The cookie notices are not enough. Those scripts were made to address last years EU cookie law which is being overwritten by these new regs.

Just saying "this site uses cookies" is inadequate. What type of cookies, what PII they store and whether they track movement on your site or after the visitor leaves your site all needs to be explicit.

That's why I suggest doing all that in your respective Privacy Policy where you can clearly state these facts.

Then a notice is still needed to give the visitor the option to accept or not:

By using this site you agree to our Privacy Policy. [I Agree] 

Tough. They'll have to be enough.

The cookie notices are not enough. Those scripts were made to address last years EU cookie law which is being overwritten by these new regs.

If no personal information are involved, the GDPR does not overwrite the ePrivacy "Directive" (aka EU Cookie Law), this is the upcoming ePrivacy "Regulation" which will overwrite it.

That's what you explicitly state in the PP. That way you do not need to disable interest ads.

The notice and link to privacy policy page explaining everything and agree button is not enough? I doubt anyone would insert reject option.

Is anyone seeing a drop in AdSense revenue over the past 24 hours or so since Chrome started showing the Privacy Checkup pop-up allowing people, including people in the US, to turn off personalized ads?

[edited by: Cralamarre at 12:57 pm (utc) on May 17, 2018]

"Take your Privacy Checkup to choose settings that are right for you".

I am now seeing this on Chrome for Windows.

And it's not just you seeing it. I'm seeing it in Canada, and others have reported seeing it in the US. So anyone, anywhere, now has the option to turn off personalized ads in Chrome.

Why would Chrome do that to people not in the EU?

Why would Chrome do that to people not in the EU?

It could be as simple as they think everyone should have the right to decide if they want personalized ads or not. Or they could be more worried about GDPR legal troubles than they're letting on, especially with so many AdSense publishers either unaware of the GDPR or unsure of what to do about it (like pretty much all of us here).

So far, my revenue doesn't seem to be affected. Yesterday's earnings were down 2% from the previous week but that's nothing. Today seems to be normal.

[edited by: Cralamarre at 1:29 pm (utc) on May 17, 2018]

Do we need to anonymize IP address as well through Google Analytics?

Thinking longer term about this. Let's say personalised ads didn't exist. Couldn't that be good for the advertiser? It means they'll get their ads only on related websites, and not just because somebody happens to been on Amazon, for example. It would mean Google having to improve recognising what a page is about, but it could make people bid more.

I've always been under the impression that the reason AdSense works so well is because of personalized ads. Why would personalized ads even exist if contextual ads were better? Anyone can stick an ad on a page that's based on the content of the page. But placing an ad based on something you've already shown an interest in? That sounds better to me.

Maybe. Either way, my RPM is actually up a bit over the last 24 hours. And RPM is a decent amount higher with contextual ads, over personalised.

My RPM was up 5% yesterday over the previous week, CPC was up 3% and CTR was also up 3%, so it doesn't seem at the moment that Chrome's new Privacy Checkup is having a negative effect. But we'll see.

The Daily Mail (big UK based publisher) has just put a new solution in place. Well worth taking a look:

[dailymail.co.uk...]

Edit: If that is GDPR compliant (I'm not qualified to make judgement) it seems to me as though personalised ads will not be impacted much at all in the UK / EU.

Open Google on any browser and you can check your privacy settings.

Google is smelling the coffee. The EU is not alone in moving on this. Australia and California are moving in the same direction and apparently Canada is also considering it. Google either embraces it now or gets left behind. They also have the tech/know-how to do something similar to personalised ads without dropping invasive cookies. By next year, I expect "smart personalised ads" to be the norm, it won't be like 2003 relying solely on page content.

Why would Chrome do that to people not in the EU?

Google Chrome, is not Google Search and is not Google Adsense, ... so they have a their own approach of things. Keep in mind that Chrome is being released with a "do not track" by default, ...but Google Adsense is not respecting the DNT header :)

Let's say personalised ads didn't exist. Couldn't that be good for the advertiser?

This can be discussed here : [webmasterworld.com...]

The EU is not alone in moving on this.

California: [webmasterworld.com...]
China: [webmasterworld.com...]
Australia & Canada: [webmasterworld.com...]
India: [webmasterworld.com...]

One UK newspaper seems to have made the jump as far as GDPR is concerned. The Daily Mail.

Their idea is, on the first page you visit there is a very large cookie warning that makes reading that page hard whilst it's there. The cookie banner only has a "got it" button and a "see our privacy settings" link, no negative button.

If you do nothing and go to another page, a message appears indicating you have accepted.

The Daily Mail is the most read newspaper website in the UK.

...also the most hated

they'll be reported to the UK ICO by 5am on the 25th if that's all they do and they continue to run personalised ads. They'll be one of the first test cases, I imagine.

And then we'll get to see how any of this actually plays out. The sooner the better, IMO.

Yes a very interesting approach by the Daily Mail. As I said above if that's sufficient my view is GDPR will have very little impact on personalised ads in the UK / EU.

Well, so far today has not been a disaster with AdSense even with Google's new privacy controls that let people opt out of personalized ads, though I have noticed a drop in the number of personalized ads being displayed on my site. Earnings, however, don't seem to be affected. Page RPM is still high, and contextual ads are paying well. So, maybe there's nothing to worry about.

"the consensus was that because GDPR applies to all EU citizens, it also applies to them if they travel abroad and outside of the EU region, thus the implication is to show the annoying cookie / privacy banner"

But the cookie banner is a pre existing requirement, and not to do with the GDPR.

"how can one reliably know the physical location of a user without tracking their geo-location, but one cannot track geo-location without consent."

I don't see where the GDPR prevents checking location. If I'm wrong, I look forward to my free Hulu access! (You don't have the location at all, or associate it with their other details.)

"What is the point of switching to non-personalized ads if you are still required to get consent?"

Just to add to MayankParmar's reply, turning off non personalised ads is for the new GDPR which requires explicit consent for cookies tracking personal data. For the "consent" required for the pre existing cookie law, for years almost all sites have just shown a popup banner or similar.

"Their idea is, on the first page you visit there is a very large cookie warning that makes reading that page hard whilst it's there. The cookie banner only has a "got it" button and a "see our privacy settings" link, no negative button. "

Which sounds like they're playing catch up to the years old cookie law, rather than what's required for GDPR. (Not that I'd expect the Daily Mail to get anything right about the EU.)

@markwmo tracking location is irrelevant as I understand it. If an EU citizen is on business / holiday / visiting family etc. in the US, China, India or elsewhere he/she is still covered by GDPR. I'm a British citizen hosting a website / apps in the UK so it's not my place to advise webmasters outside of the GDPR area. However my view is that looking to block users based on IP addresses (either via a 3rd party plugin or proprietary code) is the wrong one to go.

, its kinda scary GDPR wonder if that affects USA based websites

its kinda scary GDPR wonder if that affects USA based websites

Not only USA based websites, it concerns all entities, even non online ones. A school, in the USA who has a student who has the EU citizenship, is also concerned...

Now about websites, I think that this is an acceptable idea to say that, if a websites agrees to make money from/thanks EU visitors, this is not asking too much that this site respects the privacy and right of this visitor. t has to respect the right of the visitors. And like keyplyr keeps saying too, all visitors should have the same privacy coverage...

If it applies to EU citizens in the US, Canada and India. Then I believe we should show the cookie popup to everyone, and not just Europe.

A ultra small cookie popup will probably do the job :D

Also, WordPress updated today with Privacy Tools. It can create a privacy policy page for us, but still no option to show popup! :/