Google might suspend your Google Ads Account if you don’t have a compliant cookie banner

Blog
Google has informed that they will start auditing websites that use Google Ads. Those that do not comply with the EU user consent policy risk having their Google Ads accounts suspended.
Table of Contents

Google has informed the largest web agencies in Europe that they’ll start auditing websites that use Google Ads. The reason for the audits is that Google wants to check if the websites comply with Google’s EU user consent policy — an agreement that adheres to the GDPR, the ePrivacy directive and equivalent legislation in the UK.

The alleged audit affects Google Ads-users in EU/EEA.

If the Google Ads users are not compliant, they risk having their conversion tracking and remarketing lists deactivated, and — worst case —their entire Ads account suspended.

So, how do you know if you comply with Google’s EU user consent policy?

Let’s begin by clarifying the policy.

What is Google’s EU user consent policy?

Google’s EU user consent policy is an agreement between Google and anyone using their products in the European Economic Area (EEA)* and the United Kingdom (UK) markets.

Google’s EU User Consent Policy mirrors:
*EEA is all EU-member states plus Iceland, Liechtenstein, and Norway.

Is Google’s EU user consent policy a brand new agreement?

No, it was first introduced in 2015 and was updated on May 25, 2018, when the General Data Protection Regulation (GDPR) was enforced. Minor changes were made on October 31, 2019.

How will Google ensure compliance with the EU user consent policy?

As of this latest update, sent out to the biggest agencies in Denmark, Google will ensure compliance by scanning websites that use their Google Ads product. If a site is found to be non-compliant with the EU user consent policy, they will be notified.

What do I need to do in order to comply with Google’s EU user consent policy?

In short, you need to collect freely given consent in a transparent manner from your visitors or users, in accordance with the requirements in the ePrivacy directive, and in line with how the GDPR defines consent.
The policy applies to both websites and mobile applications.
To make this process easier, Google recommends that you use a Google-certified Consent Management Platform (a CMP), such as Cookie Information.

What does the need to collect consent mean in Google’s EU user consent policy?

1. This may go without saying, but first, your cookie banner has to be displayed when a user from the EEA accesses it.

2. Then, you have to make sure that the cookie banner informs your users of how their personal data will be used if they give their consent. This ensures users understand what they are asked to say ‘yes’ or ‘no’ to. 

Ultimately, users must be informed of how you intend to use their personal data, and that cookies may be used for both personalized and non personalized advertising.

3. In addition to this, you also have to ensure that users can see which third parties (including Google) will have access to the user data you collect on your website or app.

4. Google also underlines that you must include a link to Google’sBusiness Data Responsibility Site on the cookie banner. That way your website and app users can access the full disclosure of how Google will use their personal data if they choose to consent. The same goes for any other third parties involved.

5. No cookies are allowed to be set before the user has consented. Google underlines that even their non-personalized ads still require cookies to operate. So, you can never fire Google tags for personalized ads before consent is obtained.

6. Google also stresses that you have to allow the end-users on your website or app to revoke their consent. This means that you must provide information on how they can withdraw their consent. Additionally, withdrawing consent must be as easy as it is to give it.

Do I need to keep a record of the consents?

Yes, according to Google you need to make sure that you collect and store your users/visitors consent:
At a minimum, these should include the text and choices presented to users as part of a consent mechanism and a record of the date and time of the user’s affirmative consent.”

Is my current cookie banner compliant with the EU user consent policy?

As stated before, Google recommends using a certified cookie banner, since that will make it easier to adhere to Google’s requirements. It also ensures the cookie banner is correctly integrated with Consent Mode v2. The latter is of utmost importance to marketers if they intend to get the most out of Google Ads and Analytics while complying with the EU user consent policy.

If you want to ensure your cookie banner is set up correctly, you can test it here for free.

Does Google’s EU user consent policy apply if I don't use personal data for personalized ads?

Yes.
Also, the non-personalized ads that Google serves on websites or apps require cookies or mobile identifiers. Hence, consent is required.

Will Google’s EU user consent policy still be applicable when the third-party cookie is gone?

Yes. 

The new so-called Privacy Sandbox APIs in Chrome, which will replace the third-party cookie, will still require consent in accordance with the legal frameworks which Google’s EU user consent policy is explicitly based on.

Make sure your website is compliant today, by implementing a CMP. It’s free for 30 days, and Google Consent Mode v2 is included.