As you probably heard, Google is enforcing compliance with its EU user consent policy in 2024. If you haven’t heard about this, then head over to this article, which gives you the specifics in a handy Q&A format.
But why is Google doing this now? They just pushed us to implement Consent Mode v2 — that should be sufficient, right?
Are you compliant if you have Google Consent Mode v2?
If you’ve implemented Consent Mode v2 correctly — so its API dances in sync with your Google-certified cookie banner — then you’re probably home safe. But then the question begs: have you implemented it correctly?
Also note that Google Consent Mode v2 is not mandatory when using Google Ads. However, you are required to have a compliant Consent Management Platform (CMP) that respects users’ and visitors’ consent choices.
But if you’re actively working with Google Ads, you want to have Consent Mode v2 implemented. Otherwise, you won’t be able to leverage remarketing lists or those fancy machine-learning algorithms. This is what provides you with modeled data, helping you optimize your campaigns.
So, Consent Mode v2 is not a prerequisite for complying with Google’s strict consent policy. But if you implemented it, you’ve probably done it by the book, and used a Google-certified CMP platform — like Cookie Information.
If you have a compliant cookie banner in all aspects, from how it reacts on users’ consent choices to how it informs and is designed — with or without Consent Mode v2 integrated properly — then yes. Essentially, if you follow the The General Data Protection Regulation (GDPR), the ePrivacy-directive, and any equivalent UK law, you’re probably home safe. Because Google’s EU user consent policy mirrors these legislations.
In case you’re not absolutely certain, here’s what you need to know.
What does the EU user consent policy say about consent?
In essence, the EU user consent policy states that you need to have a cookie banner.
More specifically, the policy says that you need to collect valid consent from your users. In order to do that, you must do the following:
1. Implement a cookie banner on your website, allowing your users to say ‘yes’ or ‘no’ to being tracked and having their personal data processed.
2. The banner must inform users about your intentions so they understand what they consent to.
3. You also have to make sure that your users can see which third parties (including Google) will have access to the user data you collect on your website or app. Hence, you must include a link to this Business Data Responsibility Site on the banner. The latter ensures that the visitor can get the full picture of how Google will use their personal data if they say ‘yes’.
4. Google also points out that cookies cannot be set before the user consents. Google underlines that even their non-personalized ads still require cookies to operate. So it’s a big no-no to fire Google tags for personalized ads before you obtain consent.
5. Google also stresses that you must allow the website or app end-users to revoke their consent. This means that end-users have to be informed how they can withdraw their consent, and that withdrawing consent must be as easy as giving it.
Why is Google enforcing consent?
In their initial heads-up, Google hasn’t disclosed why they’re putting more forceful actions behind ensuring compliant use of Google Ads. Complying with their EU user consent policy has been a requirement since 2016 (and the policy was updated in 2018 and 2019).
But they have announced that they are in the midst of ensuring compliance with the Digital Markets Act — a new and very forceful EU-antitrust regulation.
In this post Google elaborates on its DMA-compliance-efforts, stating: “[We are making] multiple upgrades to your advertising products and tools to help advertisers communicate consent for the data they collect, by our long standing EU end user consent policy.”
The “multiple upgrades” part is connected to this post, explaining how users must adapt to privacy and regulatory changes with Consent Mode.
Add to this the low adoption rate of Consent Mode v2, which we found after scanning 4000 sites in the Nordics. It’s understandable that Google wants to increase the compliance rate amongst its product users.
Regardless of what drives Google’s latest enforcement initiative, it’s clear that it correlates with their desire to ensure all websites using Google Ads do so with a compliant cookie banner — meaning a consent management platform with integrated Consent Mode v2.