Nothing, absolutely NOTHING, has changed

Not true.

While some websites are waiting to see how this affects them before they make any changes, those with significant assets at stake have got out front of all this and have done most of the compliance ahead of time.

I've seen several of my IP & domain look-up tools change what information they deliver: [webmasterworld.com...]

My banks & payroll services have all made changes. PayPal has changed the way they handle PII data: [paypal.com...]

Most all Social Media have made significant changes to their Privacy Policies and other affected services: [webmasterworld.com...]

In regard to GDPR compliance consent script, I've found a free client-side JS which works fine for our high-traffic mainstream website: [inforepublic.org...]

it is free and easy to edit and maintain, and compatible with major browsers, so I can recommend it.

Again, whatever cookie banner you end up using, be sure to copy the script and any CSS over to your own server.

Never give a 3rd party control of what displays on your pages.

If we choose to not show personalized ads to EU visitors from the Adsense admin panel, do we still need to serve a cookie consent notice? If so, how? There is a Wordpress plugin, will this work? I am worried it might be bad for Google rankings if we choose to ignore it. And if we do serve the notice, how long must it stay up and how would Google be aware that we have served appropriate notice?

I am worried it might be bad for Google rankings if we choose to ignore it.

It will be bad for your Adsense account first.

And if we do serve the notice, how long must it stay up

What do you mean?

and how would Google be aware that we have served appropriate notice?

The same way Google can analyse a page and "understand" it.

If we choose to not show personalized ads to EU visitors from the Adsense admin panel, do we still need to serve a cookie consent notice?

Yes, if you collect even a single cookie (for example because you are using Analytics) you must always show the cookie consent notice as per UE regulations.

If so, how? There is a Wordpress plugin, will this work?

There is plenty of free plugins for Wordpress that do that. I personally use a customized version of Italy Cookie Choices. If your traffic comes mostly from a specific country of if you are based in an EU country, better you choose one which fits that country's specific regulations about cookies and privacy.

I am worried it might be bad for Google rankings if we choose to ignore it.

I don't think it is impacting ranking right now. Nevertheless, if you ignore all the matter you could be possibly banned from using Adsense.

And if we do serve the notice, how long must it stay up and how would Google be aware that we have served appropriate notice?

If with "how long must it stay up" you mean for how long you need to have a cookie notice on your website, forever (or, at least until the next EU regulation change). If you mean for how long it should be visible the first time an user access your site instead; well, it it depends on what national version of the EU regulations applies to you (or, more correctly, on what type of action they require your users to do after reading the notice and how much visible it should be). Anyway, automatically closing the notice after a fixed amount of time is not allowed whatsoever. It is the user who closes it by some kind of action (clicking an accept / deny button for example, some national regulations also seem to accept page scrolling).

PS, if you are perplexed about the concept of "national versions" of an European Union law, you are right. That every EU country can "customize" a produce its own version of an EU regulation seems quite ridiculous to me as well, but this how it currently works.

[edited by: riccarbi at 8:47 am (utc) on Jun 5, 2018]

if you collect even a single cookie you must always show the cookie consent notice as per UE regulations.

No. Only if this cookie carries personal information, or is linked to personal information.

at least until the next EU regulation change

In fact, the cookies (for non personalized ads) is governed by the ePrivacy "directive" , which will be replaced later this year, or next year by the ePrivacy "regulation". IF non personalized ads' cookie is really carrying or linked to personal information , which Google refuse to say.

well, it it depends on what national version of the EU regulations applies to you

Your are mixing directive and regulation. A regulation applies the same way in all EU countries at the difference of a directive which is subject to national interpretation and laws.

Your are mixing directive and regulation. A regulation applies the same way in all EU countries at the difference of a directive which is subject to national interpretation and laws.

I am not sure it's that simple. From what I understand the EU regulations (GDPR) will be enforced by individual countries. And if that is the case we can be sure that individual countries will enforce those regulations in different ways. Each country will interpret the regulations in different ways.

