But the ePrivacy Regulation is signing the end of cookies

That may be, but it is not here yet, and I would think Google would figure out a way to run ads without cookies. Online advertising is a huge, multi-billion dollar industry. Pulling the plug would have huge economic repercussions.

Cralamarre, what I think will happen is absolutely nothing. I don't think Google or the EU will do anything at all.

Ember, they leave it vague since it's not up to them. Whether it's explicit or implicit is up to what laws apply to each website. They can't possibly account for every law in the world and tailor guidance to each specific case. Also, online adverts aren't done. There's no reason that online adverts can't be done anonymously and with no cookies.

CommandDork, it would be quite easy for Google or any other party to write a bot to check for compliance. At a minimum they can easily check to see if ads and thus cookies are being dropped before consent. Since when a site is visited it shouldn't be dropping cookies or show ads before consent. That's easy to check. That's like 5 minutes of programming.

Yes, but the big players will surely receive warnings.

And let's not forget that when politicians figure out that their laws are preventing them from tracking who visits their own political websites, who interacts with their ads, who gives to their campaigns, etc., they might re-think some of this. They need data to target their constituents and find potential new ones.

Online advertising is the biggest form of advertising there is. Businesses and organizations rely on it just as much as website publishers. I can't imagine any law or regulation being passed that is so severe and restrictive, it brings online advertising to an end. If you try to follow the GDPR to the letter, it may very well lead you to believe that all cookies are evil and must be blocked, and by extension, all online advertising must be blocked. But the regulation hasn't even come into effect yet and we already have people claiming that it's game over. This is all based on fear, a lack of information and an overwhelming amount of personal opinion.

Sit back, take a deep breath, and just let the sun come up tomorrow. The big players will take their time sorting all this out in the next weeks, months and years, and we'll all just go from there.

And let's not forget that when politicians figure out that their laws are preventing them from tracking who visits their own political websites, who interacts with their ads, who gives to their campaigns, etc., they might re-think some of this. They need data to target their constituents and find potential new ones.

This is because you are American. In most of the European countries, politicians do not have the right to have their campaign financed by companies, and donation from individuals are limited to a given amount per year. Also, it's often also forbidden to profile voters.

EU regulations/directives are not elaborated by politicians, they are elaborated by people who are not elected, but are employees of the EU administration.

GDPR is not the same as the ePrivacy Directive. Google even says as much on that exact same page:

Do I need the consent before the tags fire or can the consent come afterwards?

Our understanding of GDPR requirements is that consent for personalized ads should be obtained before Google’s tags are fired on your pages. The ePrivacy Directive requires consent for the placement of, or access to, cookies but the regulatory guidance on ePrivacy laws is not consistent across Europe, which is why our policy calls for consent to cookies or mobile identifiers “where legally required.” Some regulators have issued guidance specifically requiring user action prior to setting of cookies, while others have permitted consent concurrent with the setting of cookies.

Regulatory guidance indicates that the GDPR will affect the consent required for cookies under the ePrivacy Directive, but there isn’t clear guidance on how these laws will interact. We await more guidance from regulators and will update our support materials accordingly. In the meantime, for those customers not seeking consent to personalized ads, we will continue to apply national standards for cookie consent, and we are not requiring changes to current cookie consent implementations.

Look at that. "Our understanding of GDPR requirements is that consent for personalized ads should be obtained before Google’s tags are fired on your pages." Do you see "non-personalized" ads anywhere in that sentence about requiring consent before any ad is requested?

Then, they say "The ePrivacy Directive requires consent," but remember the ePrivacy Directive is not the same as the GDPR. For example, does the ePrivacy Directive require storing records of consent? I don't remember anything about that.

Then, they say, "Regulatory guidance indicates that the GDPR will affect the consent required for cookies under the ePrivacy Directive, but there isn’t clear guidance on how these laws will interact," proving that even they aren't 100% sure, telling me that they're probably not going to be slicing and dicing accounts from day one. It's a wait-and-see.

And what does this mean, if there's truly no difference between personalized and non-personalized ads: "...for those customers not seeking consent to personalized ads, we will continue to apply national standards for cookie consent, and we are not requiring changes to current cookie consent implementations."

Once again, "national standards" is calling back to the ePrivacy Directive, which may be different in different EU member countries (and therefore, according to Google's own language, making it a separate thing from the GDPR).

I mean, if somebody has some kind of special insider knowledge that even Google doesn't mention on any of their pages, and can show me the non-personalized ads cookies that contain personal data, please share. And if the non-personalized ads do contain what Google considers PII, they need to clarify immediately.

So at what time GDPR will be live?

So at what time GDPR will be live?

Midnight UTC I guess.

Tick..... tock....... tick................. tock.......................

I feel like a condemned inmate.

Silktide's consent is quite buggy, it just showed up on my phone and I am not using any VPN. Although It's not showing again in any other device, even after clearing cache.

BoredMeteor, in that quote you posted.

"Some regulators have issued guidance specifically requiring user action prior to setting of cookies, while others have permitted consent concurrent with the setting of cookies"

Like I said, Google cannot give you specific guidance for every possible instance in every possible guidance. So they are taking the vague route and telling you to look at the applicable laws which they point out that some do require you to get consent before dropping any cookies period. Which leads right into your bold quote which you chop off the first part of. They are not requiring you to change your current cookie consent implementation ASSUMING that the current consent implementation is already in compliance. Which as they pointed out earlier, in some jurisdictions, require consent before any cookie is dropped. So no, you don't need to change your current cookie implementation if it's already in compliance. Why would you have to fix something if it isn't broken?

Well, you do you. Kind of getting bored of this, as my name suggests.

I'll be using implicit consent and non-personalized ads.

So I wanted to know how long my hosting company stores data. Two, which are located in the UK do not appear to have a Privacy Policy or a cookie banner.

@MayankParmar I'm in Canada and I haven't seen the Silktide banner pop up. I only see it when I use a proxy.

@denisl

don't have privacy policy == privacy policy can't be non-GDPR compliant

* smart thinking *

It's like election night in the UK. The results are coming in thick and fast. As far as I can see the big players are simply showing a banner which says cookies are used to personalise ads. Would be interesting to know whether the same is happening tonight in the other big European markets such as France, Germany and Italy.

That's out of the box thinking ;)

May be a dedicated topic should be better, to check on what such or such big site is doing.

As for the Sony PlayStation Store, they now have a second banner with "Allow the use of cookies to collect non-service data."

In the UK the Sony Playstation Store haa a banner saying:

"We use cookies to personalise your experience and ads on this site & others. For more info or to change settings, click here. "

Very similar to what has just appeared on the Telegraph site.

As I see it those of us who have implemented solutions (I have) are going to lose out because we'll be showing fewer personalised ads. There won't be a corresponding increasing in CPC because the big players are basically showing personalised ads as before. Therefore the cookie pool in Europe isn't going to decrease in size (at least not significantly) and advertisers will be able to get their ads online just as easily as before GDPR.

But this will be illegal in few months (next year), since the ePrivacy Regulation forbids preventing a user to access your site, if he refuses cookies...

And will that be backed up by a law that prevents me going out of business!

Ok #1 the EU does not display AdSense however they have not changed anything as of midnight:

[europa.eu...]

Any casualties yet now that it's official?

From the BBC...

GDPR: Dont Panic!

[bbc.com...]

So if non compliers come forward and turn themselves in, the EU will take that into consideration when taking regulatory action. Whew. I was worried there for a second.

My hosting provider sent me an email tonight. A little late but better than never. They assert that they are in full compliance with GPDR. Thus I'm set from nuts to bolts. I'm fully compliant.

My host barely knows what GDPR is, so I guess it is time to find a new one.

I find that it all depends on how you customize your cookie banner for success.

Ive seen sites (major ones), call it updated terms, updated privacy policy, updates terms of use, etc.

I have mine geo-targeted for the EU only. And I give a choice of clicking "OK" as the acceptance of the cookie consent language - or, in the alternative, going to our cookie settings page to opt out.

The banner is explicit, you must make a choice - but ive seen major sites that allow you to "x" it out, or if you click on a link or refresh the page it vanishes and never returns.

I've noticed that several major UK outlets have their banners designed with an "ok" or "accept" and the alternative being a link to another page to change settings. If you have a simple yes or no, everyone will of course click no.

But if you have Ok, Yes, etc. - and then the second option heading to another page to change cookie settings/opt out - you will get the majority just clicking OK, as most in EU countries have been doing it every day since 2015.

I visit quite a few UK sites and found myself clicking these damn banners all week just to get rid of them.

People click the OK just out of habit, I dont even think they bother to read the Cookie Consent language (I know I dont).

Told ya, nothing happened.

The people ain't happy either [twitter.com...]

So, just logged into Facebook - no mention of GDPR there...

Told ya, nothing happened.

In all events, nothing would have happened today, or in the upcoming weeks. Even if a massive amount of people started to report a given site at midnight, it would take a while for a regulator to handle the complains, decide to conduct an investigation, run an audit, etc, etc..

This is only in one year from now, that we'll have the first feedback about how the GDPR is respected (or not), and the measures taken by regulator against such or such business. (remember the GDPR is not only about web sites).

So, just logged into Facebook - no mention of GDPR there...

Facebook already updated their privacy policy / practices a while back. And there is no need to mention the GDPR itself. (it can also be refered by its legal name "Regulation (EU) 2016/679")