Welcome to WebmasterWorld Guest from 54.80.198.173

Forum Moderators: incrediBILL & martinibuster

Featured Home Page Discussion

What does EU GDPR means for Adsense?

Question about GDPR and Adsense.

     
5:38 pm on Mar 24, 2018 (gmt 0)

New User

joined:Feb 8, 2018
posts:9
votes: 0


Question: What does EU GDPR means for Adsense?

Most of the Adsense income is from interest based ads. Will this be affected by the EU GDPR?
I'm concerned because today with the latest update for my Android Phone, I got asked for permission related to interest based ads. (Maybe it is because I did disable it before. This is to see the normal ads on my pages with Adsense. But I'm still concerned.)
12:09 am on May 20, 2018 (gmt 0)

New User

joined:May 19, 2018
posts:10
votes: 1


Has anyone updated the Privacy Policy? It shall be great help to community if someone posts content of Privacy Policy that comply Adsense updated policy in respect of GDPR.
7:46 am on May 20, 2018 (gmt 0)

Senior Member from IN 

WebmasterWorld Senior Member Top Contributors Of The Month

joined:Apr 30, 2017
posts:1197
votes: 211


I have summarized the privacy policy page

We have a few fundamental principles that we follow:

- We don’t ask you for personal information unless we truly need it.
- We don’t share your personal information with anyone.
- The only personal information we store is your IP address in order to make the site function.

We use your Personal Information for three primary purposes:

- To help you quickly find services or information on the site.
- To help us create and deliver content most relevant to you.
- To serve advertisement.
- To act in urgent circumstances, protect the personal safety of users of the site, or the public.


Thoughts?
11:59 am on May 20, 2018 (gmt 0)

New User

joined:Apr 20, 2016
posts:14
votes: 0


@MayankParmar+ if you have visitors from the EU then you cannot store IP Address without consent as far as i understand. If you are using Google Analytics, then it should be set to anonymize IPs.

You cannot serve Ads without cookies, and for that you need consent again.
Also, prior to serving content that uses cookies, you need to block cookies and serve only when consent is provided by the user.

Your privacy policy should have the data controller information, unless you are a processor where you need provide the processor information.

The privacy policy should also mention categories of cookies used, and information on how to withdraw.

I may be wrong, but this is what i have understood so far.
12:45 pm on May 20, 2018 (gmt 0)

Senior Member from IN 

WebmasterWorld Senior Member Top Contributors Of The Month

joined:Apr 30, 2017
posts:1197
votes: 211


Everyone's storing IP addresses, isn't it? It is necessary for security reasons. Sucuri stores IP addresses too :/
12:55 pm on May 20, 2018 (gmt 0)

Senior Member from IN 

WebmasterWorld Senior Member Top Contributors Of The Month

joined:Apr 30, 2017
posts:1197
votes: 211


Your privacy policy should have the data controller information

The site uses the following Google services:

- Google AdSense.
- Google AdExchange.
- Google Analytics.
- Google DoubleClick.

The site may send the required data to the following third-party networks:

- Google and their partners –
- Disqus commenting system –
- MailChimp Newsletter –
- Cloudways –
- Amazon AWS –
- Sucuri –

This should be enough?
1:19 pm on May 20, 2018 (gmt 0)

New User

joined:Apr 20, 2016
posts:14
votes: 0


What if the user doesn't consent to you providing there IP address to Sucuri?
The privacy/cookie policy should have information on how the user can withdraw or stop those services storing the cookies?
1:28 pm on May 20, 2018 (gmt 0)

Senior Member from IN 

WebmasterWorld Senior Member Top Contributors Of The Month

joined:Apr 30, 2017
posts:1197
votes: 211


Well the popup and privacy policy page both says the user is agreeing to our privacy policy its browsing the site.

I don't have any opt out settings for users.

Sucuri tracks IP address to block DDOS attack.
2:16 pm on May 20, 2018 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:Jan 16, 2018
posts: 140
votes: 40


What if the user doesn't consent to you providing there IP address to Sucuri?
The privacy/cookie policy should have information on how the user can withdraw or stop those services storing the cookies?


Tough cheddar. You'll still wake up in the morning.

There was the cookie policy - never used it. Never bothered with it. I couldn't give a flying saucer about it. This will be similar. The people who earn a million a week will be targeted.
2:50 pm on May 20, 2018 (gmt 0)

New User

joined:Apr 20, 2016
posts:14
votes: 0


It seems like anyone can file a complaint with the EU GDPR so it would only take one complaint for the EU Guys to get accesses revoked such as with Adsense as far as i understand.
5:22 pm on May 20, 2018 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:Jan 16, 2018
posts: 140
votes: 40


It seems like anyone can file a complaint with the EU GDPR so it would only take one complaint for the EU Guys to get accesses revoked such as with Adsense as far as i understand.


It doesn't work like that. For some 'authority' to take action they need X complaints and even then they'll use common sense (admittedly only 0.01% of the population have that) and than take action.
5:55 pm on May 20, 2018 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:Mar 29, 2018
posts:72
votes: 10


Still not seeing much from the big UK publishers. The Daily Mail have been trying something out but the Sun, Mirror, Guardian, Independent, Telegraph and Reuters don't seem to have made any changes yet.
6:02 pm on May 20, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Apr 26, 2005
posts:2208
votes: 561


I'm expecting one of the big players to flout the GRDP so they can contest it in court.
6:24 pm on May 20, 2018 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:Jan 16, 2018
posts: 140
votes: 40


I'm expecting one of the big players to flout the GRDP so they can contest it in court.


I can go one better than that.

Somebody will say this hasn't been 'done' properly and sue for loss of earnings.
7:58 pm on May 20, 2018 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:11739
votes: 734

9:51 pm on May 20, 2018 (gmt 0)

New User

joined:Apr 20, 2016
posts:14
votes: 0


@engineerqasim, [appuals.com ] this should help you configuring your Privacy Policy - using iubenda, you just need to select a service and embed or link directly to the Privacy Policy.
7:38 am on May 21, 2018 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:Mar 29, 2018
posts:72
votes: 10


It would be useful to start making a list of major European websites that have implemented their advertising related GDPR solution. Should that be a separate thread?
12:53 pm on May 21, 2018 (gmt 0)

Full Member

Top Contributors Of The Month

joined:Aug 14, 2014
posts:219
votes: 60


I'll still wait and see on this whole GDPR thing. The whole cookie banner craze of a few years back taught me just how much fearmongering can go on around here. Had a banner up for about a week and took it down.

To this day the Queen has not contacted me to complain.
3:45 pm on May 21, 2018 (gmt 0)

Junior Member from IL 

joined:May 12, 2015
posts: 60
votes: 10


It means that if you run AdSense on your website you will need to first, request consent from your users to collect and share their PII with Google and perhaps other parties as well. You will need to state for what purpose you are collecting their data and with whom you intend to share it.

Finally, Google has its own ideas on who is the data processor and data collector in their weird relationship with publishers where it basically places all the responsibility on the publishers' shoulders for compliance.

Bottom line, if you run AdSense on your website, you have EU traffic, and an EU "presence" you will need to be compliant.
4:00 pm on May 21, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Apr 26, 2005
posts:2208
votes: 561


You can be compliant by turning off personalized ads for EU people, running an implicit cookie banner for the other cookies that do not collect personal information and updating your privacy policy. BTW, I am not a lawyer. This is just my opinion.
4:29 pm on May 21, 2018 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:May 6, 2018
posts:43
votes: 7


>>>
What if the user doesn't consent to you providing there IP address to Sucuri?
The privacy/cookie policy should have information on how the user can withdraw or stop those services storing the cookies?
<<<

It is even more:

The GDPR states that you need to explicitely inform people that you store their IP in a logfile. This must be accompanied by the paragraph of the GDPR which is used to store this information. In case you claim a rightful interest ( §6(1)f ), you must outline why you have this rightful interest (eg. to ensure operations and possible server attacks, etc.). This all has to be in an "in an easy-to-understand language". Also, you need to inform about how long you will store their information.
In addition, you need to inform peple about their rights from the GDPR, amongst it, that they can complain with the data security office of their country.
You also need to inform people, where the information is stored (eg. with you or a third party company) - if it is a 3rd party company, you need to have a written contract with that party that this party follows the GDPR. If the 3rd party company is not located in the EU, it becomes complicated, because then it depends on where the party is located (needs a public and accepted "safe haven policy" declaration).

This all pertains, of course, only to people who (1) live in the EU, or (2) sell wares or services to people in the EU or have a free offer for wares or services directed at EU people. In case (2), when you have no physical presence in the EU, you also need to denote a person who lives in the EU and who acts as your data security officer.

If (1) and (2) are not true, then you do not need to follow the GDPR, unless a third party requires it, eg. Google Adsense.
4:40 pm on May 21, 2018 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:May 6, 2018
posts:43
votes: 7


For EU publishers, it really depends on where they are located.

Worst case is Germany, where you need to comply at least 110%, some groups of lawyers have already announced that they will start their work ("Abmahnung") on the 25th sharp. It is quite important that the "paperwork" (privacy policy, etc.) follows the GDPR to the letter - or that you have a good legal division in your company...

Best case are the countries that did not manage yet to transfer the GDPR into national law, because there nobody knows what exactly is up and what is not. I think, there are 8 of them that will not manage until the 25th. Good is also Austria which has stated that any breach of the GDPR will result first in a (free) notification, steps are taken from the 2nd breach on.

Final hint: I am not sure if it was reported here yet that EU companies should not transfer pictures/videos by WhatSApp anymore - because these pictures are transferred "TO" WA first - and this may constitute a forbidden data transfer. If you are in the EU, check further and in-depth with your local data security office on that.
4:45 pm on May 21, 2018 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:May 6, 2018
posts:43
votes: 7


Please note also, when you are an EU based publisher, the GDPR needs to apply to ALL customers (website visitors), NOT ONLY to those from the EU. It is therefore not possible to differentiate with personalized ads for EU, non personalized ads for not-EU (while publishers who are not in the EU can do so without problems).
4:58 pm on May 21, 2018 (gmt 0)

Preferred Member

Top Contributors Of The Month

joined:Jan 19, 2017
posts: 478
votes: 148


You can be compliant by turning off personalized ads for EU people, running an implicit cookie banner for the other cookies that do not collect personal information and updating your privacy policy.

Agreed. That's what I'll be doing.
5:39 pm on May 21, 2018 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Apr 29, 2005
posts:2073
votes: 100


And for Analytics (if you use it)? Someone suggested turning on the anonymise feature of Analytics. Seems like a costless precaution.
6:14 pm on May 21, 2018 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:Mar 29, 2018
posts:72
votes: 10


This is all getting very interesting. Is it a case of t-3 and "Houston we have a problem?" or will there be a stampede in the next 48 hours to deploy frameworks or are most of the big players ignoring this? I can't find one major UK publisher which has implemented a solution yet (the Mail appear to have taken their attempt offline?) . I've also had a look at France 24 and Meteo France, and it appears they've also done nothing yet.
6:18 pm on May 21, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Apr 26, 2005
posts:2208
votes: 561


You can't just flip a switch to anonymise Analytics, though, right? You have to code it?
6:23 pm on May 21, 2018 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:Mar 29, 2018
posts:72
votes: 10


@ember if you're using gtag it is:

gtag('config', 'UA-XXXXXXX-X', { 'anonymize_ip': true });
6:35 pm on May 21, 2018 (gmt 0)

Senior Member from IN 

WebmasterWorld Senior Member Top Contributors Of The Month

joined:Apr 30, 2017
posts:1197
votes: 211


Is it okay with GDPR to locally host Analytics?
6:50 pm on May 21, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Apr 26, 2005
posts:2208
votes: 561


Thanks, bgweb.

Maybe the big guys are going to ignore this? Or flip the switch on the 25th?

This is what cookiebot.com has on their site. With just an Okay button, no Decline, and a checkbox with various cookie types. You can still use the site even if you do not accept cookies.

"This website uses cookies
We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services. You consent to our cookies if you continue to use our website."
6:59 pm on May 21, 2018 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member redbar is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month

joined:Oct 14, 2013
posts:2932
votes: 394


I can't find one major UK publisher which has implemented a solution yet


[bbc.co.uk...]
This 1207 message thread spans 41 pages: 1207
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members