Welcome to WebmasterWorld Guest from 54.92.153.90

Forum Moderators: incrediBILL & martinibuster

GDPR: Cookie Banner for non personalized ads enough?

Is a passive cookie banner really enough to be compliant with the GDPR?

     
7:34 am on May 15, 2018 (gmt 0)

New User

joined:May 15, 2018
posts: 1
votes: 0


The GDPR comes closer and I have to make a decision what to implement. Maybe as a preamble, I am not really scared by the possibility to get a fine or a cease and desist letter. My biggest fear is to not be in compliance with Googles Adsense policy and loose my account or being in compliance but loosing all my Adsense income.

I already changed my websites to not use any cookie or external resource. And I opted in for showing non personalized ads, but as this option will still need a cookie I started to look around how others do implement this. There are quiet a few pages which do show now a new cookie banner, but none of those really asks for consent, there is just an OK button. I still have to find a website which gives a user the option to disable ads.

Maybe they will start to show this after the 25., but what I can read on forums so far makes me believe this passive banner thing seems to be the solution most Adsense users will opt for.
However, the famous "You still will have to ask for consent if showing non personalized" sentence from Google doesn't fill me with too much hope that this will actually be ok.
What kind of implementation do you plan?
8:04 am on May 15, 2018 (gmt 0)

Preferred Member

Top Contributors Of The Month

joined:Mar 25, 2018
posts:500
votes: 100


However

That's the keyword. So no one can have a definitive answer to this question. And no one is taking risks.

All this will remain blur until the publication of the ePrivacy Regulation [webmasterworld.com...] (the evolution of the EU cookie law), which "should" (hmm) discharge web publisher for cookie consent, and make web browsers in charge of handling this.
(Also, in the upcoming ePrivacy regulation, they say "The proposal also clarifies that no consent is needed for non-privacy-intrusive cookies improving internet experience", which sounds like what the cookie for non-personalized ads is doing).

Now, to "try" to answer your question, and as I said several time in the dedicated topic [webmasterworld.com...] . I "understand", that non-personalized ads produce a non-tracking cookie, with no personal information attached. "If" this is right, then it's no longer related to the GDPR, but still addressed by the EU Cookie Law.

The EU Cookie Law requires to obtain the consent of a user BEFORE dropping a cookie (it's unclear which kind of cookie really requires this or not!) . But 99.9% of sites are not obtaining the consent before a cookie is written. Web publishers adopted "themselves" an approach where displaying a banner, to inform the user about cookie, with links to information, would be enough. Legally it's not, but since everybody is doing this... (also, legally, it's the one dropping the cookie which has to obtain the consent, so in the case of Adsense, this is supposedly Adsense which has to obtain this consent, and not the web site publisher).

That being said, what I am doing is :
- non-personalized ads for EU visitors
- sticky cookie banner, information that third parts are using cookies, with link to my privacy policy page, where where I explain who does what, and how to control cookies
- on this banner, I have two choices, accept or refuse. If a user click refuse, I disable ads , and replace them with self promotional content. (this is not a modal banner, so most of people ignore it and do not make choice).

I think this "should" be fine, until the moment all this will be handled by web browsers themselves.
11:07 am on May 15, 2018 (gmt 0)

Junior Member

5+ Year Member

joined:Dec 5, 2011
posts:157
votes: 7


Im drowning completely in this matter. Google mailed us that we would get ATP controls so that we can serve non-personalized ads to EEA visitors. But I can't find these controls. Can someone tell me where to find them in my Adsense account? Or, how do I only serve non-personalized ads to EEA visitors?

Im just a content writer and not a tech wizzard.
11:10 am on May 15, 2018 (gmt 0)

Preferred Member

Top Contributors Of The Month

joined:Mar 25, 2018
posts:500
votes: 100


On the Adsense Dashboard you have the option... I need to find the exact path ...

