Google EU User Consent Policy and the GDPR

Google EU User Consent Policy and the GDPR

Many services offered by Google, like AdSense and Analytics, help businesses and developers enhance their online presence. These services help you track user interaction with your website and tell you where most of your traffic is coming from.

However, to use these services, you need to stay in compliance with international law.

In this article, we will take a look at how Google has updated its EU Consent Policy to comply with the GDPR. We'll also discuss the requirements of this policy and how you can ensure that you meet them.


The EU Cookies Directive

The EU Cookies Directive

It may not seem like it relates here, but you need to know some background about the EU Cookies Directive that came into effect in May of 2011. As part of an amendment to the e-Privacy Directive, it was adopted by all member states of the European Union.

It applies to:

  • Businesses that are located in the European Union
  • Foreign businesses that are directed towards EU users

Under this directive, the website owners are required to inform their visitors:

  • If they use cookies
  • How they use cookies
  • How visitors can give them consent for using cookies

Websites need to display a cookies notice and obtain their visitors' consent. Most websites use banner notices for notifying visitors while asking for their consent.

Here's an example of a cookies banner notice from RT:

RT Cookies Notice Banner

Websites that require cookies for transmitting communications or for operating are exempt from displaying the cookies notice and obtaining user consent. These may include cookies like authentication cookies, user input cookies used for filling forms or adding items to shopping carts, and/or cookies required for multimedia content.

The Google EU User Consent Policy came around just as the EU Directive was passed. Although Google's policy has very stringent demands, it is very much in line with the EU Cookies Directive.

So, if your website meets the requirements of the EU Cookies Directive, you'll likely be meeting the requirements of Google's EU User Consent Policy.

Requirements of Google's EU User Consent Policy

The aim of Google's EU User Consent Policy is to help those who use Google's services meet the demands of the EU Cookies Directive. This is what the policy says:

Google's updated EU User Consent Policy

Google's EU User Consent Policy requires that users of Google's services disclose their use of cookies and obtain consent from users who are living in the European Economic Area. Failure to comply can result in limitation or suspension from using Google's services and/or termination of the agreement.

Google breaks down its requirements into two types of properties:

First, the properties under your control requirements involve any site or app that is under your control or that of your affiliate partner.

If you use Google products such as Analytics on a property that's under your control, you need to do the following:

  • Clearly identify every and any party that may collect, receive or use the end users' personal data through the Google product
  • Let users know how each party will use the personal data
  • Obtain consent to use cookies
  • Obtain consent for collecting, sharing and using personal data for personalized ads
  • Keep records of consent you obtain
  • Instruct users how they may revoke consent

Second, the properties under a third party's control requirements apply when your use of a Google product results in end-user personal data collected by a third party being shared with Google.

In these cases, Google requires that you use "commercially reasonable efforts" to make sure the third party is complying with this policy.

How to Comply

How to Comply

Compliance can be achieved fairly simply with just a few steps. Here's what you need to do.

Compliance is all about disclosing your use of cookies and obtaining appropriate consent. A good way to disclose your use of cookies and get consent from your users is through a cookies notice. These notices can link to your full Privacy Policy or Cookies Policy.

Here's an example from Janitza:

Janitza Cookies and Analytics notice with Accept cookies and Settings buttons

Note the Settings button that lets users adjust their cookie settings directly from the notice. Users are also provided with a link to the Privacy Policy where they can get more details, and consent is obtained with a clearly labeled "Accept cookies" button.

You will need to include information in your Privacy Policy or Cookie Policy that gives users more specific information about your use of cookies, including which ones you or any third parties are using and for what purpose.

Remind users that they can opt out and provide instructions for how they can do so.

Here's how HarperCollins UK details this information in a clause within its Cookie Policy:

HarperCollins Cookie Policy: Analytics Cookies clause

You'll also need to keep records of the consent you obtain.

Conclusion

To comply with Google's EU User Consent Policy:

  • Use a cookies notice on your website or app that uses Analytics or any other Google product that uses cookies
  • Obtain user consent before using cookies
  • Give users information regarding how and why you use cookies
  • Disclose any third parties that are using cookies on your website or app
  • Give users information on how they can revoke their consent at any time

By having a cookies notice and updating your Privacy Policy or Cookie Policy with a detailed cookies clause and cookies information, you'll be able to use Analytics and other Google products in line with the EU User Consent Policy.

Other Categories:

Sara Pegarella

Law school graduate, B.A. in English/Writing. In-house writer.

This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice.