16

Update: I have split my original question into two to let each one be more cohesive.

According to EU Article 5(3) of the E-Privacy Directive (a.k.a 'The Cookie Laws'), web sites that target EU users have to gain opt-in consent from users before they set a cookie.

See ICO Guidence

I am trying to square this with Google Adsense on my web site.

I would imagine that Google Adsense can serve ads without having to set cookies.

However, I cannot find any info on this (on the Google sites/settings panels) about how to relay information about the 'state of consent' back to Google during a page request. So, my only option seems to be that I should not embed Google tag code at all if the user has not explicitly given consent. Which seems a bit drastic.

Letting my serverside script set a 'hasConsentedToCookies=FALSE' flag in the JavaScript tags would allow me to instruct Google's services to run in a gracefully degraded fashion.

Is there a setting on Google Adsense to suppress use of cookies for users that have not yet given consent?

If so, where can I find info on this?

Community
  • 1
  • 1
JW.
  • 4,821
  • 5
  • 43
  • 60
  • 6
    The most stupid bit of law to come out of the EU. On page 13 "The person setting the cookie is therefore primarily responsible for compliance with the requirements of the law." You could argue that you are not the person setting the cookie, its google doing that. Hence its their problem. – Salix alba Mar 25 '14 at 17:08

2 Answers2

2

No, there isn't a setting in Google AdSense. Google actually just released a note about changes to the consent policy in July 2015 pointing you to a Google site called Cookie Choices, which has information about EU consent as well as links to third party solutions for managing cookie consent functionality on your sites.

So the short answer is that you need to explore the third party tools and choose the one that best addresses your particular case.

the
  • 21,007
  • 11
  • 68
  • 101
denmch
  • 1,446
  • 12
  • 20
  • 1
    Problem is that none of those tools come close to comply with the EU directive (let alone the even more out of touch laws as implemented in some of the different countries). Thing is to comply with the laws, you need to PREVENT the setting of the cookie till you have an opt-in. Hence you cannot have a pop-up and a showing of the ad at the same time (you don't have the opt-in and have loaded the cookie as Google is TOO eager to set that cookie). The only option is to try to prevent Google from setting the cookie at all (it's not useful to use publishers anyway) - pity: don't know how ... –  Jun 06 '16 at 00:40
  • 2
    @swa66 I plan to just disable the ad code until the user give permission to use marketing cookies. I hope Google will come up with a better solution ,as probably most people won't enable it so no ads will be displayed for them at all. – Liron Harel Apr 29 '18 at 13:15
  • GDPR will make this much worse, but at the same time the monster fines Google would face probably will make them yield before those enforcing the rules and regulations will start to bother small publishers. –  Apr 30 '18 at 00:16
0

I guess the closest solution would be to use Non-personalized ads (NPA) but keep in mind that if you activate GDPR messages on your site, the sites can still show personalized ads based on the users' consent decision.

Non-personalized ads are ads that are not based on a user’s past behavior. They are targeted using contextual information, including coarse (such as city-level) Geo-targeting based on current location, and content on the current site or app or current query terms. Google disallows all personalized targeting, including demographic targeting and user list targeting.

Although non-personalized ads don’t use cookies or mobile ad identifiers for ad targeting, they do still use cookies or mobile ad identifiers for frequency capping, aggregated ad reporting, and to combat fraud and abuse. Therefore, you must obtain consent to use cookies for those purposes where legally required, per the ePrivacy Directive in certain EEA countries. Google does not require you to obtain consent for using the browser’s Trust Token API to combat fraud and abuse.

Google source

John Grischam
  • 224
  • 1
  • 19