Some countries will have better things to do with their money and just pay lip service. The UK situation is particularly complicated because we may well be out of the EU in a year or so. Although the UK government will incorporate EU law into UK law initially, the EU will certainly not be able to tell us how to implement that law when we leave the EU.

I'm seeing quite a few websites simply not allowing me to view their website because I'm in the UK. They're displaying splash screens which says because I'm in the EU... bugger off.

A regulation applies the same way in all EU countries at the difference of a directive which is subject to national interpretation and laws.

This is how it should work - in theory - reality is different. Each country has its own governmental body or organization in charge of verifying it the businesses in that specific country are applying a EU directive correctly or not. Each of them is currently interpreting the GDPR regulation in a different way, thus leading to diffrent nationall regulations "de facto" though not "de jure".

Anyway, that doesn't make any difference for what I was meaning and for what it matters in relation to the question i was trying to give an answer to. Therefore, semantics aside, the point is that you have to apply the GDPR if you are interested in getting money from Adsense in the EU. But how strictly you have to do it, well, it depends on many factors you have to evaluate by yourself depending on your specific situation and objectives. That's the real problem, IMHO.

From Skype Web:

"By using this site you agree to the use of cookies for analytics, personalised content and ads. Read more about cookies."

No reject button.

MayankParmar, seen that on loads of websites, and only around 1% give a reject option.

I would agree, a cookie prompt for EU is a good solution to keep that EU traffic, even if it is small there is no reason to just give it up.

Past history (raw logs) tells me (USA) EU is pretty small potatoes. I don't worry about it, and have seen no problems, then again... I'm not reliant on adsense as so many others are.

Still, that threat of PII and storage and reporting and all that other stuff does merit a thought.

All this is bureaucratic overreach and that generally results in messy this and that before debunked. Meanwhile, the restofusverse continues.

We will have to see how this plays out. And that will be when EU sues somebody for 20m or 4%. When that happens there might be a few believers over night.

Meanwhile, business as usual.

So, I tried non-personalized ads for a few days - pretty shocked how much they underperformed personalized. Although it isn't a 100% like-for-like comparison I'd say earnings were down 30-40% I was expecting a fraction of this...

Absolutely no way I am signing up for that. Will wait for Google, the EU, or the upcoming browser-based enforcement to change back.

If NPA becomes unavoidable I can't see how many of the (already struggling) big media websites are going to survive. Pay walls won't work. People are so conditioned to getting their news for free and it will be too late when they realise the only free news they are getting is the sort that is paid for by vested interests...

I've carefully read the GDPR (about 100 pages) and I can't find a single word that says that you can't serve personalised ads as long as the user has given his/her explicit consent to it.
The only controversial point is that that states that the user can, at any time, remove such consent.

Therefore, I could modify my old cookie consent banner including all GDPR specific requirements (pausing all ads until the user has given his consent), at the same time providing the user a way to cancel his consent at any time (with a link to youronlinechoices, etc, for example). If the user doesn't give his consent he is simply not allowed to access my site (as per the "old" cookie directive)
Why not?

I can't find a single word that says that you can't serve personalised ads as long as the user has given his/her explicit consent to it.

Of-course. The GDRP doesn't forbid anything, as long as you obtain the explicit consent from the user.

@surfgatinho are you giving users a chance to opt out of personalised ads before showing any?

PS: The difference in revenue between contextuals and personalised you cite is probably in large part because budgets are still going to the latter. If that changes the gap should close.

One thing is for sure... I've heard enough of the word 'explicit' to last me an entire lifetime.

One thing that's amazed me is the payload on some websites. Astonishing. Using retargetting products, sharing and analytics I've never even heard of. I'd say I'm running far fewer products on my website than most comparable ones.

Of-course. The GDRP doesn't forbid anything, as long as you obtain the explicit consent from the user.

Right. So, why Google has taken a so strict and tough approach to the matter (something sounding like: "make him an offer he can't refuse. Betta you disable personalised ads, if you don't want any trouble..."

