Ready for the new Google Consent Mode v2?Jetzt mehr erfahren »
Legal

Google’s EU User Consent Policy: What companies need to know


Image of a hand holding a phone with the screen displaying a Google search page

The Google EU User Consent Policy sets out the specific requirements that publishers, advertisers, companies and other parties must adhere to when using Google services such as Google Ads. The Policy reflects the requirements of data protection laws in Europe, in particular the GDPR and the ePrivacy Directive, and therefore applies to users targeting end users in the European Economic Area (EEA) and the United Kingdom. Users who do not adhere to the Google EU User Consent Policy will therefore not be able to use Google services on their website. Below we take a closer look at the policy and the actions companies should take.

Introduced in 2015, the EU User Consent Policy has undergone significant changes, particularly in 2018 when the GDPR came into force. These changes have been driven by the need for stronger user consent methods that require users to provide informed and explicit consent before cookies and other tracking technologies can be stored or accessed on their devices. And with Google’s May 2022 update , the company has met this requirement by requiring its users of Google Ads and other services to obtain valid consent from users in the European Union (EU/EEA) and the United Kingdom.

Specifically, Google’s EU User Consent Policy requires website operators and app developers to provide end users with clear and easily accessible information about the collection and processing of their personal data. They must also identify each party that has received personal data from users in order to obtain their consent to the use of cookies or mobile identifiers.

Who must comply with Google’s EU User Consent Policy?

The EU User Consent Policy applies primarily to website operators, app developers and advertisers using Google products and targeting end users in the European Economic Area (EEA) and the United Kingdom (UK). This means that advertisers and website operators who use Google products such as Google Ads and Google AdSense must comply with this policy. Otherwise, you risk having your Google profile blocked!
The EEA includes the EU member states as well as Iceland, Liechtenstein and Norway. If you are based in the EEA or the UK and your website or app is directed to users in those regions, you must comply with this Policy.

How can compliance with the EU User Consent Policy be ensured?

Compliance with the EU User Consent Policy can be ensured by

  • Providing users with clear and easily accessible information about the collection and use of their personal data, e.g. B. through a privacy policy or a cookie policy, depending on your company’s activities.
  • Obtain explicit consent from users through mechanisms such as “I agree” or “I accept” buttons, a cookie banner, or a cookie warning.
  • Identify all parties (including Google) authorized to collect personal information from users and share this information with users. You can also display this list in your cookie banner.
  • Link to Google’s Privacy Policy and Terms of Service to inform users about how Google uses their personal data.
  • And most importantly, use a Consent Management Platform (CMP) like consentmanager to simplify all of the above steps.

Your criteria for selecting a CMP for compliance:

There are various ways to create consent mechanisms, including internal and external consent management platforms.

Google offers a list of certified consent solutions (like us!) for Ad Manager and AdMob that help streamline compliance efforts. Collaborating with CMPs and using frameworks such as IAB Europe’s Transparency and Consent Framework (TCF) can further ensure compliance.

When selecting a CMP to comply with the EU User Consent Policy, the following criteria should be considered:

  • The solution should enable clear and informed consent from users to the use of cookies and personal data.
  • It should provide customization options to reflect your specific circumstances and the options offered to users.
  • It should be integrated with IAB Europe’s Transparency and Consent Framework (TCF) , as Google has announced that Google certified CMPs must work with the TCF to serve ads in the EEA and the UK. To be on the safe side, start now with consentmanager as your Google certified platform.
  • The solution should be able to identify all parties that collect user data, including Google, and disclose this information to users.
  • It should provide a mechanism for retaining records of users’ consent.

With consentmanager , a Google certified consent management platform, you make the right (and compliant) choice. Get started today!


more comments

News

Newsletter 02/2024

DSA came into force: Does the Digital Services Act apply to your company?  In our latest article, we look at the critical updates and expanded obligations for more online sites brought about by the Digital Services Act (DSA), a key component of the EU Commission’s ‘Europe fit for the digital age’ initiative. The DSA has […]
Digital Services Act
Legal

Does the Digital Services Act (DSA) also apply to your company? Online platforms have additional obligations

The Digital Services Act sets additional transparency requirements for online platforms. The definition of an online platform under the DSA may apply to your business. As a result, you may be required to comply with the additional transparency requirements of the DSA. Read on to find out if your business falls into this category and […]