Open in app

Sign in

Write

Sign in

Google’s latest GDPR preparations and what they mean for you

Abbie Clement
iubenda
Published in
4 min readMar 27, 2018

Google has started implementing major policy, contractual, and product changes in preparation for the soon-to-be-enforceable General Data Protection Regulation (GDPR). The changes largely reflect Google’s status as either data controller or processor in regards to their products; sets out your responsibilities in light of the new legal requirements and includes product and network modifications.

Policy updates

Google’s EU User Consent Policy is being updated to better reflect the new legal requirements. Central to these policy changes is the statement of your responsibilities in regards to disclosures to and obtaining consent from EEA users.

In regards to sites/ apps or other “properties” under your control that make use of Google services, you are required to:

  • acquire legally valid consent from end users for the use of cookies or other local storage (where legally required);
  • acquire legally valid consent for the processing of personal data for ads personalization of ads or remarketing services;
  • keep records of consent given by end users;
  • provide end users with clear instructions for the withdrawal of consent; and
  • identify and disclose details of all third-parties involved in the processing of the personal data of end users, in an easily accessible and visible way

Google has stated that failure to comply may lead to limited or suspended accounts and/termination of your agreement.

Contract changes

Google is including the new GDPR terms as a supplement to your contract with Google. These modifications will come into force on 25 May 2018.

Currently, these contract changes will affect AdWords, DoubleClick, and the Google Analytics suite. The terms will be incorporated into your terms of service (also known as the terms and conditions) agreement with Google and you may be required to log-in and accept the new terms in your account if you haven’t already.

Product changes

In order to comply with the GDPR, Google is making product changes across their global network of publisher sites, which:

  • give publishers the ability to select which third-party ads get displayed to their end users and give them the ability to show non-personalized ads;
  • limit the processing of personal information for children under the GDPR Age of Consent;

The company has also stated that they are “exploring consent solutions for publishers” and launching new controls that give Google Analytics customers the ability to manage the storage and deletion of their data.

To comply, and support your compliance with GDPR, we are: Making some changes across the network of publisher sites on which your ads may appear . . .Launching new controls for Google Analytics customers to manage the retention and deletion of their data . . . Exploring consent solutions for publishers, including working with industry groups like IAB Europe.

You can view the full email text from Google here.

Here’s what you can do right now to comply with Google’s GDPR-based consent policy requirements:

  • Put in place on your site/ app an easily-accessible, comprehensive privacy policy which includes details on how you process end-user data, for which purposes and who else has access. Be sure to include each third-party service used with links to their policies where possible and detail their involvement in the processing. (You can do this with just a few clicks via our privacy policy solution)
  • Implement a method of obtaining verifiable and valid consent. For consent to be valid, it must be informed, freely-given and verifiable. This means that your end users should know precisely and honestly, exactly what they’re consenting to and the consent must be based on an explicit affirmative uncoerced action.

Here’s an example of a method of acquiring valid consent for the processing of personal data for ads:

Yes, I would like the ads I view to be personalized. I have read the privacy policy and understand the requirements for this function (optional).

  • Implement a “cookie consent solution” that allows you to obtain valid, verifiable explicit consent BEFORE installing cookies on the end users’ device. Our cookie solution simplifies this process -end users are informed via a customizable cookie banner; active consent is facilitated via either clicking or scrolling, and user consent settings are remembered.
  • Keep clear records of the consent attained. Your records of consent should at least include the identity of the user giving consent; when they consented; what disclosures were made (what they were told) at the time they consented; methods used for obtaining consent (e.g., newsletter form, during checkout etc.); whether they have withdrawn consent or not.

iubenda helps you with the generation of your privacy policy and a fully fledged cookie management system (Cookie Solution). You can try our privacy policy generator here and our cookie solution here

Originally published at www.iubenda.com.

Privacy
Gdpr
Google Analytics
Google Updates
Google Adwords

--

--

Abbie Clement
iubenda

Written by Abbie Clement

62 Followers
Editor for

Head of Content @iubenda, knowledge fiend, skilled over-thinker and lover of puns.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams