Notification

Please make sure to visit Your AdSense Page where you can find personalized information about your account to help you succeed with AdSense.

GDPR overview and guidance

Commonly asked questions about European regulations messages

Under Google’s updated EU User Consent Policy, you must make certain disclosures to your users in the European Economic Area (EEA) and the UK and obtain their consent for the use of cookies or other local storage where legally required, and for the collection, sharing, and use of personal data for ads personalization. This policy reflects the requirements of the EU ePrivacy Directive and the General Data Protection Regulation (GDPR).

This article addresses some of the top questions in relation to the EU User Consent Policy audit. To learn more about the policy, visit our EU User Consent Policy Help Center.

Common questions for European regulations messages and compliance

I have received an email to comply with the EU User Consent Policy, what does it mean?

You must obtain end users’ legally valid consent to:

  • The use of cookies or other local storage where legally required; and
  • The collection, sharing, and use of personal data for personalization of ads.

When seeking consent you must:

  • Retain records of consent given by end users; and
  • Provide end users with clear instructions for revocation of consent.

Our policy requires identification of each party that receives end users’ personal data as a consequence of using a Google product. It also requires prominent and easily accessible information about the use of end users’ personal data. We have published information about Google’s uses of information. To comply with the disclosure obligations with respect to Google's uses of data, we recommend linking to that page. 

Our EU User Consent Policy requires that you clearly identify each party with whom data will be shared. So whether you use a custom set of ad technology providers or use the commonly used set, you will need to list these providers for your users.You can view these controls and the list of ad technology providers in your Ad Manager, AdSense, or AdMob account. Learn more about ad technology providers.

For further information on the common mistakes when implementing a consent mechanism, review this checklist.

Is the "Compliance with Google’s EU User Consent Policy" email legitimate?

Yes, if you have received an email from "[email protected]" it means that the sites or apps listed in the attached text file do not comply with our Policy, which reflects our understanding of GDPR compliance based on guidance from EU and/or UK Data Protection Authorities (DPAs).

If you have further questions or concerns, please contact us at [email protected].

If I change in my ad tech partner list, will I have to reconsent all of my users?

In short, no. When you make a change to your ad tech partner list, you can choose whether you want to reconsent your users. When you save your updated ad tech partners list in Privacy & messaging, you’ll be prompted and asked if you want to reconsent your users.

 

If you’ve opted into bidder (or ad source for AdMob) auto syncing, any time a new ad tech partner is automatically added, it will not result in automatic reconsent for users.

I have error messages about "No CMP" and "Low coverage" in the Policy center — what do I need to do?

  • For sites, make sure you've deployed a CMP on all of your sites. You can do this in Privacy & messaging in the message builder and configure your targeting.
  • For apps, make sure you've deployed the UMP SDK on all apps and that it is working correctly.

I have received an email to comply with the EU User Consent Policy, what should I do next?

You need to ensure the sites or apps listed in the email comply with our Policy.

The following checklist might help you to avoid common mistakes when implementing a consent mechanism:

  • Have you explained to users how their personal data will be used when they give their consent to collect them on your site or app? (e.g., are they aware that their personal data will be used for personalization of ads and that cookies may be used for personalized and non-personalized advertising?)

  • Have you checked that your consent notice is being displayed when your site or app is accessed by users from all EEA countries?
  • Is your consent notice easily readable and visible? (e.g., does your consent notice mention "cookies," "data," or "information" in the first layer?)
  • Have the users been given an option to take affirmative action to indicate consent? (e.g., clicking an "OK" button or an "I agree" button)
  • Have you disclosed which third parties (including Google) will also have access to the user data you collect on your site or app?
  • Have you informed users about how Google will use their personal data when they give consent on your site or app? (e.g., by including a link to Google’s Privacy & Terms site)? What about how other third parties will use their personal data?
  • If you monetize only with Non Personalized Ads, have you checked that you obtain users’ consent to the use of cookies or other local storage (like mobile device identifiers), where legally required? Please note that the non-personalized ads that we serve on websites still require cookies to operate.
  • If you monetize Ad Manager and AdMob impressions only with limited ads, in addition to disabling the collection, sharing, and use of personal data for personalization of ads, Google does not access cookies, user identifiers, or equivalent local storage on the end user’s device. Note that ad-serving technologies (our JavaScript tags and/or our SDK code) will still be cached or installed as part of the normal operation of users' browsers and mobile operating systems. This feature does not use cookies or other local storage as referenced in Google's EU User Consent policy, meaning you can use this feature under the policy even when end-user consent hasn’t been requested or has been declined. You should assess for yourself your compliance obligations, including required notice and consent, based on local law in your jurisdiction. Refer to the Ad Manager help center and the AdMob help center for more details on this feature.
  • If you use an IAB-certified CMP have you included "Google Advertising Products" as a vendor?

Can Google review my consent notice and confirm if it’s sufficient?

We cannot validate consent notices for compliance with GDPR given we don’t know the circumstances of each individual company, which might differ from the core requirements of our policy (which is meant to reflect the obligations related to the use of Google products).

We recommend that you consult with your legal department regarding your compliance with the GDPR.

I don’t have a Consent Management Platform, what options do I have?

To comply with the EU User Consent Policy, partners using our publisher products—Google AdSense, Ad Manager, or AdMob—are required to use a consent management platform (CMP) that has been certified by Google and integrates with the IAB's Transparency and Consent Framework (TCF) when serving personalized ads to users in the EEA, UK, and Switzerland.
Partners can consider building their own consent solution and applying for certification, use Privacy & messaging, or use a third-party certified CMP solution. If using an already available CMP, they should consult their legal department as to the proper consent solution for their circumstances as well as ensure that the solution allows the level of customization to reflect those circumstances.

How can I correctly disclose which third parties will also have access to the user data that I collect on my sites or apps?

Our EU User Consent Policy requires that you clearly identify each party with whom data will be shared (including Google). So whether you use a custom set of ad technology providers or use the commonly used set, you will need to list these providers for your users.

You can view these controls and the list of ad technology providers in your Ad Manager, AdSense, or AdMob account.

Note: To properly disclose which third-party ad technology providers (ATPs) you work with, make sure you select the correct set in your CMP provider. For the Google CMP, you can do that in the settings page. For third-party CMPs, follow their documentation.

I have received written guidance from my local Data Protection Authority that my current approach satisfies its requirements for GDPR compliance.

If you have received written guidance from your DPA, please contact us at [email protected] and share the details.

I have further questions about EU User Consent Policy.

You can refer to our EU User Consent Policy Help Center page for more information on complying with Google’s Policy, reach out to your Google representative or contact us at [email protected].

We also recommend that you consult with your legal department regarding your compliance with the GDPR and Google’s policies.

What can I do to avoid cookies being dropped without user consent?

In order to ensure Google Advertising cookies are not being placed before receiving user consent, we suggest your work with your consent management platform ("CMP") provider.
In addition, you may refer to Google developer guides, including the following developer documentation for relevant Google products:

Ad Manager

AdSense

AdSense for Search

Google Analytics Advertising Features

Additional resources

Was this helpful?

How can we improve it?

Need more help?

Try these next steps:

Post to the help community Get answers from community members
Contact us Tell us more and we’ll help you get there
true
Unlock your revenue with personalized tips today!

Visit the Optimization tips for AdSense page to see personalized suggestions to maximize your revenue.

Unlock now

Search
Clear search
Close search
Main menu
10584561278230036050
true
Search Help Center
false
true
true
true
true
true
157
false
false
false
false