Helping publishers and advertisers with consent

Why is this important?

European laws, including the General Data Protection Regulation (GDPR) and the e-Privacy Directive, create obligations for digital publishers. They now have to give visitors to their sites and apps, information about their use and sharing of personal data, as well as the use of cookies, mobile ad IDs and other forms of local storage. In many cases these laws also require that consent be obtained.

This site is produced by Google. We work with lots of publisher partners and, based on that experience, we wanted to provide publishers and advertisers with information and access to easy-to-implement tools that can help them meet their legal obligations to get user consent.

What do I need to do?

While the GDPR is still very new, there’s guidance from data protection authorities and other groups (see below) across Europe on what is required to comply with both the GDPR and the e-Privacy Directive. We also recommend seeking legal advice on what’s right for your website or app, though we recognise that many publishers don’t have access to legal advice.

There are vendors that offer tools or solutions to add a consent function to your website, some of which are free of charge. For example:

These solutions can be configured in different ways, to address the needs of your site. It's important to note that such configurations won't control the data collection or cookies on your site automatically.

So, if you're using third-party advertising services, such as Google’s, you'll need to take steps to integrate your preferred solution with the advertising tags on your pages, to make sure that your users' preferences are respected. Each vendor offers instructions or support services for doing this.

For Google, you can find more information on the EU User Consent Policy help page. If you are a publisher and use Google services, you may want to consider the tools that we offer to help our publisher partners with compliance:

  • AMP: User control components in AMP to support consent requests
  • AdMob: SDK updates and availability of new APIs
  • Funding Choices for user consent: Solution to help publishers gain consent for serving personalised ads to EEA users. (For more details, please contact your Google Account manager.)

Carefully test any implementation of these tools on your own site.

I'm a publisher. What do I put in my consent message?

Unfortunately, we can’t tell you what your website or app consent message should say, because it will largely depend on your approach to monetisation, how you use personal data and the third-party services that you work with. However, we can give you some pointers.

Here’s a message that might be appropriate for your website, if you use products such as Google AdSense, or similar products from other organisations. Just remember, you’ll need to adjust this to suit your own choice of vendors, uses of cookies and other information.

Can we use your data to tailor ads for you?

Our partners will collect data and use cookies for ad personalisation and measurement. Learn how [site name] and our 10 partners collect and use data

You can change your choice at any time in our privacy centre

Back

You may see ads that are less relevant to you. These ads use cookies, but not for personalisation. Learn more about how we use cookies

Note: The example above talks about browser cookies. If you are writing a consent notice for an app, you might want to refer to 'mobile identifiers' instead of cookies.

In this example, a user can click 'Yes' to consent to the specified use of her data. If she clicks 'No', she is alerted that she will only see non-tailored ads, and that cookies will be used to deliver the ads. She can confirm this choice, or return. If she selects the 'Learn how…' link, she can see information about the specific vendors who will collect data for ad personalisation and measurement, and learn more about how they process the data collected. In this example, the number of partners is 10, but the number of vendors that you use on your site may be more or fewer than that.

Again, we can’t tell you what to write by way of detail: it will depend on the vendors and services that you work with, the choices that you wish to present to your users and any controls made available to users of your site.

If you’re using Google products such as Google AdSense, you’ll be required by your contract to follow Google’s EU user consent policy. Implementing a consent mechanism like this for your EEA visitors can help you meet the requirements of Google’s own policies. It should also help towards your compliance with European cookie and data protection laws.

I’m an advertiser. What do I need to do for consent?

Many advertisers use tags or code from third-party advertising services, such as Google's, to assist with things like ad measurement and remarketing. These tags cause data to be shared with these advertising service providers. An advertiser might use an advertising service’s SDK in its mobile app for the same purposes.

Again, the same caveats as above apply: we can't tell you what your website or app consent message should say because it will largely depend on the advertising services that you use, how you use personal data and the third-party services that you work with. Here is a notice that might be more appropriate if visits to your site are used for ad personalisation on your own site or other sites. You’ll notice it is very similar to the publisher notice above, and would operate in a similar manner.

Can we use your data to tailor ads for you?

Our partners will collect data and use cookies for ad personalisation and measurement. Find out how [advertiser name] and our three partners collect and use data

You can change your choice at any time in our privacy centre

Back

Your visit to this site will not influence the ads that you see elsewhere. This site uses cookies, but not for personalisation. Find out more about how we use cookies

If visits to your site do not influence the ads served elsewhere, the following notice might be appropriate:

This site uses cookies to analyse traffic and for ad measurement purposes. Find out more about how we use cookies

Again, if you are writing a consent notice for an app, you might want to refer to 'mobile identifiers' instead of cookies.

If you're using Google products such as Google AdWords or DoubleClick Digital Marketing, you’ll be required by your contract to follow Google's EU user consent policy. Implementing a consent mechanism like this for your EEA visitors can help you meet the requirements of Google's own policies. It should also help towards your compliance with European cookie and data protection laws.

Other Resources

For more information about the GDPR and its application to digital publishers and advertising:

Article 29 Working Party guidance on Consent under the GDPR (2018) Article 29 Working Party guidance on Transparency under the GDPR (2018) Article 29 Working Party guidance on Legitimate Interests (2014) IAB Europe Guidance: Five Practical Steps to help companies comply with the E-Privacy Directive (2015)

For regulatory guidance on cookie consent in advertising:

Article 29 Working Party guidance on obtaining consent for cookies (PDF, 2013) Article 29 Working Party guidance on cookie consent exemption (PDF, 2012) Article 29 Working Party guidance on online behavioural advertising (PDF, 2010)