I also read this from Google:

What choices do I need to present to my users?

Google’s policy does not dictate the choices that should be offered to users. Some publishers may want to present a choice between personalized and non-personalized ads; others may wish to present different choices to their users.

Note "does not dictate" - so they're not telling what must be included and how we go about getting consent. Therefore, if you, the website owner, thinks that a cookie message + "I accept" will suffice, they're not going to tell you it's wrong.

@steviec79 if the user does not agree and do not click the I ACCEPT button, this means that you cannot use non-personalized ads because it puts a cookie, so no ads should be displayed.

Read here:
[ctrl.blog...]

You need to ask for two separate consents, one fir displaying personalized ads, a second if you want to display non-personalized ads. Only if you get consent for non-personalized ads, you can show them the ads.

It also says:

to implement as you have to inform visitors in great detail about which of Google’s many ad partners you may or may not share data with.

Another thins is handling consent withdrawals. using an opt-out actionable button or link. Furthermore you need to keep logs of this and:

Quoted from the same article.

However, you also need to inform people about how they can remove the data that Google has already collected about them. I’m frankly not sure how to go about that and I’ve not found any information from Google regarding this either.

[edited by: SpookyFairy at 2:39 pm (utc) on May 9, 2018]

@spookyfairy, you can show non-tracking ads on first view from everything that I've seen. If you use the right technology, when the person clicks "no" or changes a setting it would erase the cookie or cookies that were dropped, similar to the opt out button. Dropping a cookie on a non-personalized ad for "fraud" purposes is 100% a legitimate interest. If you were unable to show non-personalized ads to EU visitors on first view, then what would be the point in Google wasting money, time and resources to create that option.

First party cookies for forums or other website functions, do not need consent. I've had multiple conversations with lawyers located in the EU and lawyers within the United States.

@spookyfairy, you can show non-tracking ads on first view from everything that I've seen. If you use the right technology, when the person clicks "no" or changes a setting it would erase the cookie or cookies that were dropped, similar to the opt out button.

And what is this technology?

You cannot temper with adsense code and just delete that cookie. You have to use the API. IF you use the API, you need to pause ads before you make changes to the consent.

@steviec79, there are tons of services out there. Unfortunately some of them take advantage of publishers as they charge crazy rates based on the level of EU traffic.

Others would need a good developer to integrate with an ad server on the backend.

I've even spoken to one, where if the user rejects cookies, your ads are replaced with their in-house non-personalized ads - but the company warned that their CPMs are low .20 (better than nothing I guess). This company charges 30% of the take I believe for the .20 ads and a monthly rate based on the level of EU traffic - which could be in the hundreds per month depending on how much you have.

@SpookyFairy you can do a server side check before the page is rendered to see whether a personalisation cookie has been set. If it has you can then include the targeted ad code, if it hasn't use the non personalised code. IMO if you can build user trust and get their buy in to targeted ads it will be be very lucrative indeed. One option could be to ask them to consent if they click more than x pages on your website. I think creativity is the key here. Just putting a splash screen on on first view may not be the way to go.

steviec79 GDPR requires explicit consent, you can't just use a banner and if the user doesn't do anything you rely on his implicit consent.

steviec79 GDPR requires explicit consent, you can't just use a banner and if the user doesn't do anything you rely on his implicit consent.

If that's the case, then websites for people visiting from the EU will be a very painful experience. You enter a site and get at least 2 annoying popup messages asking for consent. You then go to another website and the same thing happens.

It'll make browsing the Internet a complete pain in the backside.

@spookyfairy the author the article you link write at the beginning:

I’m not a lawyer and this isn’t legal advice. This article is intended for entertainment purposes. Code samples are not approved by Google and are for illustrative purposes only. Everything in this article is based on my interpretation of the relevant European Union directives and regulations, and Google policies. Everything in this article may be partially or completely wrong.

So that is another interpretation.

By the way, the EU consent tab is already showing app in Adx and in Adsense.

You are required to get consent to the cookies for non-personalized ads:

Although these ads don’t use cookies for ad personalization, they do use cookies to allow for frequency capping, aggregated ad reporting, and to combat fraud and abuse. Consent is therefore required to use cookies for those purposes from users in countries to which the ePrivacy Directive’s cookie provisions apply. Learn more about non-personalized ads.

Google will show only non-personalized ads to users in the EEA. You are required to obtain your users' consent to the use of cookies for this purpose, where applicable.

The only thing that I need to know now is where is "Where applicable".

There is no consent tool. So the other option is to display non-personalized ads for EU users by default (I guess it's the best option, because very few are going to opt in anyways) and make sure to get explicit consent "where needed". The problem is that we don't get to choose to which domains this settings apply, it's global to all adsense ads across all your websites.

I wonder how non-developers are going to implement it, even the other tools require some sort of code modification. I am a developer so I can implement it, but if I wasn't I have no idea what I would have done, maybe only hire a developer to do the job.

[edited by: SpookyFairy at 4:17 pm (utc) on May 9, 2018]

By the way, the EU consent tab is already showing app in Adx and in Adsense.

Can anybody do a print screen, as I can't get access to my Adsense until later.

I didn't see it yesterday, so guessing it's only been added in the last few hours?

[prnt.sc...]

Spooky, you are consistently confusing two different directives. You're quoting the Eprivacy Directive, which has been in place since 2015 - which barely any non-EU publishers complied with. And the Eprivacy Directive is soon coming to an end, because the revised directive will force browsers to have their users choose privacy settings upon install - which in turn will eliminate cookie consent banners even for EU based sites.

