Google has announced a change to its user consent policy which will affect website publishers using Google products and services, including Google AdSense, DoubleClick for Publishers and DoubleClick Ad Exchange, as well as whose sites or apps have visitors arriving from the European Union. Under the new policy, publishers will have to obtain EU end users’ consent before storing or accessing their data, says Google.
The change, which is in direct response to the EU’s cookie compliance regulations, follows the arrival of the Google-published website called CookieChoices, spotted earlier this month. That site was launched with the intention of helping digital publishers obtain tools and access other resources that will aid in their obligations to obtain user consent, Google noted at the time.
These tools include code that website publishers can use to inform visitors about their cookies, as well as those that can be used to directly obtain consent, like splash screens, notification bars, or one-time, pop-up alerts that can be used on mobile apps.
Says Jason Woloz, Google’s Security & Privacy Program Manager, Display and Video Ads, in a brief announcement posted today, “it has always been Google’s policy to comply with privacy laws, so we’ve agreed to make certain changes affecting our own products and partners using Google products.”
EU regulators have pushed for years for a variety of user protections when it comes to how web users’ data and information is tracked and made available online. One of its more-discussed rulings in recent months is related to the so-called “Right to be forgotten,” which legally requires that search engines like Google process individuals’ requests for the delisting of inaccurate, outdated and irrelevant data.
Meanwhile, the EU has had regulations related to cookie-related data collection for quite some time. But what’s notable is that Google is applying this to its own services, while also challenging publishers to comply with the updated policy by a September 30th, 2015 deadline, according to an email sent out about the change. In addition, this policy will also affect those with iOS or Android applications who will have to show a message to app users upon first launch.
While before, the EU’s cookie policy has been common for those sites based in the EU, Google’s policy change will affect a number of publishers, as any site on the web could potentially have EU-based traffic.
The effectiveness of cookie-related user consent notifications is questionable, however. According to a late 2014 study on the matter, the EU’s cookie-notification policy has cost billions of euros per year in terms of compliance costs for websites, but has offered few benefits to web users. That is to say, the implementations thus far have not changed user behavior, the report found.
Unfortunately, Google can’t offer a consent message that publishers can use, because a website or app’s consent message should say “will largely depend on your own uses of cookies and other information, and the third party services you work with,” says Google. But it does offer pointers on the Cookie Choices website to help publishers get started.
Google’s post also points to other resources beyond Cookie Choices, including a Help Center FAQ which details the answers to questions publishers may have, like which products are impacted, how to tell if a current policy is compliant, how the changes affect mobile websites, and more.
Here, Google also explains that the Article 29 Working Party, an umbrella body that comprises representatives of all EU data protection authorities, requested that changes were made to how site publishers request consent from end users. Google says it understands “these principles will be applied across the industry,” which is why it’s rolling out the change now.