However

That's the keyword. So no one can have a definitive answer to this question. And no one is taking risks.

All this will remain blur until the publication of the ePrivacy Regulation [webmasterworld.com...] (the evolution of the EU cookie law), which "should" (hmm) discharge web publisher for cookie consent, and make web browsers in charge of handling this.
(Also, in the upcoming ePrivacy regulation, they say "The proposal also clarifies that no consent is needed for non-privacy-intrusive cookies improving internet experience", which sounds like what the cookie for non-personalized ads is doing).

Now, to "try" to answer your question, and as I said several time in the dedicated topic [webmasterworld.com...] . I "understand", that non-personalized ads produce a non-tracking cookie, with no personal information attached. "If" this is right, then it's no longer related to the GDPR, but still addressed by the EU Cookie Law.

The EU Cookie Law requires to obtain the consent of a user BEFORE dropping a cookie (it's unclear which kind of cookie really requires this or not!) . But 99.9% of sites are not obtaining the consent before a cookie is written. Web publishers adopted "themselves" an approach where displaying a banner, to inform the user about cookie, with links to information, would be enough. Legally it's not, but since everybody is doing this... (also, legally, it's the one dropping the cookie which has to obtain the consent, so in the case of Adsense, this is supposedly Adsense which has to obtain this consent, and not the web site publisher).

That being said, what I am doing is :
- non-personalized ads for EU visitors
- sticky cookie banner, information that third parts are using cookies, with link to my privacy policy page, where where I explain who does what, and how to control cookies
- on this banner, I have two choices, accept or refuse. If a user click refuse, I disable ads , and replace them with self promotional content. (this is not a modal banner, so most of people ignore it and do not make choice).

I think this "should" be fine, until the moment all this will be handled by web browsers themselves.

Im drowning completely in this matter. Google mailed us that we would get ATP controls so that we can serve non-personalized ads to EEA visitors. But I can't find these controls. Can someone tell me where to find them in my Adsense account? Or, how do I only serve non-personalized ads to EEA visitors?

Im just a content writer and not a tech wizzard.

On the Adsense Dashboard you have the option... I need to find the exact path ...

[edited by: Travis at 11:12 am (utc) on May 15, 2018]

Allow & block ads > Content > All my sites > EU User consent

Thanks a 1,000,000

@Travis thank you for the breadcrumbs.

I think that the page makes it pretty clear:

Google will show only non-personalized ads to users in the EEA. You are required to obtain your users' consent to the use of cookies for this purpose, where applicable.

The more troubling statement included in the more info link provided by Google is:

When seeking consent you must:
retain records of consent given by end users; and
provide end users with clear instructions for revocation of consent.

This would suggest that I would need to setup a database to track user information for the purpose of getting and revoking consent. This is pure lunacy... Who's going to pay for this?

This would suggest that I would need to setup a database to track user information for the purpose of getting and revoking consent. This is pure lunacy... Who's going to pay for this?

You can simply set a cookie, which records the choice of the user.

This makes no sense. I should set a cookie in order to record the granting of consent to set a cookie.

Also, if I show only non-personalized ads, what choice does the user have? To not show ads? Is the EU is now forcing me to give away my content?

Also, if I show only non-personalized ads, what choice does the user have?

In theory, accept, or don't use the site. This is the commonly accepted concept.

To not show ads?

This is what I am doing, if a user refuse cookies, then I refresh the page, and no longer display Adsense. Instead I display self promotional content, or , affiliate ads (which have no cookies attached to their banner)

Is the EU is now forcing me to give away my content?

You can also block EU visitors, like some are doing.

The idea being, if you agree to make money from EU visitors, then you should follow the EU rules too. You can't say, I take EU's money, but not the constraints.

I think.that vegasrick .in.another.topic have right regarding cookies

Quote:
vegasrick: "For non-personalized ads, the eprivacy directive applies - where you have to obtain consent. For personalized ads, GDPR applies and you have to obtain "explicit" consent - big difference. The eprivacy directive can use implied consent with the whole "if you continue to use this website, that means you agree" - where with GDPR for personalized ads, the user has to make a choice one way or the other or be given a very easy way to opt out."

The idea being, if you agree to make money from EU visitors, then you should follow the EU rules too

Before I start let me be clear about one thing. My business does not operate in the EU. I don't care what the EU has to say. My only concern with these protectionist regulations is the impact it has on my ability to abide by Google's policies.

Now, when a tourist gets off the plane in my lovely city of Montreal (many will be here soon when the F1 rolls into in a few weeks), businesses take their money with a smile but these business do not need to abide by EU laws or regulation. So when a tourist arrives and forgets his iPhone charger, the Canadian vendor has no obligation to sell him a charger that is CE certified. When the tourist takes the charger back home to Europe and subsequently his or her house burns down, the tourist cannot sue the Canadian vendor because the device did not meet CE standards. This is exactly what the GDPR is trying to do.

My business is Canadian, my servers are in the US as I see it I have no obligation to conform by EU laws. Moreover my site is specifically targeted at a US audience, the information is only relevant in the US and the bulk of my users are from the US. I do not solicit EU user with advertising or by any other means. If someone wants to try and come after me then they are welcome but they will need to come after me through the Canadian legal system, which in my case is extremely unlikely given that my company is essentially worthless. Again my only concern is complying with Google / AdSense policies.

The situation is obviously much different for Corporations such Google and Facebook which have operation and subsidiaries within the EU with coffers full of assets.

Reading these forums and others, it's increasingly obvious there are hundreds (likely tens of thousands) of webmasters and site owners that have no idea what to do, how to do it, or where to begin.

It's fairly clear to me the only people in compliance with all of this GDPR stuff thus far are huge companies with giant legal and tech teams dedicated to this kind of thing, or a very small handful of immensely technically savvy programmers who also happen to be site owners and who setup their own geolocation and consent staging solution.

Come May 25... is Google going to start terminating tens of thousands of Adsense, DFP, Analytics accounts because they are not in compliance new policies?

It's sure that being a web publisher requests lot of work and skills, ... I know that lot of people discovered the web, at a time where you could set up a site by simply clicking here and there, and all was being done by itself, magically.

To quote keyplyr, it requires constant researches, studies, learning, experimentation and learning again ... he might not have used all these words and said it better, but you get the idea...

So, yes, web publishers should have started studying and working about the GDPR since years. The GDPR was decided in 2008 (10 years ago), and the final draft was established in 2016 (2 years ago). So it's not something coming from nowhere, all of a sudden.

So, if you can implement a solution by yourself, I think the best remains to disable interested base ads for EU visitors (the option is available from the Adsense dashboard, since some days) and then to implement one of he solution listed at Google's cookie choices site : [cookiechoices.org...] . And to quote Google, this "might" and "should" help :)

I got the letter too but im a USA based website, and its all jargon to me I have no clue what they are talking about in it.

Is there some settings we have to adjust or what?

but im a USA based website,

It doesn't matter, the EU GDPR applies to everybody in the World.

Is there some settings we have to adjust or what?

At least disable interested based ads for EU visitors:
Allow & block ads > Content > All my sites > EU User consent
And display a cookie "informational" banner.

This is what I am doing, if a user refuse cookies, then I refresh the page, and no longer display Adsense. Instead I display self promotional content, or , affiliate ads (which have no cookies attached to their banner)

How? custom coded?

How? custom coded?

Yes, this can be done server side, or client side with javascript. I set a cookie with the choice of the user. Then at the moment to insert the Adsense code, you can check the value of this cookie, to decide what to insert. I don't think there are ready to use solutions for this.

- on this banner, I have two choices, accept or refuse. If a user click refuse, I disable ads , and replace them with self promotional content. (this is not a modal banner, so most of people ignore it and do not make choice).

Dear Travis, can you please help me how to code/prepare for this? Since Adsense is my main source of income from web, I am too curious and worries. Bundle of thanks in advance.

Thanks Travis

Is the Cookie banner the basic one that says click to accept cookies? I have one of those already it came with my jetpack plug in for wprdpress