Today Google finally released their official policy on the EU Cookie law, or that is, i got an e-mail informing me about the technical changes that we apparently have to implement on sites using certain products by Google, including Adsense.
It is a shame that the authorities in EU are so narrow minded, that they choose to ignore the rights of website owners, and neglect the consequences of such a law.
If we ignore the fact that the law is discriminating, and invading our rights as website owners, we still have comply with the law, so we need to work out a solution that does not disturb our users, and has the less impact on our revenue.
Existing solutions may work for many sites, but for some sites, even having to ask users for consent, could hurt their revenue significantly. That is why the legality of implied consent can be important.
Asking for consent before placing cookies
I am personally very annoyed by all these popups in my own internet use, so even from a users perspective, having popup messages asking for consent, is not a good solution. For site i visit often, i don't really care. But if we do implement a cookie notification, it has to be in a place where it is noticed, but not disrupting the user – for this, the top seems like a good place – and it is pretty much standard already.
Sites with high bounce rates will most likely loose a lot of revenue, if they are to ask for consent before showing ads, leaving implied consent as the only acceptable solution – were ads and cookies are used without asking the user, but still informing the user that cookies are used.
Who should fix the problem?
The most obvious solution would be for Google and other companies, to implement a consent mechanism on their part. For Google Adsense, this could automatically choose between a cookie-less units and units using cookies, depending on whether consent is given.
Google has the resources to develop a solution, while a lot of site owners do not. Site owners also do not have anything to do with the technologies Google are using in their products, so we should not be burdened with unnecessary legal issues associated with such technologies.
My own solution
Currently i am using an implied consent solution for all cookies, including those by Adsense and social networks. I might still choose to change this later, if i am contacted by either Google, or someone from EU. The problem is that there is not much of an alternative for me, since my bounce rate is pretty high, so i would likely loose a lot of income if i were to first ask users for their permission, before storing cookies.
The mere task of keeping track of which third parties are storing cookies, is not technically feasible, or even a realistic option. Besides, the only scalable solution is an implied consent one. By implied consent i specifically mean that, simply by visiting a site, people automatically "agree" to the TOS of the site. It is the only way third party code can be included, without us worrying about which technologies are used – which is very important for Adsense.
If the EU wants to enforce the law, then they should go after the offenders – not innocent site owners!
Problems with asking for users consent before storing cookies
The requirement of of asking for the users consent has a number of issues, depending on what exactly is meant. If implied consent is enough, then there is no technical problem.
- It can prevent the Adsense crawler from detecting Adsense code on sites, and attempts to work around this could be conflicting with Googles Webmaster Quality Guidelines, the part about Cloaking.
- Sites with high bounce rates could lose a lot of income.
The e-mail from Google
We want to let you know about a new policy about obtaining EU end-users’ consent that reflects regulatory and best practice guidance. It clarifies your duty to obtain end-user consent when you use products like Google AdSense, DoubleClick for Publishers, and DoubleClick Ad Exchange.
Please review our new EU user consent policy as soon as possible. This requires that you obtain EU end users’ consent to the storing and accessing of cookies and other information, and to the data collection, sharing, and usage that takes place when you use Google products. It does not affect any provisions on data ownership in your contract.
Please ensure that you comply with this policy as soon as possible, and not later than 30th September 2015.
If your site or app does not have a compliant consent mechanism, you should implement one now. To make this process easier for you, we have compiled some helpful resources at cookiechoices.org.
This policy change is being made in response to best practice and regulatory requirements issued by the European data protection authorities. These requirements are reflected in changes recently made on Google’s own websites.
Thank you in advance for your understanding and cooperation.
The Google Policy Team