Notification

Please make sure to visit Your AdSense Page where you can find personalized information about your account to help you succeed with AdSense.

GDPR overview and guidance

Troubleshooting Google European Union (EU) user consent policy violations

Under Google’s updated EU User Consent Policy, you must make certain disclosures to your users in the European Economic Area (EEA) and the UK and obtain their consent for the use of cookies or other local storage where legally required, and for the collection, sharing, and use of personal data for ads personalization. This policy reflects the requirements of the EU ePrivacy Directive and the General Data Protection Regulation (GDPR).

This article addresses some of the top questions in relation to the EU User Consent Policy audit. To learn more about the policy, visit our EU User Consent Policy Help Center.

Expand all  Collapse all

FAQs

I have received an email to comply with the EU User Consent Policy, what does it mean?

You must obtain end users’ legally valid consent to:

  • the use of cookies or other local storage where legally required; and
  • the collection, sharing, and use of personal data for personalization of ads.

When seeking consent you must:

  • retain records of consent given by end users; and
  • provide end users with clear instructions for revocation of consent.

Our policy requires identification of each party that receives end users’ personal data as a consequence of using a Google product. It also requires prominent and easily accessible information about the use of end users’ personal data. We have published information about Google’s uses of information. To comply with the disclosure obligations with respect to Google's uses of data, we recommend linking to that page. 

Our EU User Consent Policy requires that you clearly identify each party with whom data will be shared. So whether you use a custom set of ad technology providers or use the commonly used set, you will need to list these providers for your users.You can view these controls and the list of ad technology providers in your Ad Manager, AdSense, or AdMob account. Learn more about ad technology providers 

For further information on the common mistakes when implementing a consent mechanism, review this list.

Is the "Compliance with Google’s EU User Consent Policy" email legitimate?
Yes, if you have received an email from "publisher-policy-no-reply@google.com" it means that the sites or apps listed in the attached text file do not comply with our Policy, which reflects our understanding of GDPR compliance based on guidance from EU and/or UK Data Protection Authorities (DPAs). If you have further questions or concerns, please contact us at ddp-gdpr-escalations@google.com.
I have received an email to comply with the EU User Consent Policy, what shall I do next?
You need to ensure the site(s) or app(s) listed in the email comply with our Policy. The following checklist might help you to avoid common mistakes when implementing a consent mechanism:
  • Have you explained to users how their personal data will be used when they give their consent to collect them on your site or app? (e.g., are they aware that their personal data will be used for personalization of ads and that cookies may be used for personalized and non-personalized advertising?)
  • Have you checked that your consent notice is being displayed when your site or app is accessed by users from all EEA countries?
  • Is your consent notice easily readable and visible? (e.g., does your consent notice mention "cookies," "data," or "information" in the first layer?)
  • Have the users been given an option to take affirmative action to indicate consent? (e.g.,  clicking an "OK" button or an "I agree" button)
  • Have you disclosed which third parties (including Google) will also have access to the user data you collect on your site or app?
  • Have you informed users about how Google will use their personal data when they give consent on your site or app? (e.g., by including a link to Google’s Privacy & Terms site)? What about how other third parties will use their personal data?
  • If you monetize only with Non Personalized Ads, have you checked that you obtain users’ consent to the use of cookies or other local storage (like mobile device identifiers), where legally required? Please note that the non-personalized ads that we serve on websites still require cookies to operate.
  • If you monetize Ad Manager and AdMob impressions only with limited ads, in addition to disabling the collection, sharing, and use of personal data for personalization of ads, Google does not access cookies, user identifiers, or equivalent local storage on the end user’s device. Note that ad-serving technologies (our JavaScript tags and/or our SDK code) will still be cached or installed as part of the normal operation of users' browsers and mobile operating systems. This feature does not use cookies or other local storage as referenced in Google's EU User Consent policy, meaning you can use this feature under the policy even when end-user consent hasn’t been requested or has been declined. You should assess for yourself your compliance obligations, including required notice and consent, based on local law in your jurisdiction. See the Ad Manager help center and the AdMob help center for more details on this feature.
  • If you use an IAB-certified CMP have you included "Google Advertising Products" as a vendor?
Can Google review my consent notice and confirm if it’s sufficient?
We cannot validate consent notices for compliance with GDPR given we don’t know the circumstances of each individual company, which might differ from the core requirements of our policy (which is meant to reflect the obligations related to the use of Google products). We recommend that you consult with your legal department regarding your compliance with the GDPR.
I don’t have a Consent Management Platform, what options do I have?
Partners can consider building their own consent solution, use Privacy & messaging, or use a third-party CMP solution. If using an already available CMP, they should consult their legal department as to the proper consent solution for their circumstances as well as ensure that the solution allows the level of customization to reflect those circumstances.
There are external resources available to help you choose the appropriate CMP provider, including the list of CMPs that have registered with the IAB’s Transparency and Consent Framework. Note, this list is not exhaustive of all CMPs available, nor does adopting any of these CMPs guarantee compliance with Google’s EU User Consent Policy, as this depends on the specific consent message presented to users. (For more guidance on this, please refer to the checklist for partners to avoid common mistakes when implementing a consent mechanism).
How can I correctly disclose which third parties will also have access to the user data that I collect on my site(s) or app(s)?
Our EU User Consent Policy requires that you clearly identify each party with whom data will be shared (including Google). So whether you use a custom set of ad technology providers or use the commonly used set, you will need to list these providers for your users. You can view these controls and the list of ad technology providers in your Ad Manager, AdSense, or AdMob account.
I have received written guidance from my local Data Protection Authority that my current approach satisfies its requirements for GDPR compliance.
If you have received written guidance from your DPA, please contact us at ddp-gdpr-escalations@google.com and share the details.
I have further questions about EU User Consent Policy.
You can refer to our Policy help page for more information on complying with Google’s Policy, reach out to your Google representative or contact us at ddp-gdpr-escalations@google.com. We also recommend that you consult with your legal department regarding your compliance with the GDPR and Google’s policies.
What can I do to avoid cookies being dropped without user consent?
In order to ensure Google Advertising cookies are not being placed before receiving user consent, we suggest your work with your consent management platform ("CMP") provider.
In addition, you may refer to Google developer guides, including the following developer documentation for relevant Google products:

Ad Manager

AdSense

AdSense for Search

Google Analytics Advertising Features

Additional resources

Was this helpful?

How can we improve it?
Search
Clear search
Close search
Google apps
Main menu