[edited by: Travis at 11:12 am (utc) on May 15, 2018]

11:11 am on May 15, 2018 (gmt 0)

Preferred Member

Top Contributors Of The Month

joined:Mar 25, 2018
posts:500
votes: 100


Allow & block ads > Content > All my sites > EU User consent
11:57 am on May 15, 2018 (gmt 0)

Junior Member

5+ Year Member

joined:Dec 5, 2011
posts:157
votes: 7


Thanks a 1,000,000
12:04 pm on May 15, 2018 (gmt 0)

Senior Member

WebmasterWorld Senior Member Top Contributors Of The Month

joined:Apr 1, 2016
posts:1926
votes: 498


@Travis thank you for the breadcrumbs.

I think that the page makes it pretty clear:
Google will show only non-personalized ads to users in the EEA. You are required to obtain your users' consent to the use of cookies for this purpose, where applicable.


The more troubling statement included in the more info link provided by Google is:
When seeking consent you must:
retain records of consent given by end users; and
provide end users with clear instructions for revocation of consent.

This would suggest that I would need to setup a database to track user information for the purpose of getting and revoking consent. This is pure lunacy... Who's going to pay for this?
1:08 pm on May 15, 2018 (gmt 0)

Preferred Member

Top Contributors Of The Month

joined:Mar 25, 2018
posts:500
votes: 100


This would suggest that I would need to setup a database to track user information for the purpose of getting and revoking consent. This is pure lunacy... Who's going to pay for this?

You can simply set a cookie, which records the choice of the user.
1:14 pm on May 15, 2018 (gmt 0)

Senior Member

WebmasterWorld Senior Member Top Contributors Of The Month

joined:Apr 1, 2016
posts:1926
votes: 498


This makes no sense. I should set a cookie in order to record the granting of consent to set a cookie.

Also, if I show only non-personalized ads, what choice does the user have? To not show ads? Is the EU is now forcing me to give away my content?
1:32 pm on May 15, 2018 (gmt 0)

Preferred Member

Top Contributors Of The Month

joined:Mar 25, 2018
posts:500
votes: 100


Also, if I show only non-personalized ads, what choice does the user have?

In theory, accept, or don't use the site. This is the commonly accepted concept.

To not show ads?

This is what I am doing, if a user refuse cookies, then I refresh the page, and no longer display Adsense. Instead I display self promotional content, or , affiliate ads (which have no cookies attached to their banner)

Is the EU is now forcing me to give away my content?

You can also block EU visitors, like some are doing.

The idea being, if you agree to make money from EU visitors, then you should follow the EU rules too. You can't say, I take EU's money, but not the constraints.
8:10 pm on May 15, 2018 (gmt 0)

Full Member

10+ Year Member Top Contributors Of The Month

joined:Feb 17, 2005
posts:311
votes: 19


I think.that vegasrick .in.another.topic have right regarding cookies

Quote:
vegasrick: "For non-personalized ads, the eprivacy directive applies - where you have to obtain consent. For personalized ads, GDPR applies and you have to obtain "explicit" consent - big difference. The eprivacy directive can use implied consent with the whole "if you continue to use this website, that means you agree" - where with GDPR for personalized ads, the user has to make a choice one way or the other or be given a very easy way to opt out."
8:44 pm on May 15, 2018 (gmt 0)

Senior Member

WebmasterWorld Senior Member Top Contributors Of The Month

joined:Apr 1, 2016
posts:1926
votes: 498


The idea being, if you agree to make money from EU visitors, then you should follow the EU rules too

Before I start let me be clear about one thing. My business does not operate in the EU. I don't care what the EU has to say. My only concern with these protectionist regulations is the impact it has on my ability to abide by Google's policies.

Now, when a tourist gets off the plane in my lovely city of Montreal (many will be here soon when the F1 rolls into in a few weeks), businesses take their money with a smile but these business do not need to abide by EU laws or regulation. So when a tourist arrives and forgets his iPhone charger, the Canadian vendor has no obligation to sell him a charger that is CE certified. When the tourist takes the charger back home to Europe and subsequently his or her house burns down, the tourist cannot sue the Canadian vendor because the device did not meet CE standards. This is exactly what the GDPR is trying to do.

