Nope, me too.

*am waiting for someone to spot what we should watch out for before i click accept*

but everyone has to accept it anyway otherwise no account ...

[adsense.blogspot.com...]

"We've also added some specific requirements that make it necessary for publishers to post and abide by a transparent privacy policy that users see."

No way out, you MUST sign it to be in, if not, forget AdSense revenues.

Hmmm I want to use my email address that is already registered, but now way it will let me.

1) Yes I'm the only one who logs in to this AdSense account.

Now at 2.. What do I pick?

a) I have an email address and password (Google Account) I already use with Google services like Gmail, Orkut, or the personalized home page.
b) I do not use these other services. I would like to create a new Google Account.

I think (b), but than I get an error: "A user with the email you specified already exists. Already have a google account? Try logging in."

:/

What should the privacy policy state exactly?

Okay got it: I needed option(a) again..

k I read it, what's different?

"publishers must notify their users of the use of cookies and/or web beacons to collect data in the ad serving process. "

Oh dear... that means we must notify our users on our site about adsense?

What what?!

So am I right in thinking that all sites that display adsense must also have a privacy policy? and thats all thats new?

The changes aren't limited to the areas above, however; we've made small changes throughout, so it's a good idea for you to review them thoroughly before accepting.

Grab your wallet.

I've stuck this on the about page on my site, as a starter:

Your privacy is important to us.
You should know that third parties may be placing and reading cookies on your browser, or using web beacons to collect information, in the course of ads being served.

But I'm going to wait for jensense to get back from SMX and go through it with her fine tooth comb to make sure I got everything before I agree.

Man, I hate these things! I couldn't even tell you what a web beacon is, but I have to warn my visitors about them? And given that people don't enter a site on the about page, they will have the cookie before they read that they might get it. Silly!

We've always prided ourselves on a NON-cookie-ized site and mention it to our readers. From the casual, non-alertist mood of the above mentioned blog my opinion upon reading it says we don't need to worry about notifying readers unless we opt into the new features like "gadget ads". They BETTER be opt-in only. Otherwise they better start posting officially sanctioned, legalese text for us to copy in as a template and specifying exactly WHERE it needs to be posted (every page, home page, pop-up which must be accepted before admission to our site). Of course doing so might also be considered unduely drawing attention to the ads and thus against other Terms. After all it's not US that is providing the tracking cookies, etc. but the distrusting advertisers. Why should I apologize for some other site's behavior when I don't even have any control over which ones I'm linking? I can't control where the reader might go to after my site so I might as well warn them that browsing the internet in general could be hazardous to their computers health. I say make THE ADVERTISER pop up a warning requiring reader acceptance upon all affected clickthrus before entering THEIR site and still pay US whether the reader accepts it or NOT! GagSense just keeps getting more disgusting every day.

[edited by: MikeNoLastName at 2:20 am (utc) on Feb. 26, 2008]

They BETTER be opt-in only.

Don't bet on it.

hmmmmm,
I think this is the perfect opportunity for ASA to pay a visit. Maybe he/she should clarify some of the questions raised here.

I have put this notice on every page that has an AdSense ad:

This page places no cookies, no user information is collected by [website name] beyond ordinary server logs.

I have MyBlogLog code on some pages with no AdSense, I think each page must have its own privacy policy.

I've always avoided cookies, but some programs use them (for example, some website stats analyzers). So my privacy policy states that the site *might* use cookies, and *might* gather statistical information, but that it can not specifically identify individual website visitors.

It's pretty easy to find a generic sample privacy policy by doing a Google search for:
website privacy policy sample

Has anyone found a FAQ on this change? Something that can help us COMPLY with the new T&Cs.

If not, might I suggest that ASA help us with the type of language we would need to verify is in our privacy notices. After all, I believe the intention is to make sure Google publishers are notifying their visitors what Google might be doing and many of us would be guessing at this point.

Re privacy policies:

It seems to me that ad-server firms and ad networks are the ones that need to divulge what they're doing with cookies, behavioral tracking, or whatever. On the site that my wife and I own, the "Privacy Policy" statement points out that we aren't responsible for any cookies that advertisers, affiliate partners, etc. might use for tracking purposes. It goes on to say:

"As a mom-and-pop operation owned by liberal-arts types, we don't even know how to spy on you. (When we hear the term 'privacy issue,' we're likely to think of an open bathroom window facing the street.)"

Maybe the "Ads by Google" logo should have a "Privacy Policy" link below it, and maybe ad-serving companies like DoubleClick and ZEDO should have little "Privacy Policy" links alongside their banners and skyscrapers that take users to explanatory pages.

I didn't get the paragraph about the cookies. Do we need to notify the users about cookies on every page with adsense products or does this only concern "new adsense products" that haven't benn released yet?

Has anyone actually seen the new TOS? When I click on the link at the bottom of AdSense I see a TOS dated November 3, 2005. It doesn't say anything about a privacy policy requirement. Also, I haven't yet seen the notice at login. Is it possible that they're rolling this out in phases?

Google these days:

1) Take a really big gun.
2) Hold down, aim at own feet.
3) FIRE!

Why do they always come up with these half-baked, not thoroughly thought-through instructions, options, products, solutions, services? Why is there no FAQ? They can't be serious to have just this blog post to communicate?

To me it looks like someone from legal department said: "Hey Adsense group, I've been thinking... Shouldn't we explain that we are collecting private data? This is a huge risk for us!", and someone from Adsense replied: "But the sites where the data collection appears to happen are beyond our control...! You know, these are not Google property." - "Ah, I understand. Well, then let's make it mandatory for the site owners to explain the data collection in their privacy policies." - "Not all of them have privacy policies." - "Heck, then let's make THAT mandatory. I'm going to change the T&C right now. Thanks for the chat."

Maybe Google realized that someone might try to sue a publisher due to gettting a cookie from an advertiser and the publisher didn't have some legal mumbo jumbo in a website privacy policy. In this case, the lawsuit would name the publisher, the advertiser, *and* Google. Guess which of those three parties will end up paying a huge chunk of change to settle out of court...

Maybe the "Ads by Google" logo should have a "Privacy Policy" link below it, and maybe ad-serving companies like DoubleClick and ZEDO should have little "Privacy Policy" links alongside their banners and skyscrapers that take users to explanatory pages.

That is a good solution. The Amazon ads on my site have exactly that - a small privacy policy link.

What's new and scary is you must notify users that your ads use beacons.
This is going to be an adsense killer if they enforce it.

Publishers must notify their users of the use of cookies and
web beacons to collect data in the ad serving process.

Just wait until newbies learn that means you are being tracked across sites whether you click on ads or not, even if you have cookies disabled.

This should be a front page topic, no? It's huge.
Wasn't Yahoo forced by law to give people an opt-out for beacons?
Here's yahoo's version: [info.yahoo.com...]

[edited by: amznVibe at 12:16 pm (utc) on Feb. 26, 2008]

Does AdSense itself collect information that we must disclose as a part of our privacy policy?

interestingly, I'm no longer being prompted to agree to the terms when I log in. Anyone else?
I wonder if someone over there has been listening? :)
(ASA - I thought the 'privacy policy link on the ad unit ala amazon' was a great idea!)

Since when was cookies suable? I place a cookie when I ban someone from my site, does that mean that their isp will sue me ?

Why would google state for you to make this known to your users?

This poses a good question, why would google now make it manadatory for you to explain to users that google are dropping cookies @ your site.

The answer in my opinion is google will be tracking user data, for that user data to be 'known' globaly across all domains.. (smartpricing v2) there will be paid per clicks happening @ other domains external to that of your site... learning what your visitor wants to get from the internet... wether or not he wants to buy new shoes one week, and a new car the next week... google will learn 'by dropping a session cookie' and them (the google bots) can work out where that user is, what he's doing, how he's surfing, what he wants to buy ...

Does anyone realise that? :]

google cookies = user spy = smartpricing v2

A detailed explaination of my theory:

1) User visits google.com and searches for Shoes./
2) Google sends a cookie to the client browser with a session id
3) google database updates with 'shoes' as a search indication the person is interested in buying 'shoes'
4) he visits a clothes dealer site and this has 'google ads' at the top... google cookie was sent from the browser to the database and the database came back 'shoes'.
5) Ads for 'shoes' now display at 'clothes + shoes website'
6) User clicks 'shoes' ad because Google knows he wanted shoes really.
7) User purchases pink shoes and walks down the street tapping his feet.
8) Advertiser =Sale, Google=Win, Publisher=Win

The bad side to this is that they could also be tracking that if a user clicked domain1.com at somesite.com and then visited youriste.com the advertisement for domain1.com may of not converted well so they decided to decrease the COST PER CLICK of the advertiser, decreasing the payout.

So this can be for and against publishers, depending on the user data google collects and the cookies stored by google ads / google services / etc.

I have had the pleasure of millions of unique visitors that have been to my sites in the last few years. My Privacy/ToS page (which is linked to from every single page on the sites) has been visited a grand total of 1,500 times, and most of those were probably bots of some type.

I'd guess that I could put "My name is Rumpelstiltskin and you owe me your first born if you use this site" and not lose a dollar a year in AdSense revenue. Not that I would put in such a clause. ;)

I just need someone, preferably AdSense, to tell me exactly what language would satisfy this requirement since I have no control over the cookies or beacons and don't know under what circumstances they would be employed. Or if they just want "Ads appearing on this site may employ cookies or web beacons."

It would be nice to tag on something like "See google.com/privacy for more information" since this is their requirement.

I hate to say it, but this does seem to have been poorly done.

[edited by: RonS at 2:06 pm (utc) on Feb. 26, 2008]