Ready for the new Google Consent Mode v2? Learn more »
Legal

Google’s EU User Consent Policy: What companies need to know


Image of a hand holding a phone with the screen displaying a Google search page

The Google EU User Consent Policy sets out the specific requirements that publishers, advertisers, companies and other parties must adhere to when using Google services such as Google Ads. The Policy reflects the requirements of data protection laws in Europe, in particular the GDPR and the ePrivacy Directive, and therefore applies to users targeting end users in the European Economic Area (EEA) and the United Kingdom. Users who do not adhere to the Google EU User Consent Policy will therefore not be able to use Google services on their website. Below we take a closer look at the policy and the actions companies should take.

Introduced in 2015, the EU User Consent Policy has undergone significant changes, particularly in 2018 when the GDPR came into force. These changes have been driven by the need for stronger user consent methods that require users to provide informed and explicit consent before cookies and other tracking technologies can be stored or accessed on their devices. And with Google’s May 2022 update , the company has met this requirement by requiring its users of Google Ads and other services to obtain valid consent from users in the European Union (EU/EEA) and the United Kingdom.

Specifically, Google’s EU User Consent Policy requires website operators and app developers to provide end users with clear and easily accessible information about the collection and processing of their personal data. They must also identify each party that has received personal data from users in order to obtain their consent to the use of cookies or mobile identifiers.

Who must comply with Google’s EU User Consent Policy?

The EU User Consent Policy applies primarily to website operators, app developers and advertisers using Google products and targeting end users in the European Economic Area (EEA) and the United Kingdom (UK). This means that advertisers and website operators who use Google products such as Google Ads and Google AdSense must comply with this policy. Otherwise, you risk having your Google profile blocked!
The EEA includes the EU member states as well as Iceland, Liechtenstein and Norway. If you are based in the EEA or the UK and your website or app is directed to users in those regions, you must comply with this Policy.

How can compliance with the EU User Consent Policy be ensured?

Compliance with the EU User Consent Policy can be ensured by

  • Providing users with clear and easily accessible information about the collection and use of their personal data, e.g. B. through a privacy policy or a cookie policy, depending on your company’s activities.
  • Obtain explicit consent from users through mechanisms such as “I agree” or “I accept” buttons, a cookie banner, or a cookie warning.
  • Identify all parties (including Google) authorized to collect personal information from users and share this information with users. You can also display this list in your cookie banner.
  • Link to Google’s Privacy Policy and Terms of Service to inform users about how Google uses their personal data.
  • And most importantly, use a Consent Management Platform (CMP) like consentmanager to simplify all of the above steps.

Your criteria for selecting a CMP for compliance:

There are various ways to create consent mechanisms, including internal and external consent management platforms.

Google offers a list of certified consent solutions (like us!) for Ad Manager and AdMob that help streamline compliance efforts. Collaborating with CMPs and using frameworks such as IAB Europe’s Transparency and Consent Framework (TCF) can further ensure compliance.

When selecting a CMP to comply with the EU User Consent Policy, the following criteria should be considered:

  • The solution should enable clear and informed consent from users to the use of cookies and personal data.
  • It should provide customization options to reflect your specific circumstances and the options offered to users.
  • It should be integrated with IAB Europe’s Transparency and Consent Framework (TCF) , as Google has announced that Google certified CMPs must work with the TCF to serve ads in the EEA and the UK. To be on the safe side, start now with consentmanager as your Google certified platform.
  • The solution should be able to identify all parties that collect user data, including Google, and disclose this information to users.
  • It should provide a mechanism for retaining records of users’ consent.

With consentmanager , a Google certified consent management platform, you make the right (and compliant) choice. Get started today!


more comments

General

Newsletter 09/2024

New features: Data Subject Rights (DSR) tool The GDPR provides that those affected (such as website visitors, customers or other persons whose data is processed) enjoy certain rights. This includes, in particular, the right to query their rights and obtain information about the data processed. The rights include, among others: Our new DSR tool now […]
consentmanager logo with the text ‘consentmanager is a Google CMP Gold Partner’ on the left side. Gold medal with a ribbon next to a shield with the text ‘Certified CMP Partner’ in Google brand colours.
News

consentmanager achieves Gold Status as Google CMP Partner

consentmanager is pleased to announce that it has been named a Gold Tier CMP Partner within Google’s Consent Management Platform (CMP) Partner Program. This recognition is awarded to us with consideration of the following criteria: The latest development in the Google Partner Program makes CMP implementation easier for our customers. Now you can integrate your consent banner directly […]