P.S: Here in Europe, I am seeing all major newspapers keeping on serving personalised ads, without any special notice or privacy policy change. Their cookie banner just says "if you scroll this page, you'll automatically accept everything, including personalised advertising, bla bla bla.....". Period.

Is all this GDPR stuff just a joke invented by EU lawyers and legal consultants in order to make some more money to spend during their Summer vacations in the French Riviera?

Is it Alphabet actually happy with that situation, since it will be a PITA. for all those small publishers that keep on molesting their advertising department for peanuts?

Otherwise, is it Alphabet trying to avoid, or reduce, some kind of fine from the EU for dominant position in the online advertising market by making small publishers pay for it?

are you giving users a chance to opt out of personalised ads before showing any?

@bgweb Yes & No. I actually have a different setup depending on where in the EU they are. Some I am giving them the opportunity to opt in first, whilst others I'm giving the opportunity to opt out... Might as well comply in the regions where it won't cost me anything :)

Of-course. The GDRP doesn't forbid anything, as long as you obtain the explicit consent from the user.

Which equates to a 70%+ opt out if presented as envisaged.

I think the EU owe it to us to make a good case to and educate users why they shouldn't necessarily opt out, as in the current climate public feeling is pretty much (rightly and wrongly) stacked against it.

I'm about 10% down all in all after first two weeks of GDPR. Adsense anyway is only about 15/20% of my overall earnings so 10% of that is no biggie. I'll keep personalised ads off (even though basically every large site here in the UK is continuing as before, just with slightly sexier cookie banners and privacy policy wording)

one way or the other, the summer will see Google either clamp down or, more likely IMHO, do the grand total of zip divided by nada and then us little people can decide what we'll do.

Something to take in consideration with the GDPR, is that, lot of site anonymized Analytic data, other removed tracking cookies, and other gain disabled personalized ads . So from all of this, Google, in this case, is now collecting a lot less data from users. So it's certainly impacting their AI and the way it select ads. So for example, even for publishers you continue to server personalized ads, it's possible that Google no longer has enough data about users, to target them accurately.

Anybody use cookiebot? Ive been using it since GDPR started. Everything was going fine, but now all of a sudden our user consents logs have gone bonkers.

I'm having my best earnings yet, and have disabled personalised ads for EU - though only a minority of earnings ever came from there.

"Nothing, absolutely NOTHING, has changed"

As keyplyr says - there's a lot more to the GDPR than the issue of personalised ads (and it also seems much of the confusion and popups are due to the cookie law).

"Let's hope that Adsense can come up with a few lines of code that takes care of this"

They already have a simple switch to disable personalised ads for EU. (There's not a simple solution to presenting a popup to let people control whether they want personalised ads, but turning off personalised is much better than turning off all ads.)

Anybody use cookiebot?

I'm using it. The logs are fine, but the Change User Consent option is not showing up in the declaration.

Turned off personalised ads yesterday and Adsense earnings dropped by about 45%.

Turned them on again a few minutes ago. Hey ho, Adsense or the UK authorities won't come after me first, I am a very, very, small fish in a huge pond. If either of them ever do I will react at that point.

Anybody use cookiebot?

I'm using it. The logs are fine, but the Change User Consent option is not showing up in the declaration.

If you move the script and the CSS files to your own server, you can easily go into the script and turn on the Change User Consent option so it displays on your page notice.

You can find these remote locations in the code you copied to your page HEAD section. Just follow those links and grab each file, put them somewhere on your server, then change the URLs in the HEAD code to point to those new locations.

I recommend hosting your own scripts & CSS anyway. It's a bad idea to give any 3rd party control of what displays on your pages.

Turned off personalised ads yesterday and Adsense earnings dropped by about 45%.

I haven't let it run long enough to see if it improves, but I was quite shocked how much RPM dropped. The bad news is in a few months time we are going to have this forced on us via default browser settings.
Not sure if there is any logic to this, but I hope / feel that returns might improve if all publishers are showing non-personalised - or not...

Then it's Plan C. The EU actually screwed up my Plan B a few years back by objecting to the 3 yr accelerated graduate program I was applying for...