Google's trying to placate Brussels etc, to seriously read about what is, and when is, this required read the EU's own page here:

[ec.europa.eu...]

It's actually quite interesting and provides a cookie consent kit deliverable in 24 languages ... good luck!

Every EU member state is free to craft their cookie laws as they see fit, so long as they follow the guidelines set by the European Union. One country may accept implied consent, while another may not. It's an ugly beast.

Not showing ads prior to (implied) consent, e.g. on first pageview, will put a big dent in any publisher's revenue.

I've just been reading through the cookie-notice-template_en.doc and as I expected in my case I am fine:

If your site does not use any cookies, just declare it (e.g. The Information Providers Guide site does not use any cookies). If your site uses the same cookies as the Commission homepage, you can just link to the top level cookie notice,

[ec.europa.eu...]

I assume this is still valid, it was dated 04/04/2014

Hi @Redbar. Do you use AdSense? That's what I started this thread for rather than normal Cookie Law discussion.

It isn't only about adsense..and thus can affect many more sites , both within and external to the EU..
Any site which has EU visitors can be affected..

Ganalytics sets the kind of Cookies that require "notification" and possibly "consent"..
[developers.google.com...]


Explanation as to why Ganalytics is affected by EU law..
[cookielaw.org...]
The latter is a commercial site..I have no connection at all with it..But it is the best explanation re Ganalytics and the EU cookie law that I could find..Hopefully the link will stand..

Other analytics systems may or may not be subject to EU cookie law..it depends how they work..pure "session cookies" are not a "problem"..Ganalytics ( and adsense ) sets cookies which track the visitor ( are "updated" on other sites ) after they leave the site..

Not all EU countries have the same "interpretation" about the EU cookie law, it is probably safest to respect / implement "notifications" and or "optouts" that take into account the most "draconian" interpretations as required by some EU countries..

It is possible to implement a script which looks at the GEO origin of the visitor, and serves them a "notification" and or "opt out" that complies with their own national interpretation of the EU cookie law..

It will never be 100% accurate ( due to AOL European subscribers , who can appear to be coming from any one of 4 or 5 EU countries ) ..there may well be other "edge cases"..The EU recognises this, it is to be hoped that Google, in it's PR anouncement designed to impress the EU legislators , also accept that it ( and indeed Google's own GEO -targeting and cookies set on Google's own properties) cannot be 100% accurate..

Google would not like to lose the adwords income from the EU, however IMO, Google would be perfectly willing to close down adsense to the EU, whether this meant "throwing the EU adsense publishers who receive EU traffic, and other non EU adsense publishers who receive EU traffic "under the bus", or not, Google could always bame the EU legislators..

Obviously which ever way it works, and whatver site owners do, there will be a loss of income to adsense publishers, larger traffic publishers will be able to "ride this out"..half of a great deal of adsense income per site is worth paying coders to write scripts to protect..smaller publishers will not be in the same position..

You've never seen any of my AdSense whinges?

Have you read the EU page? If that's what they want then do that, don't try and create some other mythical cookie directive.

The chance of anything happening to anyone is downright minimal, Google are simply ensuring they have their backs covered for EU "compliance" and for publishers to be the same.

I don't use cookies on any of my sites and AdSense still works ok for those who want to use the sites even without cookies enabled.

Easier just to block EU traffic altogether. My stuff is all targeted to US only anyway.

This cookie law should be simple; no cookies other than site critical ones till either they visit another page and by doing so giving implied consent or they follow a link in your cookie warning message and get an option to block non critical cookies.

Unfortunately it isn't simple because some say you can claim analytics cookies are critical whilst others say you can't. Then if you have activated some things in analytics you have to mention those as well so that you are not hiding anything. It is the same with adsense ads as some say as the cookies they insall are third party it isn't there problem when it is and it is the same with sharing tools.

Now for some the worst thing will be the loss in adsense revenue as if you play by the rules and don't show adsense on the first page you are going to lose a chunk of revenue (20% when I did this a couple of years back). But what is more annoying is that half of the public don't care about this cookie law and there will always be those sites you come across who take the gamble and disobey the rules believing the authorities won't check there site.

The question is how strict is Google going to get and do you really want to see if they will clamp down by not playing ball.

Easier just to block EU traffic altogether.

That's what I figure most non EU publishers will do..if their target demographic is not EU based..

The question is how strict is Google going to get and do you really want to see if they will clamp down by not playing ball.

That is indeed "The question"..

I suspect that they will want to "show the EU that they, Google, are doing something/complying"..and as such they may well be "very strict"..and cut off adsense publishers who are not complying, in Google's eyes..

