Are your website cookies compliant with Google’s new EU user consent policy?

31 Aug 2015

Have you spotted an increase in website cookies notices? Here’s why. Photo via Monkey Business Images/Shutterstock

In response to a request from EU regulators, Google has updated its user consent policy, and website owners need to ensure compliance by 30 September. Mason Hayes & Curran explains why and how.

Web users may have noticed an increase in cookie consent banners across the internet in recent weeks. This results from Google’s new EU user consent policy.

The policy, accessible here, requires website publishers who use Google cookies to obtain their European site visitors’ consent before dropping and reading cookies.

While the law in this area hasn’t changed recently, the regulatory atmosphere has.

Google’s new website cookies policy

European privacy regulators are increasingly focusing on US-based organisations that target EU users. In this climate, EU data protection authorities requested changes to the way Google obtains end-user consents. The changes to its consent policy are a direct result of Google’s engagement with regulators.

In its FAQ, Google states: “The Article 29 Working Party, an umbrella body that comprises representatives of all EU data protection authorities, has requested some changes to current practices for obtaining end user consents. We understand these principles will be applied across the industry. It has always been Google’s policy to comply with privacy laws, so we’ve agreed to make certain changes affecting our own products and partners using Google products.”

The new user consent policy will not only impact Google-owned websites but also ad publishers who are using Google services such as AdSense, DoubleClick for Publishers and DoubleClick AdExchange.

What publishers and advertisers need to do

All website operators that use Google cookies now need to implement mechanisms for gathering consent on their websites for all EU traffic.

Google is not prescribing specific language and has expressed the view that each website could require something different depending on the extent to which it uses cookies and related technologies.

Publishers will have to add consent policies in respect of EU traffic only. However, many website publishers may not be in a position to ascertain where their traffic comes from, or to incur the engineering cost of having different versions of their website for different regions.

This could result in EU consent notices appearing on many websites, even those based outside of the EU that primarily target non-EU users.

How to make sure your website is compliant

Google is pushing for publishers to update their own consent policies by 30 September 2015.

To assist publishers in implementing a consent mechanism on their websites, Google unveiled a resource website earlier this month.

The site is designed to provide publishers with information as to how they can ensure they comply with this policy.

The website includes examples and tools to help implement an effective consent mechanism for users.

Learn more about your website’s legal requirements

This change in policy reflects the heightened scrutiny that internet companies are facing across Europe.

It also shows how EU online privacy standards are being exported and may need to be complied with by non-European internet companies that provide services to EU users.

Further guidance on EU website legal compliance issues can be found in our checklist of website legal requirements, parts onetwo and three.

Tech Law is a weekly series brought to you by Irish law firm Mason Hayes & Curran, whose legal tech team advises the world’s top social media organisations and emerging start-ups. Check out for more.

Want stories like this and more direct to your inbox? Sign up for Tech Trends, Silicon Republic’s weekly digest of need-to-know tech news.

The content of this article is provided for information purposes only and does not constitute legal or other advice.

Cookies image by Monkey Business Images via Shutterstock