On May 16, 2023, Google made a significant announcement affecting publishers using or intending to use its AdSense, Ad Manager, or AdMob products. They must use a Google-certified Consent Management Platform (CMP) if they want to serve ads to visitors from the European Economic Area (EEA) and the United Kingdom (UK).
This announcement came on the same day that the Interactive Advertising Bureau (IAB) announced policy and technical changes to its Transparency and Consent Framework (TCF) — the latest version being the TCF 2.2 — which aims to help businesses comply with the General Data Protection Regulation (GDPR) and ePrivacy Directive and create a standardized consent management experience for end users.
Publishers that use Google’s advertising services must switch to a Google-certified CMP by January 16, 2024, after which date they will no longer be able to serve ads to users in the EU, EEA and UK without meeting this requirement.
We explore the changes this requirement will bring, how to find a Google-certified CMP, and how Cookiebot™️ can help publishers enable compliance.
Why is Google requiring certified CMPs?
Google’s main objective with this requirement is to establish “a more unified and reliable approach to transparency and consent” and “a more privacy-conscious digital advertising ecosystem.”
Changes to the TCF include standardizing how consent is obtained, stored, and used across the digital advertising industry, which aligns with the requirements of various data privacy laws in the EU. By requiring businesses to use a Google-certified CMP — that also integrates with the IAB Europe’s TCF 2.2 — to obtain user consent, Google is enabling a consistent approach to consent management across its advertising ecosystem in line with the TCF. Google also aims to enhance transparency and control for users over their data, which is in line with the changes to the TCF and stipulations of the Digital Markets Act.
Understanding Google’s CMP requirements for ad-serving businesses
Publishers that fail to implement a Google-certified CMP in the EU/EEA and UK by January 16, 2024 will not be able to serve ads in these regions, while those that do will be eligible for personalized and non-personalized ads.
If you’re already a Cookiebot CMP user, there is no action needed from you. Cookiebot CMP is already Google-certified, enabling you to meet Google’s new requirements so you can continue to serve ads to users in Europe and the UK without interruption.
If you’re a publisher who has not yet implemented a CMP, or if your current CMP provider is not certified or does not have plans to become certified, you can choose a certified CMP provider from Google’s official list.
Selecting the ideal Google-certified CMP for your business
When it comes to finding a Google-certified CMP provider for your business, there are several unique factors to consider.
Compliance with the TCF and data privacy laws
Ensure the CMP complies with IAB Europe’s TCF v2.2. Google’s list of certified CMPs is a good place to start as this is a requirement for certification. Businesses with traffic from users in other regions should also look into whether the CMP enables collecting consent that’s compliant with other possibly relevant privacy regulations.
Look for a CMP that integrates easily with the platforms your business uses, especially Google AdSense, Ad Manager, and AdMob. Other integrations to consider include your content management system, analytics platform, and ecommerce platform.
Customization and adaptability
A CMP should be customizable to enable you to reflect your business’s branding and messaging, ensuring coherence with its overall image. The CMP must also enable timely updates for potential shifts in privacy legislation or advancements in ad technology to maintain its effectiveness as well as compliance over time.
Level of customer support
Investigate the level of customer support, comprehensiveness of documentation, and updates offered by the CMP provider. Some things to look out for include variety in support channels, availability of an account manager or customer success manager, support ticket response methods and times, maintaining detailed and updated documentation and resources, and providing regular software updates.
By paying attention to these specific areas, you can select a CMP that complies with Google’s mandates and aligns with your operational needs and growth.Sign up for a 14-day trial of Cookiebot CMP today
Why should you use Cookiebot CMP?
1. Google-certified consent management platform
Cookiebot™️ is a Google-certified CMP partner. The Cookiebot CMP has integrated with the IAB Europe’s TCF v.2.2 and meets the TCF’s specifications, which is a Google requirement.
2. TCF-specific features
When a cookie banner displays on a website registered with the IAB, it will have an additional panel called “ad settings”. This panel provides users with information on vendors and purposes, and users can enable and disable each separately, or enable or disable all these vendors and purposes at once.
3. Supports Google’s Additional Consent Mode
Google’s Additional Consent Mode enables publishers to get consent for Google ad tech providers that are not part of the IAB TCF v. 2.2 Vendor List. Cookiebot CMP supports Additional Consent Mode so publishers can display ads from this list of ad tech providers in addition to those that registered with the IAB.
4. Multiple integrations
Cookiebot CMP integrates easily with Google services automatically via Google Tag Manager and supports the latest version of Google Consent Mode by default — not to be confused with Additional Consent Mode referenced above — which signals user consent status to Google before tags fire.
Users can also integrate the Cookiebot CMP with other platforms, including content management systems such as Dorik, Drupal, Magento, Shopify, WordPress, Webflow, BigCommerce and PrestaShop, and analytics platforms, including Google Analytics 4 and Matomo.
5. Easy to set up
Cookiebot CMP is easy to implement in just a few steps. It makes it easy to get started with collecting compliant consent and takes the technical hassle out of the process.
6. Global data privacy regulation compliance
Cookiebot™️ customers can collect consent to enable compliance with multiple data privacy laws worldwide, including:
- the GDPR and ePrivacy Directive for users in the European Union
- Lei Geral de Proteção de Dados (LGPD) for users in Brazil
- Protection of Personal Information Act (POPIA) for users in South Africa
- California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA)
- Virginia Consumer Data Protection Act (VCDPA)
Cookiebot CMP is a customizable and flexible cookie consent solution that supports 47+ languages. Customers can use geolocation settings to display a cookie banner that obtains opt-in or opt-out consent based on the user’s location and relevant data privacy law. This enables customers to configure the banner so that it is compliant under the GDPR/ePrivacy Directive and Digital Markets Act, and meets Google’s requirements related to the TCF v2.2.
7. Varied support options
Cookiebot™️ customers have access to multiple support options, including a dedicated Help Center, detailed knowledge base, and ticket system for technical support and customer care. Customers can also work with our large partner base of 3,000+ reseller partners that implement, maintain, optimize and support Cookiebot CMP.
The role of Google-certified CMPs in meeting Digital Markets Act requirements
The relationship between a Google-certified CMP and the Digital Markets Act (DMA) is rooted in their shared focus on enhancing digital privacy and user consent management.
- Compliance with privacy regulations: Both the TCF v2.2 and the DMA aim to enable compliance with data privacy regulations. While the TCF v2.2 provides a standardized framework for obtaining and managing user consent specifically in the context of digital advertising, the DMA aims to regulate digital markets more broadly, including aspects of data privacy and user control over personal data use.
- User consent and transparency: A Google-certified CMP under the TCF v2.2 is designed to obtain user consent in a transparent and standardized manner, which is also a core requirement of the DMA. The DMA emphasizes the importance of transparent and fair practices with digital platforms and services, including how user data is collected and used.
A Google-certified CMP is a consent management platform certified by Google to help businesses manage user consent for online advertising and data collection in compliance with the IAB’s Transparency and Consent Framework (TCF) v2.2. It enables businesses serving ads through Google’s advertising services like AdSense, Ad Manager, or AdMob to adhere to legal requirements for obtaining and recording user consent. Google has mandated the use of a Google-certified CMP from January 16, 2024 for serving ads in the EU, EEA and UK.
Google itself does not provide its own consent management platform, but it certifies third-party CMPs that businesses can use to collect compliant consent. These CMPs must meet and integrate with the requirements of the TCF v2.2 to be certified.
A consent management platform for Google AdSense is a consent solution used by publishers who run ads using Google’s AdSense service. It helps in obtaining and managing user consent for data processing and ad targeting in compliance with privacy laws like the GDPR. From January 16, 2024, publishers must have a Google-certified CMP to use AdSense and continue serving ads to users in the EU, EEA and UK.
Under the GDPR, a CMP enables websites and online services to obtain, manage, and record explicit user consent for data processing activities. It ensures compliance with GDPR’s strict guidelines on user consent, particularly in handling personal data and user preferences for privacy and data usage. CMPs are valuable for businesses to legally process user data on websites, apps, and other connected platforms within the scope of the GDPR.
Sign up for a 14-day trial of Cookiebot CMP today