As of July 31, 2024, Google has announced a significant expansion of its EU User Consent Policy to include websites and apps with traffic/users in Switzerland. This update has important implications for publishers and advertisers operating within the European Economic Area (EEA), the UK, and now Switzerland.
In this article, we delve into the details of this policy expansion, its impact on businesses, and what’s needed for compliance.
Google EU User Consent Policy: Next stop, Switzerland
The expansion of Google’s EU User Consent Policy signifies a broader application of consent requirements to safeguard user data privacy. It mandates certain disclosures and consents from end users in the EEA, the UK, and Switzerland. This applies to websites and apps using Google products and services, such as AdSense or Google Analytics, outlining the responsibilities of publishers and advertisers regarding user consent for:
- Use of cookies, online trackers and local storage: Where required by law, user consent must be obtained before placing cookies and/or other tracking technologies or using other local storage mechanisms, on user devices.
- Data collection and ad personalization: User consent is necessary to collect, share, and use personal data to personalize digital ads.
Failure to comply with this policy may result in limitations or suspension of the use of Google products, or even termination of the agreement.
Google’s EU user consent policy – what’s changed and what does it mean for advertisers?
Google policy requirements for publishers and advertisers
Publishers and advertisers marketing to audiences in the EEA, UK and now Switzerland using Google products are now subject to specific obligations to ensure compliance:
Obtaining valid user consent
Publishers and advertisers are mandated to obtain legally valid user consent for the use of cookies or local storage where required by law, as well as for the collection, sharing, and use of personal data for ad personalization.
Transparency and user control
Clear instructions on how users can revoke their consent should be provided alongside the request for consent. Furthermore, a record of any granted consent must be maintained to demonstrate compliance with the policy.
Identifying data sharing partners
Publishers and advertisers must transparently disclose any third parties that may collect, receive, or use user data as a consequence of their use of Google products. This includes providing users with easily accessible information about how these third-parties use the data.
New scenarios
The policy also addresses scenarios where user data from a third-party property (website or app not controlled by the publisher or advertiser) is shared with Google due to the use of Google products. In such cases, publishers and advertisers are required to make commercially reasonable efforts to ensure the third-party property operator complies with the user consent obligations outlined in the policy.
Google requirements for publishers marketing to Switzerland
Since last year, Google has implemented a requirement for publisher partners to utilize a Google-certified Consent Management Platform (CMP) such as Usercentrics CMP, integrated with IAB Europe’s Transparency and Consent Framework (TCF) for serving ads to users in the EU/EEA and the UK. After the July 31 deadline, Swiss publishers using Google monetization products targeting Swiss traffic must also adhere to the following:
- Implement a Google-certified CMP
- Comply with Google’s EU user consent policy
- Integrate with the TCF for Swiss traffic
Google’s directive for Swiss publishers to adopt a CMP from their partner program represents a notable shift in Swiss digital practices. This decision, primarily focused on ensuring TCF usage for Swiss traffic, reflects Google’s proactive approach to aligning with legislative dynamics, namely with the Swiss Federal Data Protection Act (FDPA), which came into effect in 2023.
While the GDPR doesn’t directly apply in Switzerland, Google’s enforcement of TCF in the Swiss context indicates an acknowledgment of the FDPA’s alignment with GDPR standards.
You might also find this useful:
FADP checklist: your toolkit for compliance
Learn what you need to know to comply with Switzerland’s FADP privacy law.
Google requirements for advertisers targeting Swiss audiences
Companies using Google adtech products will need to obtain consent from Swiss users where legally required. For now, advertisers won’t be expected to send a verified consent signal for Swiss traffic through Google Consent Mode V2 — the requirement in force for EU/EEA audiences —, but this might change in the future.
To learn all about Google Consent Mode, watch our explainer video:
Even if Consent Mode is not required for now, if you’re advertising using Google products, the most efficient way to collect and manage user consent in a legally compliant way is to implement a consent management platform (CMP) like Usercentrics consent solutions for websites and mobile apps.
Usercentrics CMPs are both Google-certified, fully supporting Transparency and Consent Framework (TCF) and Google Consent Mode v2.
Although Consent Mode activation is not required for now, it’s enabled by default in the tools, so you’ll be one step ahead should the requirements in Switzerland align with the rest of Europe. Plus, by implementing Consent Mode v2 you can benefit from analytics and conversion modeling, and avoid losing marketing data due to rejected consent banners.
Google policy update: impact on marketing strategies
The updated Google policy prompts marketers to prioritize obtaining valid user consent for data collection and ad personalization to align with building trust and respect for user privacy. This involves the implementation of transparent and user-friendly consent mechanisms to ensure compliance with the policy’s requirements.
Here’s what’s essential for marketers to consider under the updated policy:
Prioritize user consent
Making the acquisition of valid user consent for data collection and ad personalization a central element of your marketing strategy in these regions is imperative.
As per Google’s recommendation, their certified CMP Partners, such as Usercentrics Web & App CMP and Cookiebot CMP, have been thoroughly assessed and meet certain technical requirements to ensure the best possible experience for advertisers.
Transparency is crucial
Clearly conveying to users how their data is collected, used, and shared is vital. Equally important is providing easily accessible information and options for users to manage their consent preferences.
Partner compliance
If your operations involve third-party platforms that integrate with Google products, ensuring their compliance with user consent requirements is essential.
By aligning with the EU User Consent Policy, marketers can demonstrate a commitment to respecting user privacy and cultivating trust with audiences in the EEA, UK, and Switzerland. Ultimately, this can lead to a stronger connection between their brand and audiences, heightened user engagement and more successful marketing campaigns.
Before you go: the importance of compliance
The expansion of Google’s EU User Consent Policy to include users in Switzerland underscores the growing emphasis on data privacy and consent management. Publishers and advertisers must proactively adapt to these changes, ensuring compliance with the updated policy to maintain a positive relationship with Google and uphold user privacy.
In summary:
- Implement a Google-certified CMP like Usercentrics CMP to collect user consent
- Activate the Transparency and Consent Framework (if you’re a publisher, i.e., if you monetize your platform)
- Consider implementing Google Consent Mode V2 for additional marketing benefits.
You may find these useful:
- What is the Google EU user consent policy?
- Google Consent Mode: 4 steps you need to take now
- Google Consent Mode checklist to meet Google’s EU privacy requirements
- Understanding Google’s Additional Consent: A guide for publishers
- What is a Google-certified consent management platform and why do you need one?