Last updated on 23 August 2022 by Sara Pegarella (Law school graduate, B.A. in English/Writing. In-house writer at TermsFeed)
When you sign up to use AdSense, you must agree to Google AdSense's Terms of Service.
These can include but are not limited to cookies placement, location information, and specific device information. Options for how users can manage cookies should be included (especially to comply with EU Cookies Directive), but you can do this through a Cookies Policy as well.
Section 10 also dictates that you use "commercially reasonable efforts" to ensure that you obtain consent to place and access cookies on a user's device when this is required by law.
Here's the full text of what Google says:
You can find the Google Ads Controller Terms agreement linked in the first part of Section 10 above at this link.
Google AdSense uses advertising cookies. An advertising cookie is a cookie that gets placed on a user's device when the user clicks on an ad on a partner's website.
Google requires all websites and mobile apps that use AdSense to inform visitors and users of Google's advertising cookie usage.
Google doesn't give specific guidelines beyond the above points because laws vary, but so long as the above points are made, your legal agreement should be adequate to satisfy Google's requirements at least.
While all of the above applies to businesses everywhere that use AdSense, there are specific requirements for businesses located in the EU. These requirements include the following:
When a user first visits your website, you must immediately inform them that cookies are in use on your site and link them to a page where the following information is included:
You can give notice to visitors by using a pop-up message or banner ad that clearly and concisely lets them know that cookies are in use and that more information is available about this elsewhere on the website.
You can obtain consent to place cookies either actively or passively, but passive consent is quickly becoming obsolete as privacy laws increase requirements. Because of this, active consent is a best practice and the thing to do to ensure compliance.
Active consent is obtained when you require a user to click something such as a check mark box showing they give consent for cookies to be used, or a Continue button that must be clicked to close the window, such as in the example below from EY:
While it isn't recommended, passive consent can be obtained by letting a user know that if they continue to browse your website, it will be assumed that consent has been given.
Here's an example of how passive consent can be obtained by use of a banner ad in the header of a website:
Always get consent for the use of these cookies. Active consent is the best practice method.
Make sure you let users know that they can opt out of cookies at any time, even after consent has been given. Let them know how to go about revoking consent, such as via an email link to you, or a settings page on your website.
This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice.
23 August 2022