Google has informed the largest web agencies in Europe that they’ll start auditing websites that use Google Ads. The reason for the audits is that Google wants to check if the websites comply with Google’s EU user consent policy — an agreement that adheres to the GDPR, the ePrivacy directive and equivalent legislation in the UK.
The alleged audit affects Google Ads-users in EU/EEA.
If the Google Ads users are not compliant, they risk having their conversion tracking and remarketing lists deactivated, and — worst case —their entire Ads account suspended.
So, how do you know if you comply with Google’s EU user consent policy?
Let’s begin by clarifying the policy.
What is Google’s EU user consent policy?
Google’s EU user consent policy is an agreement between Google and anyone using their products in the European Economic Area (EEA)* and the United Kingdom (UK) markets.
Is Google’s EU user consent policy a brand new agreement?
How will Google ensure compliance with the EU user consent policy?
As of this latest update, sent out to the biggest agencies in Denmark, Google will ensure compliance by scanning websites that use their Google Ads product. If a site is found to be non-compliant with the EU user consent policy, they will be notified.
What do I need to do in order to comply with Google’s EU user consent policy?
What does the need to collect consent mean in Google’s EU user consent policy?
1. This may go without saying, but first, your cookie banner has to be displayed when a user from the EEA accesses it.
2. Then, you have to make sure that the cookie banner informs your users of how their personal data will be used if they give their consent. This ensures users understand what they are asked to say ‘yes’ or ‘no’ to.
Ultimately, users must be informed of how you intend to use their personal data, and that cookies may be used for both personalized and non personalized advertising.
3. In addition to this, you also have to ensure that users can see which third parties (including Google) will have access to the user data you collect on your website or app.
4. Google also underlines that you must include a link to Google’sBusiness Data Responsibility Site on the cookie banner. That way your website and app users can access the full disclosure of how Google will use their personal data if they choose to consent. The same goes for any other third parties involved.
5. No cookies are allowed to be set before the user has consented. Google underlines that even their non-personalized ads still require cookies to operate. So, you can never fire Google tags for personalized ads before consent is obtained.
6. Google also stresses that you have to allow the end-users on your website or app to revoke their consent. This means that you must provide information on how they can withdraw their consent. Additionally, withdrawing consent must be as easy as it is to give it.
Do I need to keep a record of the consents?
Is my current cookie banner compliant with the EU user consent policy?
As stated before, Google recommends using a certified cookie banner, since that will make it easier to adhere to Google’s requirements. It also ensures the cookie banner is correctly integrated with Consent Mode v2. The latter is of utmost importance to marketers if they intend to get the most out of Google Ads and Analytics while complying with the EU user consent policy.
If you want to ensure your cookie banner is set up correctly, you can test it here for free.
Does Google’s EU user consent policy apply if I don't use personal data for personalized ads?
Will Google’s EU user consent policy still be applicable when the third-party cookie is gone?
The new so-called Privacy Sandbox APIs in Chrome, which will replace the third-party cookie, will still require consent in accordance with the legal frameworks which Google’s EU user consent policy is explicitly based on.
Make sure your website is compliant today, by implementing a CMP. It’s free for 14 days, and Google Consent Mode v2 is included.
