Google tells its publisher partners to comply with EU cookie directive

The company detailed the requirement in its new EU User Consent Policy

Inside Google's headquarters in Mountain View, California.

Inside Google's headquarters in Mountain View, California.

Google is now requiring that publishers that carry its ads comply with a European Union directive and ask their site visitors' for permission before setting cookies on their computers.

Google spelled out the requirement in its new EU User Consent Policy for publishers that participate in services including AdSense, DoubleClick Ad Exchange and DoubleClick for Publishers.

"If your websites are getting visitors from any of the countries in the European Union, you must comply with the EU user consent policy. We recommend you start working on a policy-compliant user consent mechanism today," said Jason Woloz, Google's security and privacy program manager for display and video ads, in a blog post

Sites that target EU readers should already be asking visitors for permission to store cookies on their machines, under the EU's ePrivacy directive. Browser cookies can be used to store a user's web actions or preferences and the data is often used for behavioral ad targeting. Cookies can also provide convenient functions, such as storing users' login data.

The European Commission's guidelines say that, for consent to be valid, it must be "informed, specific, freely given and must constitute a real indication of the individual's wishes."

In the policy introduced on Monday, Google stresses that its partner publishers must obtain consent from site visitors to collect, share and use their data gathered via an app, site or other service. It also covers storing and accessing of cookie data.

On a website called Cookie Choices, Google gives tips on how to implement the policy and comply with EU laws.

Google won't tell its users what an app or site consent message should say "because it will largely depend on your own uses of cookies and other information, and the third party services you work with." It did give some examples on the Cookies Consent site.

The European Commission offers a cookie consent kit to help website operators comply with the directive.

A EU directive is a legislative act that sets out a goal that all EU countries must achieve. However, it is up to countries to decide how and it often takes time for countries to make laws based on a directive. For example, a U.K. cookie law, based on the directive, came into effect in May 2012.

Loek is Amsterdam Correspondent and covers online privacy, intellectual property, online payment issues as well as EU technology policy and regulation for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to

Join the CSO newsletter!

Error: Please check your email address.

Tags advertisingGooglesecurityeuropean commissionlegalinternetprivacy

More about DoubleClickEUEuropean CommissionGoogleIDGNewsTwitter

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Loek Essers

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place