Google's just trying to show "willing" with their compliance and that it has informed all of its publishers to try and enter into the spirit of the diktat ... nothing, absolutely nothing will come of this, it's been almost 3 years and NO ONE has been prosecuted.

IF they do go after anyone then a big company will pay to comply, a small company will shut and open again elsewhere ... it's like so many other European directives, a massive job creation scheme that can run and run for years with no one really giving a damn about it.

A few lines of serverside script, a GEO IP "lookup", and an "include"* and /or "redirect" ( which depends on the "lookup" data ) , is all that is needed for compliance..

This is such a total FUD disaster that I have no doubt Google will come up with some simple 2-lines-of-code solution in the next couple of months, they simply cannot leave it as it currently is, with tens of thousands of panicked AS publishers running off to third party sites desperate for answers and information.

Come September, we'll all have a good laugh about how much we were panicking.

.....won't we?

A few lines of serverside script, a GEO IP "lookup", and an "include"* and /or "redirect" ( which depends on the "lookup" data ) , is all that is needed for compliance..

None of which is a performance hit that I for one am willing to take with 10,000 simultaneous users pounding on each site. Easier to block.

That makes perfect sense, in your position I'd probably do the same.."block"*..But even blocking by GEO IP requires some server "hit"..easier ( and less of a "hit" ) to "whitelist" by GEO IP, rather than "block".."semantics" I know ;)..

*But the one way, "white listing" is less taxing on the server than the other "blocking"..your "dev" will / should know this..:)

My comment about how it is relatively simple to be in compliance was more for those who want to keep their EU visitors..especially those publishers who are EU based or whose target demographic is mainly EU based , or whose "click" income has significant percentage of EU origin..

So far I've done as little as possible to comply with this EU directive - I hate these superfluous popups that are appearing everywhere, so I just added some clear wording and relevant links to my privacy policy re cookies, and left it at that.

This email from Google may change things though - looks like I'll at least need to implement some sort of popup by Sept 30th. (That'll be on Sept 29th at about 23:55 then).

I plan for our terms to remain as now: Continued use of this site constitutes acceptance of cookies - if you don't want cookies, use another site or change your browser settings.

I believe this is acceptable to the ICO in the UK - whether it's enough for Google remains to be seen. I'll be keeping a close eye on discussions between now and then.

That'll be on Sept 29th at about 23:55 then

I think I'll wait it out, too, but leave enough time for the technical implementation.

Meanwhile, TechCrunch [techcrunch.com] reports:

While before, the EU’s cookie policy has been common for those sites based in the EU, Google’s policy change will affect a number of publishers, as any site on the web could potentially have EU-based traffic.

The effectiveness of cookie-related user consent notifications is questionable, however. According to a late 2014 study on the matter [blogs.wsj.com], the EU’s cookie-notification policy has cost billions of euros per year in terms of compliance costs for websites, but has offered few benefits to web users. That is to say, the implementations thus far have not changed user behavior, the report found.

Sigh.

I'm easily confused by this stuff.

I've read the AdSense blog and followed the links. Somewhere it said you need to integrate the pop-up notices with the ad code, but doesn't say how?

I'm USA based.
.

And does the pop up code have to be on every page? I'm in the US and get maybe 100 EU visitors a month.

I'm wondering if you can get around this by incorporating cookie compliance into your site terms and conditions, then adding a suitable banner or pop-up, i.e. "Use of this site beyond this point constitutes acceptance of our terms and conditions" (one of which is cookie dropping). This probably constitutes implied consent but the onus moves to the end user rather than the publisher.

The EU is at serious risk of disappearing up its own bureaucratic rear end.

So much work to improve load speed, changing all javascript to asynch and now comes this EU #*$!.

I have no clue how my question to the visitor should stop AdSense cookies.

When I use only AdSense and Analytics cookies, there should be a central handling at Google.
Every user agrees once at any of the sites using to to agree for cookies from AdSense and Analytics.

In my experience cookiewalls and annoying modal consent dialogs have become ubiquitous lately. So adding a modest message to a site won't be much of a pain to visitors.

I'm now implementing a fixed position div with a text like "Our partners Google and xxx can set cookies on this website in order to personalize ads and/or analyse traffic. Additionally, [text about non-tracking cookies]...", a link to the site's privacy policy and a large button with "I approve". (No opt-out button: bad luck, I have bills to pay)

I'm using the responsive, async Adsense code with one modification:

if (document.cookie.indexOf('cookieConsent=') > -1) (adsbygoogle = window.adsbygoogle || []).push({});

It seems that G doesn't set any cookies if the condition isn't met.

When a user clicks the consent button, a cookie called "cookieConsent" is set and the page will be reloaded (soft reload, location.reload(false)) in order to show the ads.

