Beginning January 16, 2024, publishers and developers using Google AdSense, Ad Manager, or AdMob will be required to use a Consent Management Platform (CMP) that has been certified by Google and has integrated with the IAB's Transparency and Consent Framework (TCF) when serving ads to users in the European Economic Area or the UK.
To support publishers in meeting their duties under this policy, Google offers the ad serving options described below for users in the EEA and the UK. If you don’t make any changes, the commonly used set of ad technology providers (ATPs) will continue to be used.
- Sign in to Google Ad Manager.
- Click Privacy & messaging.
- Click GDPR.
- Click Settings. On the GDPR settings page, update the settings for the sections on this page as described below.
Only the built-in Administrator user role has edit permissions by default. For a custom user role to see this page, you need to update the permissions to include the View privacy & messaging or Edit privacy & messaging permissions.
You can choose to serve non-personalized ads to all of your users in the EEA and the UK using the “Non-personalized ads” setting below. However, if you want to give each of your users a choice between personalized and non-personalized ads, select “Personalized ads” and follow the instructions for serving non-personalized ads on a per-request basis.
Google can continue to show personalized ads as well as non-personalized ads to your users in the EEA and the UK. This is the setting that will be used unless you make a change on this page.
Personalized ads reach users based on their interests, demographics, and other criteria. Because ad technology providers (ATPs) may collect, receive, and use personal data from users in personalized ads, you must clearly identify all such ad technology providers when you obtain user consent for the collection, sharing, and use of personal data for ads personalization.
- For ads from Google Demand sources (such as the Google Display Network (GDN) and Display & Video 360): Google will restrict creatives from serving (and from competing in the auction) based on pixels from non-consented entities.
- For ads from non-Google demand sources (such as Real-time bidding (RTB) Ad Exchange buyers and Exchange/Network Bidding partners): It’s the responsibility of the third-party demand source to only include pixels from consented entities in its creatives. Google will send bidders a list of the consented entities in the RTB callout.
Google will show all your users in the EEA and the UK only non-personalized ads for Open Auction, First Look, Private Auctions, Preferred Deals, and Programmatic Guaranteed deals, and won’t serve other line items with audience targeting for users in the EEA and the UK. Selecting Non-personalized ads will also remove personalization options when enabling specific line items.
When a signed-in Google user in the EEA or the UK has directly provided Google with age information, and is under the age of consent set by GDPR, Google will only serve non-personalized ads to that user, regardless of the publisher's EU user consent settings within Google Ad Manager or whether the publisher passes a non-personalized ads signal in the ad tag.
- If you already set up rules to block user-based data, you should still select the Non-personalized ads option here to ensure that only non-personalized ads are shown. Google will apply the more restrictive settings.
- The Non-personalized ads option is now supported for Real-time bidding (RTB) buyers, including Ad Exchange third-party buyers and Exchange/Network Bidding partners.
To help with compliance under Google’s updated EU User Consent Policy, you have the option to select your preferred ad technology providers (ATPs) from a list of companies that have provided us with information about their compliance with the GDPR — all of whom also have to comply with our data usage policy to ensure publisher data is protected.
If you select these ad technology providers (including Google and other bidders and vendors), they may use data about your users for the purposes of ads personalization and measurement.
- Ad technology providers are not the same as mediation networks. This selection won’t affect mediation.
- Learn how ad technology controls are handled when a Google Ad Manager account is linked to multiple Ad Exchange/AdSense accounts.
- Choose a commonly used set of ad technology providers or create a custom set:
- Commonly used set of ad technology providers: This is the setting that will be used unless you make a change on this page.
- Custom set of ad technology providers: Select your preferred ad technology providers.
- Clearly identify the providers you select to your users, and obtain users' consent in line with Google's EU User Consent Policy.
You could do this by listing your chosen ad technology providers in a consent flow, or listing your chosen providers on a separate page of your site to which you direct your users from a consent flow. In either case, to comply with Google's EU User Consent Policy, you should link to the details provided by each provider that describes their activities.
Declare ad technology providers that you work with on reservation creatives. Reservation creatives are associated with non-programmatic line items, including guaranteed (Sponsorship and Standard) and non-guaranteed (Network, Bulk, Price Priority, and House).
Google will check for consent for any ad technology providers that you declare when determining whether reservation creatives are eligible to serve.
You can create your own consent dialog that displays a message on your sites or apps asking your users in the EEA and the UK for consent.
Consent for apps
After updating your app code, you’ll re-upload your app to the Google Play or App Store. You may need your network ID.
Consent for the web
Learn more about passing consent signals to Google Ad Manager.
Privacy Sandbox API
Google is experimenting with new ways of supporting the delivery and measurement of digital advertising in ways that better protect people's privacy online via Chrome's Privacy Sandbox initiative. When accessing certain Sandbox APIs as part of the Privacy Sandbox Origin Trials (including Topics, Fledge, and the Attribution Reporting API) you may be using personal data for ads personalization and/or accessing local storage. The EU User Consent Policy requires you to obtain valid user consent for these actions in the same way as you rely on consent today for ads personalization and the use of non-essential local storage in the European Economic Area and the UK.