Could you do a print screen of what's shown when you actually click that tab.

Thanks.

steviec79 GDPR requires explicit consent, you can't just use a banner and if the user doesn't do anything you rely on his implicit consent.

Yes but the GDPR doesn't apply to non personalised ads.

I wonder how non-developers are going to implement it, even the other tools require some sort of code modification. 

Well there's the simple fix to disable personalised ads for EU which can be done in the AdSense settings. But yes, it's a good point for the more complex options. Google AdSense has traditionally been very much "here's the code to copy and paste" - even more so with their recent "AI" auto ads.

What consent data should I save to my database when the user consent for displaying non-personalized ads?

So I plan on displaying non-personalized ads for my site for EU visitors. The google adsense docs say:

==
If you've met the requirements of our Consent Policy and you want to serve non-personalized ads to all users located in the European Economic Area who visit your site, no changes to your ad tagging are needed. You can enable non-personalized ad serving in the AdSense or DoubleClick for Publishers UIs.
==

Do I have to have a cookie popup to display even non-personalized ads in my site? I wonder what EU users will do while visiting multiple sites then... just answering popups .. this law is cumbersome indeed for all.

Well here's the answer to my question if I display non-personalized ads for my EU visitors:

==
Non-personalized ads are targeted using contextual information rather than the past behavior of a user. Although these ads don’t use cookies for ads personalization, they do use cookies to allow for frequency capping, aggregated ad reporting, and to combat fraud and abuse. Consent is therefore required to use cookies for those purposes from users in countries to which the EU ePrivacy Directive’s cookie provisions apply.
==

this is a horrid mess!

Anybody know of a service for JavaScript or c# to check if the user is from EU, something that doesn't cost a fortune?

@spooky, outside of hiring a developer to code your own, the cheapest option is cookiebot, which is geo targeted.

I think my plan is this:

1: Use the Adsense option of not displaying interest-based ads to people in the EU

+

2: Display the cookie banner, "We use cookies to ensure that we give you the best experience on our website" - or words to that effect.

That's it.

@vegasrick cookiebot doesn't automatically block cookies, you need to make modifications to the code.

@steviec79 I tell you what I think. You have to get consent for displaying non-personalized ads so you can put that cookie. You can put a banner in the middle of the screen with an AGREE button. If the user click that button you save the consent and run the code to display non-personalized ads. You can put an X at the top-right corner, but I think that some people will click that agree button, especially just to keep it away from interfering with the experience instead of dismissing it. Some people have suggested this option.

I don't have any other 3rd party cookies, just adsense, so I might use that option.

@SpookyFairy if you're so concerned I would suggest running without ads completely for a few days. That will then allow you to see what others are doing and act accordingly. You'd almost certainly be better off losing a few days revenue than compromising user experience (possibly) unnecessarily. No idea what your business is but I expect your competitors will be delighted to see you put a modal in the middle of the screen.

I am agree with steviec79 approach ( or it's the other way around :) ).

Personally, I bothered myself going a step forward by allowing EU visitors to disable third parts cookies on my site. If they do, then I stop displaying Adsense ads (I do not use social medias buttons) and display my own ads or self promotional content instead.

Just to remind everybody that the EU GDPR is about "personal information".

When you disable interest based ads for EU visitors, Google mentions that it still write a cookie, but which is "non-tracking". So we can reasonably consider that this cookie is not processing "personal information". ( a personal information, being an information that you can link to a particular individual). So this cookie falls into the "non personal information" category, and sine the usage is for fraud protection it also falls in the "legitimate interest" one.

Also, if you try to be picky about the terms of the "old" cookie law, it's the one setting the cookie who has to collect the content from the user and to me, it's not clear if this is really changing. It's not really the publisher which is passing "personal information" to Adsense by adding the code on his page...

The GDPR talks about a publisher (I am talking about "us", because the GDPR is not only about web sites of course) collecting personal information, and then transmitting it to third parts. In the case of adsense do "we" collect personal information, and do we forward this information to Adsense? See? By adding the adsense code, eventually we can consider that we are allowing Adsense to get "an information" (the IP xxx visited the page yyy), but is that really collecting personal information and transmitting it to Adsense? It's adsense itself collecting this information, and it's the browser which is transmitting it.

As said several times, in a near future, things will continue to evolve and this should be handled at the browser level, which, if I don't make mistake, will have to be installed with privacy mode by default. Now, I don't know what it will look like exactly, but this should sort all the worries about cookies, and things like that, and Adsense will have a work around to continue to serve ads even with privacy mode active.

[edited by: Travis at 5:35 pm (utc) on May 9, 2018]

@SpookyFairy, it seems the least annoying as hell method for my visitors. I'm sick to death of seeing cookie messages when I visit sites. To have that, on top of yet another one for displaying interest-based ads is just way over the top.

And if I don't think Google will be that bothered, I might not even display the cookie message.

I'm sure Google are aware that this will result in fewer clicks and less money, so I imagine their way of actually doing something about it, other than the vague messages, is them adding the EU consent option.

Steviec79 your plan is my plan too.. I plan on serving non-personalized ads to EU visitors, and place the cookie banner message.

The google site [cookiechoices.org...] recs this cookie controlling company:

[civicuk.com...]

Anyone taken a look at their product?