Clicking the button also adds a line to a consent log on the server, with user IP, timestamp, user agent string, consent dialog text and consent button value. I can't do much more to prove that the user actually consented, which is also part of the regulation.

I have no clue how my question to the visitor should stop AdSense cookies.

AdSense still works when browsing a site without cookies enabled, after all Gogle claims to know what ones site is about to serve up relevant ads however that may have been thrown out long ago looking at some of my ads.

And what happens when arriving at a site, refusing the cookies, but one accepted cookies from the previous site? Is AdSense going to display relevant ads or IBAs based upon the previous site(s)?

My sites are fine, I have a clear enough cookies button for people to click on IF they want to read my policy however I can tell you this from my logs that this only happens very few times a month across thousands of PVs.

It simply goes to show how badly handled this entire "privacy" necessity was discussed and implemented.

How should I remember, that a visitor does not like cookies?
I know only on sure way, to remember at the next page view, that he does not like cookies:

To set a cookie "He does not like cookies"

What happens if you don't accept cookies for privacy reasons? Do you get an annoying cookie popup on every page you visit until you give in?

I think my message might be worded something like "EU bureaucrats require this annoying pop up about cookies. -- Read more -- -- Read it already --". I think that would satisfy the regulations.

Implied consent seems to be the way to go as far I am concerned. I took a small sample of some well used UK sites to see how they handle it.

The Times - short message asking to accept cookies. Adsense displayed before I accept. If I ignore the message and click through to an article, the message stays there but no problems accessing more pages with Adsense on them.
This site does not have mobile optimised pages so it remains the same on mobiles.

Amazon UK - "Amazon uses cookies. What are cookies?" Appears mid right in small writing. The site functions perfectly if I gnore the message. And of course Amazon are writing cookies all the time.

Google (I'm in the UK and they know it) - no message at all on the home page. No message at all that I can see even after doing searches. But if I sign in then a short message appears:
Cookies help us deliver our services. By using our services, you agree to our use of cookies. Learn more Got it
The message stays until you click Got It.
In mobile mode the cookie message is not displayed. Neither is it displayed (as far as I can see) on the privacy tab. But then again the information on the privacy tab is so long that I would be dead before I read it all.

Ebay - the message says:
By using eBay, you agree to our use of cookies to enhance your experience. And it stays until you click it but the functionality is fine if you ignore it.
Ebay is mobile optimised and the message does not appear on the mobile version. However, it does appear if you click on the "privacy" link.

That small sample indicates to me that, at the moment, a short message is sufficient. It seems that the EU don't really know what their cookie policy is about, not does Google or any of the other major UK sites. It's all just guesswork and best endeavours. Just make sure the correct wording appears in your Privacy policy.

If anyone wants to exclude every single EU country from their website to avoid the problem then give it a go. What effect that will have I'm not sure as far as G is concerned but i doubt that it will cover you. People do use proxies and it's not always clear in every case where a website is being viewed from.

The whole cookie privacy thing is a dog's dinner and the EU and Google know it.

I have never really given much thought about this as most of my sites don't use cookies (except third-party ones of course). I'm not looking forward to implementing this, going to be a major headache to get it right.

From what I can see many high-traffic European sites do not comply with this regulation. It seems to depend on the country, especially Netherlands-based sites seem to take it pretty far requiring explicit consent. I've spotted four very popular Dutch sites (like newspapers) that serve up a splash page that makes it impossible to enter the page without clicking a button to accept cookies.

In Google's own EU user consent policy statement it says "You must use commercially reasonable efforts to disclose clearly, and obtain consent to, any data collection, sharing and usage.."

[google.com...]

I'm going with an implied consent and delivering ads as before - as I don't think removing ads before consent is given is 'commercially reasonable'

Today, for the first time, when visiting a google property blog, I was presented with

This site uses cookies from Google to deliver its services, to personalise ads and to analyse traffic. Information about your use of this site is shared with Google. By using this site, you agree to its use of cookies. Learn More Got it

This was not the case yesterday.

I implemented it yesterday. Went implied consent way with Got It! button and Read More link that points to privacy policy page where I added links to Analytics Help and Anaylitcs opt-out browser plugin.

CTR is way down today. Too soon to tell if it's because of Cookie message.

I looked at the javascript code for the SilkTide implementation. Seems simple enough, just placing something in the head of the html.
What I don't get is is there a way to only have the code trigger for certain countries? (as in never for my USA visitors) Can javascript query the user's IP address?
Or am I doing the query with php and then allowing it to incorporate the javascript into my html?
I looked at the IP addresses just used by one country (Belgium), which seemed to be a maze of numbers. Doing the whole EU is going to be one hell of a big IF THEN statement.