>>>
So, I can see why you called yourself EUmember then.
<<<

I am, by person, an EU citizen, I live in the EU ... which does not mean that, for the owners of my websites or servers, the same must be true.
You see, the websites do not offer services and do not sell anything, never in my life have I tracked people or sold or bartered any data in my possession. On all my webpages, people not using javascript were always explicitely welcome and the only personal data that run through my sites is the IP adresses of the visitors.
The only cookies being used are those from adsense (which is for me a plus revenue, not a business model).

So, in other words, I could go by without compliance, but nevertheless I am exploring ways to comply with it, because I try to view the whole issue from the law side and from the customer side, although I noticed meanwhile that on both sides, there seem to be quite a few effects that probably -hopefully- were originally not intended. I don't have to, but I WANT to comply with the GDPR - unfortunately, the more I look into it, the less confident I become that this is possible without running any risk (and I ask myself, what is a law for when it is not clear and precise on what to do or not to do?)

Let me paint a picture: Instead of requiring people to wear setbelts in a car, they require now every house and tree to be equipped with big cushions, so that people in cars will not be hurt when they drive their cars into it. And if there is one cushion missing, you have to pay and even can loose your house, even when nobody every bumped into it.

Let me paint a picture: Instead of requiring people to wear setbelts in a car, they require now every house and tree to be equipped with big cushions, so that people in cars will not be hurt when they drive their cars into it. And if there is one cushion missing, you have to pay and even can loose your house, even when nobody every bumped into it.

Do not give ideas to the regulators :)

>>>
That doesn't mean that a EU citizen cannot visit your website though and since he can do it, you have to take action.
<<<

We were talking in this thread about two different things. How it affects ADSENSE on a website and how it affects a website by itself (eg. when you have cookies, but no adsense or adsense-for-eu on your site).

For the adsense issue, and this is main thread content, it is very clear - you have to comply with the GDPR or Google can shut you down.

For the other issue, it should be clear as well - how will an EU data protection agency come after you when you have no EU customers and no EU outsets? They simply won't and can't.

Well, I'll be showing non-personalized ads with a basic cookie consent banner, which should be enough to keep my AdSense account in good standing (since that is what Google says on the AdSense website). And for now, that's all I care about.

I have found here a nice article about the new adsense API options for consent calls and screens:

[ctrl.blog...]

@Cralamarre [wordpress.org...] This seems to be a good solution for WordPress.

That's what I am going to do :)

@EUmember, thanks for the link to the article. After reading the section "Opting out of personalized ads", it again sounds like switching to non-personalized ads is the easiest solution and avoids the much stricter GDPR rules.

Thanks @MayankParmar, that does look like a good solution. Beats the heck out of paying monthly Cookiebot fees.

Really, why bother giving EU users the choice of viewing personalized or non-personalized ads? 99% of users will say no to the cookies anyway, so why go through all the hassle.

[edited by: Cralamarre at 2:38 pm (utc) on May 11, 2018]

>>>
After reading the section "Opting out of personalized ads", it again sounds like switching to non-personalized ads is the easiest solution and avoids the much stricter GDPR rules.
<<<

Yes, that is my opinion as well - for the time being.

I'm with Cralamarre on this one. I mean, as I mentioned in my other post, the way Google displays information on their Adsense UI tells us they have different expectations for the two options (personalized vs. non-personalized ads).

If they don't, then they really need to update that section for clarity.

For personalized ads, they give us options for ad tech providers, an explanation of how personalized ads fall under their new EU User Consent Policy (directly stating here that "Ad technology providers (including Google and other ad networks and vendors) use data about your users"). They even give us a link for info on setting up "consent gathering."

But for non-personalized ads? It says none of this. Surely, if non-personalized ads also used "data about your users" requiring GDPR-level explicit consent, they would explicitly state this, as they do under the non-personalized ads option. Why wouldn't they? The implication here, having that info present under personalized ads but not the other, is that non-personalized ads do not feature "Ad technology providers" that "use data about your users."

Is this not true?

And then, if you click the "Learn More" link to their "Comply with EU user consent policy" page, they take time to single out the ePrivacy Directive only under the section about non-personalized ads, but not personalized ads. Instead, under the personalized ads section, they again explicitly state that these do "collect, receive, and use personal data from users." In fact, for non-personalized ads, they straight up say, "these ads don’t use cookies for ads personalization."

There's only one way I can logically read any of this as far as Adsense is concerned, and that's that non-personalized ads don't contain ads personalization, and therefore don't use cookies with personally identifiable information, and therefore don't require the special explicit, prior consent defined by the GDPR. They do, however, contain general non-tracking cookies for the actual performance of the service ("for frequency capping, aggregated ad reporting, and to combat fraud and abuse"), and therefore still require consent as we've been used to under the ePrivacy Directive.

That's just my reading, but as far as Google's policies alone are concerned, it just doesn't make sense any other way.

There's certainly a ton of FUD being pushed around, though, a bunch of "You must do this or game over!" Which, as someone else said, is pretty much exactly what was going on back when the original cookie law was heading for us.

Thank you BoredMeteor

@BoredMeteor, Your interpretation of Google's information is exactly the same as mine. So, non-personalized ads, and a general cookie consent banner like the plugin MayankParmar suggested, should be enough to keep our accounts in good standing.

But can we trust any such random plugin?

Apparently not. I clicked the demo of it and nothing happened. No cookie banner.

Cralamarre: "Apparently not. I clicked the demo of it and nothing happened. No cookie banner."

I just checked it myself, and it seems to work in conjunction with another plugin (GeoIP Detect plugin) to only show it to users visiting your website from EU countries. I jumped onto an online proxy through Germany and it did pop up. It just says "This site uses cookies to improve your experience. Read more." with "Read more" being a link to a cookie policy.

Only problem is that it doesn't seem to have an "okay" button or anything, just the X. But apparently the plugin gives you an option to add a button.

Personally, when using that kind of banner, I've just showed it to everyone. But I'm still deciding how I'm going to implement this stuff, myself.

I was thinking of giving one of the ones Google recommends a try, the one by Silktide
[cookieconsent.insites.com...]

It says on their website, "We’re the world’s most popular solution to the EU Cookie Law."

It says on their website, "We’re the world’s most popular solution to the EU Cookie Law."

Cookiebot too - "The most used solution for GDPR compliant use of cookies and online tracking"

My thinking with Cookiebot is that it's overkill if all you're doing is showing non-personalized ads, especially since there's a monthly fee involved. What do you think?

It says on their website, "We’re the world’s most popular solution to the EU Cookie Law."

Cookiebot too - "The most used solution for GDPR compliant use of cookies and online tracking"

First of all Cookie Law and GDPR are diffferent things, so these two claims are not incompatible. But they remain claims, on the Internet , everybody always claim to be the most use, the leader, etc... didn't you notice? To be a truth, it would need to be audited by a third part authority, something which has access to the stats of all companies in a domain, and which can validate that such or such one, has the largest number of active users, or things like that... otherwise it has absolutely not value. there are exception of course, when Facebook claims to be the largest social network in the world, then it's easy to trust (even if Google, at some point claimed the same, since they automatically made each user of a Google's service to be counted in their own social network...)

It would be more honest to claim "One the most popular solution etc..."

However, it's not hard to believe the claim of Silktide , since their solution is available since the Cookie Law exists , and they are listed on Google's cookie consent page. So obviously, nearly every adsense users, who are not coding themselves a cookie banner, are using it.

My thinking with Cookiebot is that it's overkill if all you're doing is showing non-personalized ads, especially since there's a monthly fee involved. What do you think?

I agree, it looks like an opportunist business which is surfing on the buzz of the GDPR's fears. (this doesn't mean their service is not good, but I think it's excessive yes).

Cralamarre: "My thinking with Cookiebot is that it's overkill if all you're doing is showing non-personalized ads, especially since there's a monthly fee involved. What do you think?"

I'm in agreement there. I don't think I'll be paying any new monthly fees just for the sake of GDPR.

