When you sign up to use AdSense, you must agree to Terms and Conditions agreement of Google AdSense.
These can include but are not limited to cookies placement, location information, and specific device information. Options for how users can manage cookies should be included (especially to comply with EU Cookies Directive), but you can do this through a Cookies Policy as well.
"Section 8" also dictates that you use "commercially reasonable efforts" to ensure that you obtain consent to place and access cookies on a user's device when this is required by law.
Below is a screenshot from AdSense's Terms and Conditions agreement with "Section 8: Privacy" highlighted.
Here's the full text of what Google says:
Google AdSense uses what is called a DoubleClick Cookie. A DoubleClick cookie is a cookie that gets placed on a user's device when the user clicks on an ad on a partner's website.
Google requires all websites and mobile apps that use AdSense to inform visitors and users of Google's DoubleClick cookie usage.
Google's use of the DoubleClick cookie enables it and its partners to serve ads to your users based on their visit to your sites and/or other sites on the internet
Google doesn't give specific guidelines beyond the above points because laws vary, but so long as the above points are made, your legal agreement should be adequate to satisfy Google's requirements at least.
Sample disclosure for Google AdSense
At Step 1, select the Website option and click "Next step":
Answer the questions about your website and click "Next step" when finished:
Answer the questions about your business practices and click "Next step" when finished:
Requirements for EU businesses
While all of the above applies to businesses everywhere that use AdSense, there are specific requirements for businesses located in the EU. These requirements include the following:
Users must be informed of cookies usage on a website before any cookies are placed on that user's device
Consent for cookies placement must be obtained
Requirement 1: Inform users
When a user first visits your website, you must immediately inform them that cookies are in use on your site and link them to a page where the following information is included:
What types of cookies your site uses
What, if any, types of cookies third parties are using on your site
Technical details about the cookies in use on your site, such as how they're placed and what purposes they serve
You can give notice to visitors by using a pop-up message or banner ad that clearly and concisely lets them know that cookies are in use and that more information is available about this elsewhere on the website.
Click on the Cookie Consent link at the top of our website. Our Free Cookie Consent Solution will open:
Choose your consent preference: Implied or Express:
Customize your Cookie Consent widget with your website name, banner notice type and color palette:
Copy your Cookie Consent code and add it to your website page code before the closing of the </body> tag.
Facebook also includes the following chart that breaks down clearly for users what cookies are used, and what purposes each serves.
Requirement 2: Obtain consent
You can obtain consent to place cookies either actively or passively.
Active consent is obtained when you require a user to click something such as a check mark box showing they give consent for cookies to be used, or a Continue button that must be clicked to close the window, such as in the example below from the BBC website:
Passive consent can be obtained by letting a user know that if they continue to browse your website, it will be assumed that consent has been given.
See examples below for how passive consent can be obtained by use of a banner ad in the header of a website: