I'm just going to stick with what I have for now. If it gets to the point where I need permission to show any type of ads at all, then my site will very quickly transform into a members-only paid site. But for now, its business as usual.

That means blocking a lot of EU visitors ...

And I asked this, but it fell on deaf ears. For those who use Wordpress, apart from the cookiebot, is anybody using a plugin? If so, which one? PM me, if you'd prefer.

@steviec79 I use Wordpress but I'm just using the basic cookie consent banner from Silktide, with the added location tag to make it display only for EU visitors. No complaints so far.

I have to think that the type of site you have has a lot to do with whether anyone is going to complain, or even care, about any of this. If your visitors know your site is respectable and high quality and they see it as a valuable resource, they're much less likely to worry about anything. The sites that get lots of complaints lodged against them are the ones most likely to be targeted by Google.

AdSense earnings are starting to go up now that US traffic is kicking in.

Cralamarre, I think it's more likely going to be a case of more visitors = more chance of complaint.

@steviec79 I use Wordpress but I'm just using the basic cookie consent banner from Silktide, with the added location tag to make it display only for EU visitors. No complaints so far.

Thanks. Which location tag this?

This is the code that MayankParmar posted earlier. It's the same code as what you'll get from Silktide's website, but with the ""location": "true"," part added at the bottom. Just go to Silktide's site, create your banner, and then add the location part:

<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.css" />
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": {
"background": "#000"
},
"button": {
"background": "#f1d600"
}
},
"theme": "edgeless",
"location": "true",
"content": {
"message": "Example use cookies to ensure you get the best experience",
"href": "https://www.example.com/privacy-policy/"
}
})});
</script>

As for "more visitors = more chances of a complaint", I get close to 20k visitors a day and I've never once received a complaint about anything.

I thought the GDPR was much more clear on needing explicit consent - but what people are doing in practice is another matter.

Daily mash: content is blocked with a window telling me ads will be personalised. I can either click to accept, or go to customise cookie preferences - which allows me to disable personalised ads, but they default to on. Similarly Forbes and the Daily Mail. I agree with surfgatinho that these aren't that different to other cookie popups - they're still going with personalised ads being "pre ticked"/default - though they may have the difference that they don't show ads until you click "ok".

Engadget take a similar approach, except let you customise whether to have personalised ads for every one of their ad networks (still default to on).

Guardian: popup window saying ads will be personalised, with link to instructions on how to disable cookies. Similarly the Independent. This is the sort of thing standard for the already existing cookie law. Also note that they show ads even before I dismiss the popup (though I can't tell if they're personalised or not - for all I know, they're doing the same thing as many people here and disabling those, but they obviously risk losing income from that).

I've not yet seen anywhere that offers me a straight yes/no choice to personalised ads, as supposedly was required.

What about Google? If I go to [adssettings.google.co.uk...] incognito, the option for personalised ads when using Google search is already on. But one thing that has changed is the "Ads Personalisation Across the Web" - which is now an explicit yes or no. If that's defaulting to No for EU users, then why are Google asking AdSense publishers to do it? But then if I check my settings logged in, I only see a single setting for all ads personalisation, which is on (and I believe defaulted to on when this was first introduced).

And not ads related, but disqus didn't let me use a comments section until I'd agreed to their terms.

In terms of effect on me after disabling personalised ads for EU: today it seems normal, perhaps below average but within usual variation, though only a minority of my viewers are EU.

More Google Information on the GDPR, this just came through in the email:

[support.google.com...]

For me personally, I am using the usual cookie banner like before, but I have been displaying it to everyone (not just EU), and I have opted to turning on non-personalized ads in both DFP and adsense screens. At the same time implementing CMP.

If I really think about it, EU represents 13% of earning, say it gets hit by 50% of it, at most I will see a 6% drop in revenue, which isn't that bad. My biggest concern is really about the legal requirements and policy satisfaction.

I think now I should be good, and waiting for Google to get their system on board supposedly in August based on their time frame. It's good that Google is finally publicly going to support a centralized system, rather than the bogus, "every publisher should build their own solution".

I got the same email, and to be honest, when I saw it in my inbox and it said it was from Google about the GDPR, my heart rate jumped. But, false alarm.

>>>
I guess that @EUMember will announce plenty of lawsuits in Germany.
<<<

Hehe, not yet.

The issue with filing a complaint about Facebook:

The NGO, in which Austrian national and data privacy activist Schrems is the frontrunner, filed compaints in 4 countries, being Germany, Belgium, France and Austria.

The companies affected are Google (for Android), Facebook, WhatSApp and Instagram.
The compaints were filed on grounds of unlawful offers-bonding, because the users of these companies had to generally accept the data collecting/etc. procedures to be able to continue to use the services.
They argue that this is forbidden by the GDPR, services must be accessible without a mandatory bonding of private data transfer/collection/processing/storage and service use.

Quite a few websites, mainly blogs and forums have closed, some for the time being, some for good.

Phishers popped up who send out mass emails, pretending to be banks and companies and asking people to give them personal info on grounds that the GDPR requires them to check on their customers personal data.

Some people pointed out that even the storage of telephone numbers in telephones go against the GDPR if one does not intend to call that number within a few days - they must therefore, after a call or this time span be deleted - or a consent of the number owner must be achieved.

In other news, it came to light that a company tried to renew their newsletter subscribers (they must do so from today on even for old custmers) - and someones anti virus software pre-loaded the subscription link (probably to inspect it), which in turn caused the person being subscribed "automatically" before he even could read this email. It seems that some software publishers will have to take some closer look into their products when it comes to data security...

On my websites that have an high traffic from Europe (see a former post), I noticed today between 50% and 90% less earnings (much less CTR, probably because of the switch to non-personalized) - seems that my prediction of 50-60% was not too far from the reality.

I noticed, as well that many sites continue to offer personalized ads, quite a few even by using the "old style" cookie consent. One has to watch and see what will happen...

Man, if experienced publishers have little clue about what to do with all this garbage coming out of the EU then my heart goes out to those poor mom-and-pop sites/businesses that have to figure things out themselves - or pay someone (and get gouged) to do it for them.

If they hit the "Got It!" button, then they have given explicit consent, haven't they? Their other option is to leave the site if they're not happy. No one's holding them hostage there.

[edited by: azlinda at 3:06 pm (utc) on May 25, 2018]

Some people pointed out that even the storage of telephone numbers in telephones go against the GDPR if one does not intend to call that number within a few days - they must therefore, after a call or this time span be deleted - or a consent of the number owner must be achieved.

LMFAO....

Well if this is the case then as well as every other possible permutation and combination of ridiculousness, I think the backlogs of complaints will be so long that I can be pretty confident that it will be decades before anyone gets to me.

If they hit the "Got It!" button, then they have given explicit consent, haven't they?

No.. (I assume you are talking about the old style cookie consent) they have given implicit consent. Explicit consent, means that the users has given consent to a specific use of their data and that you the webmaster has recorded that consent, can show proof at a later date that you have received the consent, have provided simple means to allow the user to revoke that consent, and then requested consent again at least once within the next 13 month.

I'm in the UK and have just checked my Adsense - my RPM is actually a bit HIGHER than it's been for most parts of this month. And about 40% of my traffic is from the EU.

I have the option set to not show interest-based ads to people in the EU.

Go figure!

I have the option set to not show interest-based ads to people in the EU.

Because advertisers are paying more for interest-based ads, publishers believe that it means they'll earn more. This is not necessarily the case. Interest-based ad doesn't mean interesting ads.

I don't know how the GDPR will ever be able to prove that someone did or did not provide explicit consent. Unless I'm wrong, the explicit consent is tied to an IP address, is it not? And any number of people can use a computer associated with an IP address. Same with the age consent. How can they prove the age of anyone using a computer?

Explicit consent, means that the users has given consent to a specific use of their data and that you the webmaster has recorded that consent, can show proof at a later date that you have received the consent...

Good grief. My guess is that there are many webmasters who do not have the sophisticated knowledge to deal with that type of thing, me included.

Yep, AdSense as gone from being the absolute easiest way for anyone to monetize a website to being an IQ test.

I don't know how the GDPR will ever be able to prove that someone did or did not provide explicit consent. Unless I'm wrong, the explicit consent is tied to an IP address, is it not? And any number of people can use a computer associated with an IP address. Same with the age consent. How can they prove the age of anyone using a computer?

Many devices can show the same IP address. For example a home wi-fi could have 20 or more devices connected to the Internet and they will all show the same external IP address.

The issue probably also applies to public wifi hotspots in pubs / cafes / restaurants etc. which in a lot of cases are likely to expose one IP to the website.

To answer your question, I think the best we can do is encrypt and log the (external) IP address that is exposed to a database table along with a datetime stamp. You can only do what you can do.

Because advertisers are paying more for interest-based ads, publishers believe that it means they'll earn more. This is not necessarily the case. Interest-based ad doesn't mean interesting ads.

Quite possibly.

I'm not seeing much difference so far in earnings - I set that preference to non-personalised ads a few days ago, so I wonder if Google were testing things out with that rather than going with a cliff-edge scenario.

Dear fellow members,

I have turned off personalized ads in Adsense. Now I am showing this message to users on my blog. Is it okay?

Screenshot: [jmp.sh...]

The plugin I am using is Cookie Notice by dfactory. It is the best available plugin (with most downloads i think) and offers great options. Very easy to use.

I don't know how the GDPR will ever be able to prove that someone did or did not provide explicit consent.

It is really quite simple conceptually. You user will need to create an account and have a login. Then with the user logged in they can consent, or revoke consent at any time, and you will be able to send them a future consent requests. If required, you can then show the users account and account history as proof. This works great for Facebook or Google, but for a simple information site you'll now need to build a complete db infrastructure just to show personalized ads. Oh, and that DB will need to be built to conform to related GDPR requirements.

It is really quite simple conceptually....

So the average user goes from having a few irritating/relevant ads following around the net to having to have their details stored on a database anywhere in the world. Sounds like an own goal to me...

The biggest danger I see from GDPR is not that the EU will fine me millions if I don't comply exactly. They won't, they will go after bigger fish first, if ever.

No, the danger is that one of the bigger fish, Google and Adsense for me, will simply withdraw from the market. They may decide it's all just not worth the effort.

If they don't and decide to fight, well that will take years to work its way through the courts and the result, at this stage is very unclear.

Until the EU sort out the really big players, they simply won't go after the smaller fish. After all, it may well turn out that it is Google's responsibility to get consent for their Adsense ads which appear on my pages. Who knows.

But I've done the basics and I'm not going to include GDPR any more in my plans. I'll be long gone before they come after me, and I doubt they ever would.

[edited by: nomis5 at 4:17 pm (utc) on May 25, 2018]

Dear nomis5, Can you please list out the actions you have taken so far?

I wake up every day wondering if I'll still have my Adsense account. Did Adsense close shop overnight? Or was there a cyber attack and the internet died? Or was I banned for violating some unknown rule? This GDPR is just one more thing. All I can do be as compliant as I can and hope for the best.

And here is a thought. If people do not want to give up data in return for free access to websites, then maybe they should stop using the internet.