Websites across the globe rely on Google for key services, like Google Analytics and Google Ads. To use these services effectively, websites need to use cookies that send user data to Google. While this helps improve website and advertising performance, it contains personal data about users’ browsing histories and online behaviours. To protect user data from being misused, regulations, like GDPR and the EU Cookie Law, require users to give prior consent for their data to be collected. To comply with these regulations, Google must ensure that the websites which use its services also comply. Google Consent is the process through which this compliance is achieved. Here we take a detailed look at Google Consent and discuss its implications for website owners.
Contents
An Overview of Google Consent
Google needs to collect user data to improve user experience, deliver personalised content, and provide accurately targeted advertising. Websites also need that data for their analytics and to ensure their own Google advertising campaigns are effective. The types of data collected for these purposes include users’ search histories, locations and app usage.
To comply with regulations, Google requires users to give their explicit consent for certain types of data to be collected and processed, particularly any data that might contain sensitive information or which could be used to deliver personalised ads. Besides giving consent, Google must also give users ongoing control over their data. For instance, they have the right to withdraw their consent or review and modify which data they agree to being used at any time. This means that if they change their mind after having given consent, any data previously collected can no longer be used.
Google and websites that use cookies or collect user data must also be transparent about what data is being collected and how it will be used, including how it is stored and whether it is shared with third parties. This information should be provided in a website’s privacy policy.
Are your emails Google-compliant? Read: How to Implement DMARC for Google and Yahoo Compliance
Implications for website owners
If you own a website and make use of Google Analytics, Google Ads or any other Google tool that collects user data, you will be required to comply with Google Consent requirements. To achieve this, there are a number of things you will need to do. One of the first is to implement a consent management platform (CMP). Essentially, a CMP is a tool that makes it easier for website owners to manage user consent, thus ensuring that your data collection, tracking and cookie use complies with data protection regulations.
Rather than simply giving users the option to consent or reject data collection in bulk, Google requires users to have the option to consent to different types of data processing. This means they should be given the choice to separately accept or reject essential cookies, functional cookies, performance cookies, marketing cookies and analytics cookies. A CMP will allow these options to be given.
The information users need to make these choices has to be clearly displayed when they arrive on your site. For this reason, Google Consent also requires you to use a pop-up. This should tell users about the different types of cookies being used, state what data is being collected and why, explain how it will be used and detail who it will be shared with. The pop-up, crucially, is also where users give their consent to the different types of data collection. To ensure that explicit consent is given, they should not be automatically opted in. Instead, slider or check-box options should be turned off by default, giving the user the right to choose which, if any, to turn on.
As pop-up boxes generally disappear once the user has made their choices, their right to change their minds means websites should also provide an easy and clearly displayed way to make those changes throughout their time on your site.
For more information, read: Keeping Your Website EU Compliant Using Cookie Banners
While information about data use, collection, processing, sharing and storage is displayed on the pop-up, it should also be included, as discussed above, in your privacy policy. For compliance with Google Consent, you must mention any data that is sent to Google and for what purposes.
One of the advantages of using a CMP is that it will automatically create consent logs for you. This means you will have a record of when and how users’ consent was given, together with details of any changes or withdrawals of that consent. Should the ICO or any other authority challenge you over your use of data, these records can provide evidence that you have complied with data privacy regulations.
Google has several other demands for consent. These include anonymising IP addresses for Google Analytics and ensuring that Google Ads settings are configured for user consent. Additionally, websites that use Google Tag Manager, should be configured so that tags only work after user consent is obtained. Finally, if a user requests to access their data or have it deleted, any data collected via Google should be included.
Stay informed about GDPR, read: 15 Essential Facts about General Data Protection Regulation (GDPR)
Google Consent Mode
Websites that use Google Ads, Google Analytics 4 and Campaign Manager 360 will also use Google tags to send data from their website to these services. As a result, Google requires that these must also be used in a way that complies with data privacy regulations. Consent Mode is a feature that manages these tags so that Google services can operate in accordance with a user’s consent choices. The mode operates through the consent pop-up banner and uses APIs to tell Google which consent options have been chosen.
In doing this. Consent Mode controls whether Google is allowed to use cookies to collect data for analytics, advertising, remarketing and conversion tracking. Where consent is not granted, these services will operate with limited functionality, only using non-identifiable information. Again, changes to user consent can be updated at any time, with Google services responding dynamically to them.
Conclusion
In order to comply with data privacy regulations, like GDPR, Google has to ensure that users can accept or reject to have their data collected. This means that any websites that collect data to be used by services like Google Analytics or Google Ads also need to comply. Google Consent is the way that Google ensures this takes place. Hopefully from reading this article, website owners will now be aware of what Google Consent is and what it requires them to do to ensure compliance.
Looking for a hosting provider that helps you comply with regulations like GDPR and PCI-DSS? Webhosting UK takes your security and compliance seriously – visit our homepage to see our full range of hosting solutions.