On 16 May 2023, Google announced new requirements for CMP partners that serve ads in the EEA or the UK. All partners using Google publisher products will have to use a Google-certified CMP that integrates with the IAB Europe’s Transparency and Consent Framework (TCF) when serving ads to users in the EEA or the UK. The decision follows from IAB Europe’s announcement that TCF V2.2 has been finalized.
Starting from January 16, 2024, to continue serving ads to users in the European Union, European Economic Area, and/or the United Kingdom, publishers and developers must use a Google-certified Consent Management Platform (CMP), integrated with the IAB TCF V2.2.
This applies to the following Google products:
- Google AdSense
- Google AdMob
- Google Ad Manager.
We are proud to announce that CookieScript CMP has fulfilled new IAB TCF requirements and has become a Google-certified CMP. After a successful review and evaluation process, CookieScript CMP is included in Google’s list of Google-certified CMPs and in Google’s list of Google Consent Mode integrations.
Choose a Google-certified CMP partner for your Ad compliance.
Why Is Google Requiring Certified CMPs?
The new Google requirements come due to the regulations of the latest version of the IAB TCF which standardizes consent requirements for businesses. The updates in IAB TCF 2.2 introduced several changes for improving transparency and allowing users greater control over their consent choices, and include the following requirements:
- Legitimate interest is no longer valid as a legal basis for advertising and content personalization. Explicit user consent is needed.
- Third-party vendors will have standardized data-keeping periods.
- The purpose and description of cookies must be provided in user-friendly text, not written in legal language.
- Publishers must clearly disclose the total number of vendors that a publisher uses.
- Users must be able to easily access the CMP at any time to manage or withdraw their given consent.
By introducing a CMP certification requirement for businesses that use Google products, Google is ensuring that all businesses on their platform maintain compliance with IAB TCF and provide users with privacy-first personalized experiences.
How to Choose a Google-Certified CMP Partner for Ad Compliance?
By choosing a Google-certified CMP partner, you can be sure that your CMP is aligned with Google's policies, and that you comply with privacy laws’ requirements and avoid potential penalties. Google-certified CMPs are tested and approved by Google for data handling, consent management, and privacy compliance.
Read the guide on how to choose the right Google-certified CMP for your ad compliance:
- Research Google-certified CMP list. The official list of certified CMPs is regularly updated and shows all CMPs, approved by Google. Make sure that the CMPs you consider are on this list.
- Evaluate your advertising needs. You should know your advertising requirements like how much data you collect, your target audience, and the types of ads you use. Choose the CMP that aligns with your specificity and needs.
- Compliance with the TCF and data privacy laws. Ensure the CMP complies with the latest version of IAB TCF. If the CMP is already on the Google-certified CMPs list, it means that it complies with the IAB TCF v2.2. You should also investigate whether the CMP enables collecting consent that’s compliant with other privacy laws.
- Local Storagge and Session Storage scanning and blocking. Local Storagge and Session Storage are a client-side data storage options, storing data locally on a user's browser. Like cookies, they need to be scanned and blocked to meet compliance requirements.
- Integrations. The CMP should integrate seamlessly with the tools the business already uses, like Google AdSense, Ad Manager, or AdMob. The chosen CMP should also integrate with content management systems, e-commerce platforms, and analytics tools.
- Assess customization and flexibility. The chosen CMP should allow a high level of design and function customization to align with your business’ brand and style. The CMP should also be flexible to adapt to future changes in privacy laws and advertising technologies.
- Data handling capabilities. Ensure that the CMP can manage user data in compliance with the GDPR, DPA, and other privacy regulations. The right CMP must have these data handling features: granular consent management, secure consent storage, data encryption, and others.
- Transparency and user control. A good CMP should provide clear information to users about data collection and give them the ability to opt in or out, as well as to change their consent choices easily.
- Support and maintenance. Before choosing a CMP, consider the level of support, availability, and maintenance.
- Language and jurisdiction support. If you have a multilingual website and provide services for users from different regions, choose a CMP that supports multiple languages and provides jurisdiction-specific consent management options. privacy laws around the world could be quite different. This will help you to maintain global compliance.
- Reviews and testimonials. Read reviews from other businesses that have used the CMP. Check for the testimonials not only on the page of the CMP, but also on Capterra, G2 reviews, and Google.
- Pricing. Some CMPs charge based on the volume of user data processed, while others have a flat fee, related to your web pages and banners used. Choose a pricing structure that aligns with your budget and data usage.
- Data portability and ownership. Select a CMP that keeps records of user consent which you can download for proof of compliance. Make sure that you have control over your data. You should be able to download user Cookie Consent and/or transfer your data to another CMP easily if needed. Data ownership is a critical aspect of compliance and security.
Remember, choosing the right CMP is essential for maintaining trust with your users, demonstrating your commitment to privacy, and complying with data privacy laws around the world. Choosing a Google-certified CMP partner is a fundamental step to continuing your digital marketing performance without risking advertising disruption or revenue loss and complying with data privacy regulations at the same time.
Why Should You Use a CookieScript CMP?
- Google-certified CMP. CookieScript is a Google-certified CMP partner and comes with a full IAB TCF v2.2 integration.
- Supports Google Consent Mode v2. If you want to use Google services (GA4, Google Ads, gtag, and Google Tag Manager) in the EU or EEA, you need to use a Google-certified CMP.
- Local Storagge and Session Storage scanning and blocking. GDPR and other privacy laws require blocking of cookies, Local Storagge and Session Storage until user consent is given. However, majority of CMPs do not offer this functionality. CookieScript blocks both Local Storagge and Session Storage.
- Multiple integrations. CookieScript CMP integrates easily with Google services automatically via Google Tag Manager, so you could use Google advertisement products easily. The CookieScript CMP is also integrated with other platforms, including content management systems such as Drupal, Magento, Shopify, WordPress, PrestaShop, etc., and analytics platforms, including Google Analytics 4.
- Fully customizable. CookieScript CMP allows Cookie Banner behavior adjustments, and design customization, and has a self-hosted code option.
- Language and jurisdiction support. CookieScript Cookie Banner and cookie declaration report is translated into 30+ languages and has geo-targeting.
- Easy to set up. CookieScript CMP could be easily implemented in just a few steps in a privacy laws-compliant way using banner settings hints for different jurisdictions.
CookieScript CMP enables compliance with multiple data privacy laws worldwide, including:
- GDPR and ePrivacy Directive for EU users
- DPA 2018 for UK users
- LGPD for Brazil users
- POPIA South African users
- PIPEDA for Canadian users
- KVKK for Turkish users
- California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA)
- Virginia Consumer Data Protection Act (VCDPA)
- Colorado Privacy Act (CPA), and others.
Frequently Asked Questions
What is a Google-certified CMP?
A Google-certified CMP is a consent management platform certified by Google to help businesses use Google advertisement products and manage user consent and data collection at the same time, needed for compliance with the IAB’s Transparency and Consent Framework (TCF) v2.2. It enables businesses to serve ads through Google’s advertising services like AdSense, Ad Manager, or AdMob. Starting from January 16, 2024, it is mandatory to use a Google-certified CMP for serving ads in the EU, EEA, and UK.
How to find a Google-certified CMP?
All Google-certified CMPs are included in the updated list of Google-certified CMPs. If you want to use Google advertisement products, you need to use a Google-certified CMP. CookieScript is a Google-certified CMP.
What is Google Consent Mode v2?
Google Consent Mode v2 is the latest version of Google Consent Mode. You need to implement Google Consent Mode v2 by March 2024, when the new Digital Markets Act (DMA) will come into force. If you want to use Google services (GA4, Google Ads, gtag, and Google Tag Manager) in the EU or EEA, you need to update to Google Consent Mode v2 by March 2024 and use a Google-certified CMP. CookieScript is a Google-certified CMP, recommended by Google for the implementation of Google Consent Mode and Google Tag Manager.
Does Google have a CMP?
Google itself does not provide its own Consent Management Platform, but it is in partnership with third-party CMPs, certifying them if they meet the IAB TCF v2.2 and other requirements. A Google-certified CMP could be selected from the list of all certified CMPs and should be used to collect cookie consent. CookieScript is a Google-certified CMP.
Why is it important to block Local Storage and Session Storage?
Local Storagge and Session Storage are a client-side data storage options, storing data locally on a user's browser. GDPR and other privacy laws require blocking of cookies, Local Storagge and Session Storage until cookie consent is given to meet compliance requirements. It's an important criteria for choosing a CMP. CookieScript CMP scans and blocks cookies, Local Storage and Session Storage.