You know, I'm really suspicious of any new regulations that lead to whole new money-making industries for third parties. Things like Cookiebot, with a monthly fee...who's really benefiting from all this regulation? It's not us, and while it may be a "feel good" moment for consumers worried about online privacy, in the long run the "worst case scenario" (that is, full enforcement/fines/terminations against all websites, big and small, no matter what) could only lead to an Internet dominated by huge corporations, who would no doubt use their vast resources to find new and creative ways/loopholes to exploit people.

They wouldn't be hurt, really. We would.

[edited by: BoredMeteor at 6:19 pm (utc) on May 11, 2018]

Cookiebot lets you target the banner by location, so it only shows in the EU. Can you do that with Silktide?

Cookiebot lets you target the banner by location, so it only shows in the EU. Can you do that with Silktide?

Yes, of course. Only amateurs would release this kind of solution without Geo targeting.

And for the sake of the amateurs among us, how would one use Geo targeting to control where Silktide shows the banner? Is there an easy WordPress solution?

I don't know wordpress so I can't say, but may be this page can help : [monetizemore.com...]

Otherwise, here is the documentation : [cookieconsent.insites.com...] using the "regionalLaw" parameter.

@Cralamarre, my policy too, switching off personalised ads for EU and leaving it at that - I will mention that I'm doing that too in my new privacy page.

But afterwards, I have shortlist of websites currently peppered with personalised ads. If those sites are still running those same personalised ads here in the UK a week after GDPR, I'll be switching personalised back on via AdSense, removing that line from my PP and then playing a waiting game.

The UK ICO has made it crystal clear they will push companies towards compliance, many carrots before a stick is even mentioned. I will act when pushed. If the UK internet scene as a whole is still pushing personalised ads in June (and that is 98% my expectation), I will follow suit, but be prepared to switch them back off should the scenery alter.

I think GDPR will change things massively - but not yet. They will chase low hanging fruit first, big sites playing fast and loose with sensitive data. Ad-serving cookies will be way way down the list and probably not on the radar for years. That's my hunch, as it was for the Cookie Law.

And as others have said, it's in some ways more worthwhile watching what Google's reaction will be. This and other forums will be the canary in the coalmine for that one. With personalised ads switched off on 25th May, I will look out for any signs of G cracking down on those that haven't followed suit. If they do for this what they did for EU Cookie Law, I'm not too concerned. They have a bottom line that they've always prioritised over anything else.

@ChanandlerBong That sounds like a great plan. I may do the same, turning off personalized ads on May 25, but if after a few weeks, no one seems to care that much about it, I might turn them back on. As I mentioned in an earlier post, to this day my site does not include a cookie consent banner for EU users, which means I've been in violation of the E-privacy law for a few years now. And absolutely nothing has happened. If I check my policy violations page in my AdSense UI, I see a nice big Thumbs Up telling me to keep up the great work. Will do! :)

[edited by: Cralamarre at 7:37 pm (utc) on May 11, 2018]

Im using since 2015 solution from [primebox.co.uk...]

Easy to.implement with a lot options. Only what i've added is geolocation php script to call script above when it is needed for the visitors from EU.

I just checked my AdSense report for the past 30 days, and turns out, I actually make more money from contextual ads than I do from personalized ads. So maybe turning off personalized ads for EU visitors won't be that big of a deal. I guess we'll see.

If you go to cookiebot and enter your domain, it will analyze your site and tell if you are compliant, what you have to do to become compliant, etc. All with the idea of selling you a subscription, of course.

I host my own version of a cookie consent notice. Loads faster & less chance of it getting hung up traveling across the internet from 3rd party servers (which cannot ever be trusted anyway.) I wouldn't want a user to quickly load a couple pages without getting the cookie notice, then thinking i wasn't forthright in disclosing that privacy aspect.

BTW, I actually removed the only mechanisms I had that used cookies. Now I only use the notice to declare that cookies are used on my site, but the only thing using cookies now are the Adsense advertisers... and of course my cookie script :)