My business is Canadian, my servers are in the US as I see it I have no obligation to conform by EU laws. Moreover my site is specifically targeted at a US audience, the information is only relevant in the US and the bulk of my users are from the US. I do not solicit EU user with advertising or by any other means. If someone wants to try and come after me then they are welcome but they will need to come after me through the Canadian legal system, which in my case is extremely unlikely given that my company is essentially worthless. Again my only concern is complying with Google / AdSense policies.

The situation is obviously much different for Corporations such Google and Facebook which have operation and subsidiaries within the EU with coffers full of assets.
9:47 pm on May 15, 2018 (gmt 0)

New User

joined:May 15, 2018
posts:5
votes: 0


Reading these forums and others, it's increasingly obvious there are hundreds (likely tens of thousands) of webmasters and site owners that have no idea what to do, how to do it, or where to begin.

It's fairly clear to me the only people in compliance with all of this GDPR stuff thus far are huge companies with giant legal and tech teams dedicated to this kind of thing, or a very small handful of immensely technically savvy programmers who also happen to be site owners and who setup their own geolocation and consent staging solution.

Come May 25... is Google going to start terminating tens of thousands of Adsense, DFP, Analytics accounts because they are not in compliance new policies?
10:02 pm on May 15, 2018 (gmt 0)

Preferred Member

Top Contributors Of The Month

joined:Mar 25, 2018
posts:500
votes: 100


It's sure that being a web publisher requests lot of work and skills, ... I know that lot of people discovered the web, at a time where you could set up a site by simply clicking here and there, and all was being done by itself, magically.

To quote keyplyr, it requires constant researches, studies, learning, experimentation and learning again ... he might not have used all these words and said it better, but you get the idea...

So, yes, web publishers should have started studying and working about the GDPR since years. The GDPR was decided in 2008 (10 years ago), and the final draft was established in 2016 (2 years ago). So it's not something coming from nowhere, all of a sudden.

So, if you can implement a solution by yourself, I think the best remains to disable interested base ads for EU visitors (the option is available from the Adsense dashboard, since some days) and then to implement one of he solution listed at Google's cookie choices site : [cookiechoices.org...] . And to quote Google, this "might" and "should" help :)
6:30 am on May 18, 2018 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:Mar 9, 2018
posts:56
votes: 3


I got the letter too but im a USA based website, and its all jargon to me I have no clue what they are talking about in it.

Is there some settings we have to adjust or what?
7:05 am on May 18, 2018 (gmt 0)

Preferred Member

Top Contributors Of The Month

joined:Mar 25, 2018
posts:500
votes: 100


but im a USA based website,

It doesn't matter, the EU GDPR applies to everybody in the World.

Is there some settings we have to adjust or what?

At least disable interested based ads for EU visitors:
Allow & block ads > Content > All my sites > EU User consent
And display a cookie "informational" banner.
7:21 am on May 18, 2018 (gmt 0)

Senior Member from IN 

WebmasterWorld Senior Member Top Contributors Of The Month

joined:Apr 30, 2017
posts:1206
votes: 212


This is what I am doing, if a user refuse cookies, then I refresh the page, and no longer display Adsense. Instead I display self promotional content, or , affiliate ads (which have no cookies attached to their banner)

How? custom coded?
7:26 am on May 18, 2018 (gmt 0)

Preferred Member

Top Contributors Of The Month

joined:Mar 25, 2018
posts:500
votes: 100


How? custom coded?

Yes, this can be done server side, or client side with javascript. I set a cookie with the choice of the user. Then at the moment to insert the Adsense code, you can check the value of this cookie, to decide what to insert. I don't think there are ready to use solutions for this.
10:10 am on May 19, 2018 (gmt 0)

New User

joined:May 19, 2018
posts:10
votes: 1


- on this banner, I have two choices, accept or refuse. If a user click refuse, I disable ads , and replace them with self promotional content. (this is not a modal banner, so most of people ignore it and do not make choice).


Dear Travis, can you please help me how to code/prepare for this? Since Adsense is my main source of income from web, I am too curious and worries. Bundle of thanks in advance.
5:58 am on June 3, 2018 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:Mar 9, 2018
posts:56
votes: 3


Thanks Travis

Is the Cookie banner the basic one that says click to accept cookies? I have one of those already it came with my jetpack plug in for wprdpress
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members