent notice to comply with EU user consent policy. Examples of such problems with Google EU user consent policy are listed below:
We expect users to be told how the site/app will use data — e.g. making clear that cookies are used for personalized advertising in the first layer of their consent notice.
You need to explain to users how Google will use their personal data when they give consent on your site/app e.g. by including a link to Google’s Privacy & Terms site.
c. Disclosure about Ad Technology Providers
When you use Google Ad Manager / AdSense services, there are certain third parties Ad Technology providers (ATPs) which serve and measure ads on your domain. Once you start using AdSense service then by default it selects the most commonly used ATPs to serve and measure ads on your domain. You need to disclose all these third parties you work with.
Our policy review indicates that while the site(s)/app(s) below have a consent notice in place, its wording fails to meet the requirements of our policy.
Legal basis for Google EU user consent policy and GDPR
Google's EU user consent policy applies to businesses or individuals who:
- Have users located in the European Economic Area (EEA)
Google EU user consent policy reflects the requirements of the EU ePrivacy Directive and the General Data Protection Regulation (GDPR). GDPR impacts what companies can do with sensitive personal data they collect, and it is enforced with fines.
Google requirements concerning EU user consent policy could be separated into two types:
- Properties under your control
- Properties under third-party's control.
Properties under your control
Requirements for properties under your control involve any website or app that is under your control or that of your affiliate partner. If you use Google products on these properties, you need to manage properly cookies and cookies notice:
- Clearly identify every and any party that may collect, receive or use the end users' personal data through the Google product
- Inform users how and why you will use users' personal data
- Obtain consent for collecting, sharing, and using personal data for personalized ads
- Keep records of consent you obtain
- Inform users how they could opt-out consent
You must get consent for using cookies and collecting personal data before most cookies can be placed on the devices of users in the EEA.
Important note: to comply with Google EU user consent policy and GDPR, website users should be able both accept and deny cookies with the same difficulty; cookies should be placed only after the consent is given; and in the case of Google AdSense, a list of all third-parties using cookies should be presented to the user.
Properties under third-party's control
When your website uses third-party's services, you have to manage the following:
- Inform users that you use third-parties
- Disclose the identity of the third-parties
- Obtain consent for collecting personal data by the third-parties
- Inform users how they could opt-out consent regarding third-parties.
Scan your website for free and see what cookies, including Third-Party Cookies, your website uses:
How to comply with EU privacy laws
After you disclosed the required information, you have to get appropriate consent from your website users. Google uses Google Consent Mode, which was launched in September 2020, and allows to comply with the privacy regulations without disabling services provided by Google. Google Consent Mode allows running Google services, while the users give consent to collect and use their personal data. So, Google Consent Mode satisfies both marketing and privacy interests by respecting user consent responses. More information about Google Consent Mode is available in the official Google Consent mode documentation.
- Freely given
There are implied and explicit cookie consent modes. To be compliant with privacy laws, you should provide your users an opportunity to choose whether or not they want their data to be collected. Website users should have the possibility to choose between implied or explicit Cookie Consent modes for their data tracking.
Google Adsense EU User Consent Policy.
Google Analytics Advertising Features EU User Consent Policy.
Google Analytics for Firebase EU User Consent Policy.
A practical guide for complying with Google EU user consent policy
- Is compliant with GDPR, CCPA, and other privacy laws
- Apply privacy requirements based on user location
- Get consent before your or third-party scripts loading
- Works for desktop, tablets, and mobile devices
- The cookie banner has a customized appearance to match your brand style.
Cookie Script installation through Google Tag Manager
See the guides on how to install CookieScript with Google Tag Manager how to use the Google Tag Manager Consent State Variable templateVariable template.
Troubleshooting of Google warning emails, related to EU user consent policy
1. Use IAB TCF.
Businesses throughout Europe find complying with the transparency requirements and privacy regulations of the European Union a challenging task. Interactive Advertising Bureau ( IAB) Europe has created a solution to establish a standard for acquiring consent from users that ensures businesses stay compliant with the requirements and regulations set forth by the GDPR. That solution is the Transparency and Consent Framework (TCF). CookieScript is a registered Consent Management Platform at IAB and has full integration with the latest version of IAB TCF 2.0 and stays up to date with the latest EU regulations. CookieScript can be fully integrated into the vast majority of popular hosting platforms, from WordPress and Wix to Shopify, SquareSpace, and more.
You could enable TCF 2.0 compliance features as a supplement to the regular CookieScript functionality by simply going to Banner Settings > Enable IAB TCF 2.0. Read more about IAB TCF integration.
2. Adjust the text to match Google requirements
Frequently asked questions
What is the EU user consent policy?
I have received an email to comply with the Google EU User Consent Policy, what should I do?
You need to ensure the site or app mentioned in the email complies with the Google EU User Consent Policy. See the following checklist that might help you to implement proper consent:
- Have you informed the users how and why their personal data is collected?
- Have you identified every and any party that may collect, receive, or use the end users' personal data through the Google product?
- Have you checked that your consent notice is being displayed when your site or app is accessed by users from all EEA countries?
- Is your consent notice easily readable and visible?
- Do the users have the choice to choose between accepting or rejecting the consent?
- Do you keep records of consent you obtained?
- Do you stop collecting, sharing, and using websites users' personal data if they do not give consent to use their data?
- Have you disclosed all third-parties, including Google, could access user data you collect on your website or app?
- Have you included a link to Google’s and other third-parties Privacy & Terms site?
- If you use an IAB CMP have you included "Google Advertising Products" as a vendor?
- Visit the CookieScript guide to see how to comply with the Google EU User Consent Policy.
Can Google review my consent notice and confirm it complies with the Google EU User Consent Policy?
How to choose a Consent Management Platform to ensure that my website or app complies with the Google EU User Consent Policy?
Interactive Advertising Bureau ( IAB) Europe has created a solution to establish a standard for acquiring consent from users that ensures businesses stay compliant with the requirements and regulations set forth by the GDPR. That solution is the Transparency and Consent Framework (TCF). You should choose a Consent Management Platform, which is registered at IAB. CookieScript is a registered Consent Management Platform at IAB, has full integration with the latest version of IAB TCF 2.0, and stays up to date with the latest EU regulations. CookieScript can be fully integrated into the vast majority of popular hosting platforms, from WordPress and Wix to Shopify, SquareSpace, and more.
Do I need Cookie Consent for Google ads?
What data do Google ads collect?
Google Ads collects the URL of the page you're visiting and your IP address. Apps that use Google advertising services also information with Google, such as the name of the app and a unique identifier for advertising. Read more about Google Ads, other Google services, and how to implement Google Consent Mode.