Why is this important?
This site is produced by Google. We work with lots of publisher partners and, based on that experience, we wanted to provide any publishers with information and access to easy-to-implement tools that can help them meet their legal obligations to get user consent.
What do I need to do?
While the GDPR is still very new, there’s guidance from data protection authorities and other groups (see below) across Europe on what is required to comply with both the GDPR and the e-Privacy Directive. We also recommend seeking legal advice on what’s right for your website or app, though we recognize that many publishers don’t have access to legal advice.
There are vendors that offer tools or solutions to add a consent function to your website, some of which are free of charge. For example:
- Cookie Consent by Silktide
- Cookie Control by CIVIC
- Cookiebot by Cybot
- Cookie Consent Kit by the European Commission
These solutions can be configured in different ways, to address the needs of your site. It's important to note that such configurations won't control the data collection or cookies on your site automatically.
So if you're using third party advertising services, such as Google AdSense, you'll need to take steps to integrate your preferred solution with the advertising tags on your pages to make sure your users' preferences are respected. Each vendor offers instructions or support services for doing this.
For Google, you can find more information on the EU User Consent Policy help page. If you use Google services, you may want to consider the tools we offer to help our publisher partners with compliance:
- AMP: User control components in AMP to support consent requests
- AdMob: SDK updates and availability of new APIs
- Funding Choices for GDPR: Solution to help publishers gain consent for serving personalized ads to EEA users. (For more details, please contact your Google account manager.)
Test carefully any implementation of these tools on your own site.
What do I put in my consent message?
Unfortunately we can’t tell you what your website or app consent message should say because it will largely depend on your approach to monetization, how you use personal data and the third party services you work with. However, we can give you some pointers.
Here’s a message that might be appropriate for your website, if you use products like Google AdSense or similar products from other organisations. Just remember, you’ll need to adjust this to suit your own choice of vendors, uses of cookies and other information.
In this example, a user can click “Yes” to consent to the specified use of her data. If she clicks “No”, she is alerted that she will see only non-tailored ads, and that cookies will be used to deliver the ads. She can confirm this choice, or return. If she selects the “Learn how…” link, she can see information about the specific vendors who will collect data for ad personalization and measurement, and learn more about how they process the data collected. In this example, the number of partners is 10, but the number of vendors you use on your site may be more or less than that.
Again, we can’t tell you what to write by way of detail: it will depend on the vendors and services you work with, the choices you wish to present to your users, and any controls made available to users of your site.
If you’re using Google products like Google AdSense, you’ll be required by your contract to follow Google’s EU user consent policy. Implementing a consent mechanism like this for your EU visitors can help you meet the requirements of Google’s own policies. It should also help towards your compliance with European cookie and data protection laws.
I’m an advertiser. What do I need to do for consent?
We will add content to this page in the weeks leading up to May 25, 2018 with more information about tools available to you and a consent message that might be appropriate for your website, if you use products like Google AdWords, DoubleClick Digital Marketing or similar products from other organisations.
For more information about the GDPR and its application to digital publishers and advertising:
For regulatory guidance on cookie consent in advertising: