Beginning from 16 January 2024, publishers and developers using Google AdSense, Ad Manager or AdMob will be required to use a Consent Management Platform (CMP) that has been certified by Google and has integrated with the IAB's Transparency and Consent Framework (TCF) when serving ads to users in the European Economic Area or the UK.
Under Google’s updated EU user consent policy, you must make certain disclosures to your users in the European Economic Area (EEA) and the UK and obtain their consent for the use of cookies or other local storage where legally required, and for the collection, sharing and use of personal data for ads personalisation. This policy reflects the requirements of the EU ePrivacy Directive and the General Data Protection Regulation (GDPR).
To support publishers in meeting their duties under this policy, Google offers the ad serving options described below for users in the EEA and the UK. If you don’t make any changes as described below, the commonly used set of ad technology providers will continue to be used.
Get started
- Sign in to your AdSense account.
- Click Privacy & messaging
GDPR
The GDPR settings page appears. Update the settings for the sections on this page as described below.
GDPR Select the type of ads that you want to show
You can choose to serve non-personalised ads to all of your users in the EEA and the UK using the 'Non-personalised ads' setting below. However, if you want to give each of your users a choice between personalised and non-personalised ads, select 'Personalised ads' and follow the instructions for serving non-personalised ads on a per-request basis.
Personalised ads
Google can continue to show personalised ads as well as non-personalised ads to your users in the EEA and the UK. This is the setting that will be used unless you make a change on this page.
Personalised ads reach users based on their interests, demographics and other criteria. Because ad technology providers may collect, receive and use personal data from users in personalised ads, you must clearly identify all such ad technology providers when you obtain user consent for the collection, sharing and use of personal data for ads personalisation.
Non-personalised ads
Google will show all your users in the EEA and the UK non-personalised ads only.
Non-personalised ads are targeted using contextual information rather than the past behaviour of a user. Although these ads don’t use cookies for ads personalisation, they do use cookies to allow for frequency capping, aggregated ad reporting, and to combat fraud and abuse. Consent is therefore required to use cookies for those purposes from users in countries to which the EU ePrivacy Directive’s cookie provisions apply. Google does not require you to obtain consent for using the browser’s Trust Token API to combat fraud and abuse.
Select ad technology providers (for personalised ads)
To help with compliance under Google’s updated EU User Consent Policy, you have the option to select your preferred ad technology providers (ATPs) from a list of companies that have provided us with information about their compliance with the GDPR — all of whom also have to comply with our data usage policy to ensure publisher data is protected.
If you select these ad technology providers (including Google and other bidders and vendors), they may use data about your users for the purposes of ads personalisation and measurement.
- Choose a commonly used set of ad technology providers or create a custom set:
- Commonly used set of ad technology providers: This is the setting that will be used unless you make a change on this page.
- Custom set of ad technology providers: Select your preferred ad technology providers.
- Clearly identify the providers that you select to your users, and obtain users' consent in line with Google's EU user consent policy.
You could do this by listing your chosen ad technology providers in a consent flow, or listing your chosen providers on a separate page of your site to which you direct your users from a consent flow. In either case, to comply with Google's EU user consent policy, you should link to the details provided by each provider that describe their activities.
Set up consent gathering
You can create your own consent dialogue that displays a message on your site(s) asking your users in the EEA and the UK for consent. Learn more about passing consent signals to AdSense.
Additional considerations
Privacy Sandbox API
Google is experimenting with new ways of supporting the delivery and measurement of digital advertising in ways that better protect people's privacy online via Chrome's Privacy Sandbox initiative. When accessing certain Sandbox APIs as part of the Privacy Sandbox Origin Trials (including Topics, Fledge, and the Attribution Reporting API) you may be using personal data for ads personalisation and/or accessing local storage. The EU User Consent Policy requires you to obtain valid user consent for these actions in the same way as you rely on consent today for ads personalisation and the use of non-essential local storage in the European Economic Area and the UK.
