Why is this important?
This site is produced by Google. We work with lots of publisher partners and, based on that experience, we wanted to provide publishers and advertisers with information and access to easy-to-implement tools that can help them meet their legal obligations to get user consent.
What do I need to do?
While the GDPR is still very new, there’s guidance from data protection authorities and other groups (see below) across Europe on what is required to comply with both the GDPR and the e-Privacy Directive. We also recommend seeking legal advice on what’s right for your website or app, though we recognise that many publishers don’t have access to legal advice.
There are vendors that offer tools or solutions to add a consent function to your website, some of which are free of charge. For example:
- Cookie Consent by Silktide
- Cookie Control by CIVIC
- Cookiebot by Cybot
- Cookie Consent Kit by the European Commission
These solutions can be configured in different ways, to address the needs of your site. It's important to note that such configurations won't control the data collection or cookies on your site automatically.
So, if you're using third-party advertising services, such as Google’s, you'll need to take steps to integrate your preferred solution with the advertising tags on your pages, to make sure that your users' preferences are respected. Each vendor offers instructions or support services for doing this.
For Google, you can find more information on the EU User Consent Policy help page. If you are a publisher and use Google services, you may want to consider the tools that we offer to help our publisher partners with compliance:
- AMP: User control components in AMP to support consent requests
- AdMob: SDK updates and availability of new APIs
- Funding Choices for user consent: Solution to help publishers gain consent for serving personalised ads to EEA users. (For more details, please contact your Google Account manager.)
Carefully test any implementation of these tools on your own site.
I'm a publisher. What do I put in my consent message?
Unfortunately, we can’t tell you what your website or app consent message should say, because it will largely depend on your approach to monetisation, how you use personal data and the third-party services that you work with. However, we can give you some pointers.
Here’s a message that might be appropriate for your website, if you use products such as Google AdSense, or similar products from other organisations. Just remember, you’ll need to adjust this to suit your own choice of vendors, uses of cookies and other information.
Note: The example above talks about browser cookies. If you are writing a consent notice for an app, you might want to refer to 'mobile identifiers' instead of cookies.
In this example, a user can click 'Yes' to consent to the specified use of her data. If she clicks 'No', she is alerted that she will only see non-tailored ads, and that cookies will be used to deliver the ads. She can confirm this choice, or return. If she selects the 'Learn how…' link, she can see information about the specific vendors who will collect data for ad personalisation and measurement, and learn more about how they process the data collected. In this example, the number of partners is 10, but the number of vendors that you use on your site may be more or fewer than that.
Again, we can’t tell you what to write by way of detail: it will depend on the vendors and services that you work with, the choices that you wish to present to your users and any controls made available to users of your site.
If you’re using Google products such as Google AdSense, you’ll be required by your contract to follow Google’s EU user consent policy. Implementing a consent mechanism like this for your EEA visitors can help you meet the requirements of Google’s own policies. It should also help towards your compliance with European cookie and data protection laws.
I’m an advertiser. What do I need to do for consent?
Many advertisers use tags or code from third-party advertising services, such as Google's, to assist with things like ad measurement and remarketing. These tags cause data to be shared with these advertising service providers. An advertiser might use an advertising service’s SDK in its mobile app for the same purposes.
Again, the same caveats as above apply: we can't tell you what your website or app consent message should say because it will largely depend on the advertising services that you use, how you use personal data and the third-party services that you work with. Here is a notice that might be more appropriate if visits to your site are used for ad personalisation on your own site or other sites. You’ll notice it is very similar to the publisher notice above, and would operate in a similar manner.
If visits to your site do not influence the ads served elsewhere, the following notice might be appropriate:
Again, if you are writing a consent notice for an app, you might want to refer to 'mobile identifiers' instead of cookies.
If you're using Google products such as Google AdWords or DoubleClick Digital Marketing, you’ll be required by your contract to follow Google's EU user consent policy. Implementing a consent mechanism like this for your EEA visitors can help you meet the requirements of Google's own policies. It should also help towards your compliance with European cookie and data protection laws.
For more information about the GDPR and its application to digital publishers and advertising:
For regulatory guidance on cookie consent in advertising: