Flagged for GDPR Compliancy Issue by Google

Hi @nealbo,

Greetings from CookieYes!

To comply with Google’s policies, please make the necessary changes as outlined below to the plugin when using Google products on your domain.

1. Mention that “cookies are used for ads personalization” in the first layer of the consent notice (cookie message on the banner).  For example: We use cookies to enhance your browsing experience, serve personalised ads or content, and analyze our traffic. By clicking “Accept All”, you consent to our use of cookies
 
2. Declare how Google will use your user’s personal data when they give consent on their site/app e.g. by including a link to Google’s Privacy & Terms site. (https://policies.google.com/technologies/partner-sites). This information can be added to the cookie description of Google cookies from Cookie Manager > Edit cookie (https://www.google.com/about/company/user-consent-policy-help/)

Additionally, I can see that on first load, all of my ads are blanked out with a notice to accept cookies, and that even after a user has accepted, they stay blank until page refresh. Is it not possible to simply block the cookies and have ads served on a non-personalised basis?

The above condition is not observed on your site. We can see that the ads are blocked prior to consent and after getting acceptance, they are loading as expected by the plugin.

We use the script-blocking method to remove the cookies. As the script of the Google Ads is being blocked, it cannot show ads while acceptance is not given.

Thanks @cookieyesteam but:

For suggestion 1 – What you list is exactly what my cookie notice already displays. It says “We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking “Accept All”, you consent to our use of cookies.”

For suggestion 2 – I already link to Google’s policies in my privacy page. From reading Google’s own “rules”, linking to such policies is just a recommendation and not a violation if not present. I can additionally add this to the cookie description, but why if this is required to be GDPR compliant, is it not already part of the description created by the plugin?

Is there anything else that looks incorrect about how cookies are processed, created etc. on my site via your plugin? My concern is that I have set-up things incorrectly. Or from your point of view, is everything working correctly and compliant?

• This reply was modified 1 year, 9 months ago by nealbo.

Hi @nealbo,

The first layer of your website’s banner related to ads personalisation appears to be in compliance with privacy regulations. However, if you are collecting personal data from users in the European Union (EU), you are required by the General Data Protection Regulation (GDPR) to provide a privacy notice that explains how their data will be processed. As Google servers are located in the US, you need to provide a link to Google’s privacy policy in the second layer that clearly explains how they handle user data in order to be GDPR compliant.

We have observed that only necessary cookies related to the functioning of our plugin are loaded prior to receiving explicit consent. Other cookies are only set after consent is given. Thus, we did not identify any issues with cookie consent on your site.

However, we did notice another consent prompt popping up after users provide consent on the CookieYes plugin, which could interfere with the proper functioning of cookie unblocking. If possible, we recommend removing this unnecessary prompt.

When you say include in the second layer do you mean:

2. Declare how Google will use your user’s personal data when they give consent on their site/app e.g. by including a link to Google’s Privacy & Terms site. (https://policies.google.com/technologies/partner-sites). This information can be added to the cookie description of Google cookies from?Cookie Manager > Edit cookie?(https://www.google.com/about/company/user-consent-policy-help/)

The second consent is actually Google’s own built in adsense personalization consent which after many hours of searching I have found people claim that they were only able to get past the GDPR review by including both a consent plugin (like CookieYes) plus Google’s Adsense GDPR messaging.

I’ve implemented what you suggested but looking at my cookies I’m noticing that the plugin isn’t working quite correctly. Would appreciate your help on this:

Before I click the consent, a blank cookie domain “https://tpc.googlesyndication.com” loads but no indication of any data/actual cookies. (Not sure if this is an issue?)

If I click reject all, then the following cookies are created against my domain:

1P_JAR, NID, CONSENT, SOCS, AEC, OGPC all with the domain listed as .google.com

Hi @nealbo,

When you say include in the second layer do you mean:

The second layer of your website’s banner refers to the preference center, which allows users to select their cookie preferences. Within the preference center, there are different categories of cookies, and within each category, users can find information about the specific cookies.

If you edit the Google Ads cookie and include Google’s privacy policy link in the description, it will appear in the cookie information section of the preference centre under the relevant category. This will enable users to view the privacy policy for that specific cookie and make informed decisions about their cookie preferences.

Before I click the consent, a blank cookie domain “https://tpc.googlesyndication.com” loads but no indication of any data/actual cookies. (Not sure if this is an issue?)

The link you provided is not loading. We would like to know what you mean by blank cookie domain.

We are not getting the cookies mentioned when rejecting the banner. Make sure there is no adjacent tabs opened in your browser which may cause this. If possible try to load the site from an incognito browser and test again.

Hi @nealbo,

Since there hasn’t been any activity in this thread for a while, we’re going to mark it as resolved. If you need any additional assistance or have any additional questions, feel free to start a new topic or reply.