Under Google’s updated EU user consent policy, you must make certain disclosures to your users in the European Economic Area (EEA) and the UK and obtain their consent for the use of cookies or other local storage where legally required, and for the collection, sharing and use of personal data for ads personalisation. This policy reflects the requirements of the EU ePrivacy Directive and the General Data Protection Regulation (GDPR).
This article addresses some of the top questions in relation to the EU User Consent Policy audit. To learn more about the policy, visit our EU user consent policy Help Centre.
FAQs
You must obtain end users’ legally valid consent to:
- the use of cookies or other local storage where legally required and
- the collection, sharing and use of personal data for personalisation of ads.
When seeking consent you must:
- retain records of consent given by end users; and
- provide end users with clear instructions for revocation of consent.
Our policy requires identification of each party that receives end users’ personal data as a consequence of using a Google product. It also requires prominent and easily accessible information about the use of end users’ personal data. We have published information about Google’s uses of information. To comply with the disclosure obligations with respect to Google's uses of data, we recommend linking to that page.
Our EU user consent policy requires that you clearly identify each party with whom data will be shared. So whether you use a custom set of ad technology providers or use the commonly used set, you will need to list these providers for your users. You can view these controls and the list of ad technology providers in your Ad Manager, AdSense, or AdMob account. Learn more about ad technology providers
For further information on the common mistakes when implementing a consent mechanism, review this list.
- Have you explained to users how their personal data will be used when they give their consent to collect them on your site or app? (e.g. are they aware that their personal data will be used for personalisation of ads and that cookies may be used for personalised and non-personalised advertising?)
- Have you checked that your consent notice is being displayed when your site or app is accessed by users from all EEA countries?
- Is your consent notice easily readable and visible? (e.g. does your consent notice mention 'cookies', 'data' or 'information' in the first layer?)
- Have the users been given an option to take affirmative action to indicate consent? (e.g. clicking an 'OK' button or an 'I agree' button)
- Have you disclosed which third parties (including Google) will also have access to the user data that you collect on your site or app?
- Have you informed users about how Google will use their personal data when they give consent on your site or app? (e.g. by including a link to Google’s Privacy & Terms site)? What about how other third parties will use their personal data?
- If you monetise only with Non Personalised Ads, have you checked that you obtain users’ consent to the use of cookies or other local storage (like mobile device identifiers), where legally required? Please note that the non-personalised ads that we serve on websites still require cookies to operate.
- If you monetise Ad Manager and AdMob impressions only with limited ads, in addition to disabling the collection, sharing and use of personal data for personalisation of ads, Google does not access cookies, user identifiers or equivalent local storage on the end user’s device. Note that ad-serving technologies (our JavaScript tags and/or our SDK code) will still be cached or installed as part of the normal operation of users' browsers and mobile operating systems. This feature does not use cookies or other local storage as referenced in Google's EU user consent policy, meaning that you can use this feature under the policy even when end-user consent hasn’t been requested or has been declined. You should assess for yourself your compliance obligations, including required notice and consent, based on local law in your jurisdiction. See the Ad Manager help centre and the AdMob help centre for more details on this feature.
- If you use an IAB-certified CMP have you included 'Google Advertising Products' as a vendor?
Ad Manager
AdSense
- About the AdSense code
- Comply with EU user consent policy
- Ads personalisation settings in Google’s publisher ad tags
AdSense for Search
Google Analytics Advertising Features