In today’s digital landscape, the use of cookies is pervasive, enabling websites to remember user preferences and enhance the browsing experience. However, with the advent of stringent privacy laws such as the General Data Protection Regulation (GDPR) and the ePrivacy Directive in the European Union, website owners are now required to secure explicit consent from users before setting non-essential cookies, including those used for tracking, advertising and other third-party services.
In this comprehensive guide, we will explore the classification of cookies, the rationale behind cookie regulation, the impact of privacy laws on websites, and the crucial introduction of Google Consent Mode V2 in response to the European Union’s Digital Markets Act. This update significantly impacts business owners using Google Ads, Google AdSense, Google Analytics and Google Tag Manager, especially those targeting EU and/or UK residents, with the compliance deadline set for 6 March 2024.
What Are Cookies?
Cookies are small pieces of data stored on a user’s device by websites to remember information about the user or their preferences. With the implementation of laws such as the General Data Protection Regulation (GDPR) and the ePrivacy Directive in the European Union, and similar regulations in other regions, websites are required to obtain explicit consent from users before setting non-essential cookies, such as those used for tracking, advertising or other third-party services.
How Are Cookies Classified?
Cookies come in three main categories:
- Essential Cookies – are cookies necessary to browse a website and use its features (security, authenticating users or preventing fraudulent actions).
- Functional Cookies – allow a website to remember the choices that you have made in the past and how you use that website to improve user experience (language preferences, username, password or which pages you’ve clicked on).
- Marketing & Analytics Cookies – are used to track your online activity for marketing, advertising and analytics purposes. There are also third-party cookies like Analytics Cookies and Social Cookies that are typically used to determine and analyse your interactions with the website.
Why Are Cookies Being Regulated?
Different privacy laws have slightly different explanations as to why they are looking to regulate cookies, but they all essentially boil down to the desire to protect online users’ privacy and prevent the misuse of their personal information.
How Are Cookies Being Regulated?
Several privacy laws across the globe require websites to have a cookie consent banner with even more privacy laws in the works.
How these laws are regulated varies depending on the specific law, but as an example, the EU and UK use Data Protection Authorities (DPA) to enforce these laws. Consumers file complaints and the DPA issues fines to the business owners.
What Is Cookie Consent?
Cookie consent generally involves displaying a banner or pop-up notification to visitors, informing them about the use of cookies and requesting their consent to proceed. People must have the ability to decline non-essential cookies that are being used by a particular website. If a website uses multiple types of cookies, the banner should also allow the user to manage each cookie individually (eg. decline marketing cookies, but accept functional cookies). There are also other requirements such as:
- The “accept” and “decline” buttons must have equal prominence (no hiding one or the other in the corner or using colours that blend with the background).
- Provide a mechanism for users to withdraw their consent in a way that’s just as easy as it was to provide their consent.
When selecting a cookie consent provider, make sure it’s not just a glorified popup that doesn’t do anything. You need to ensure you are opting out certain visitors by default before letting non-essential scripts and cookies load on their browsers.
How Does The Digital Markets Act Impact Your Website?
The European Union’s Digital Markets Act, which came into force in May 2023, aims to foster fairness in the digital economy. Initially focusing on regulating “gatekeeper platforms” like Google and Facebook, its influence and obligations are now extending to small business websites. For instance, companies such as Google are mandating their customers, particularly those in the UK and EU, to implement a consent solution on their websites and comply with Google’s latest consent communication platform: Consent Mode V2.
What Is Google Consent Mode V2?
In response to the Digital Markets Act, Google has deployed Consent Mode V2 and is requiring many of its users to set up compatibility with this new platform.
Google Consent Mode V2 is an updated framework introduced by Google to help advertisers comply with European Economic Area (EEA) consent requirements. It allows websites to adjust how Google tags behave based on the visitor’s interaction with the consent banner. This means that tags can adjust their behaviour and respect users’ choices regarding their consent for cookies or app identifiers, aligning with the European Union User Consent Policy (EUUCP).
Who Is Impacted By This Update?
The primary people impacted by this update will be business owners in the UK or the EU who are using Google Ads, Google Adsense, or Google Analytics along with Google Tag Manager. If you are running ads and targeting EU and/or UK residents, you may also be receiving a nice little warning email from Google.
Do You Already Have A Cookie Policy & Cookie Consent Banner?
Any website that collects the data of a user visiting the site, must have a cookie policy. This can either be a dedicated page, or it can form part of your privacy policy. If your website does not use cookies, a cookie policy is not required. If your website does use cookies, then you must also have a cookie consent banner on your website allowing visitors to accept/decline cookies and specify their preferences.
If you don’t already have these essential policies and solutions set up on your website, you need to get them set up ASAP. These policies help website owners comply with privacy laws by providing specific disclosure requirements such as how their website collects, uses & discloses personal data. We offer a “done for you” website policy service which includes the setup & ongoing management of your Privacy Policy, Cookie Policy & Cookie Consent Banner.
How To Set Up Google Consent Mode V2 In Google Tag Manager
Regardless of which certified consent CMP (Consent Management Platform) you are using, the following will help serve as a general outline on how to get set up with basic Consent Mode V2 with Google Tag Manager. We would recommend locating the specific instructions from your consent provider, as each will have slightly different specifics on how to set up compatibility:
- Update your Google Tag Manager script on your website to the new consent mode V2 script. This will most likely be a copy/paste from this section of Google’s “Set up consent mode on websites” article.
- Create variables and triggers to ensure your certified CMP can communicate consent choices (granted/denied) to Google Tag Manager (GTM). This will depend on what third-party scripts are being fired through your GTM account. So for example if you load GA4 and Google Ads through GTM, you’ll be setting up a variable and trigger for each of these).
- Enabled Consent Overview (beta) – Although in beta, enabling/adding consent overview to your GTM account will help provide you with more insights when testing later on.
- Enable consent mode within your CMP – this will typically be a setting you simply enable with your third-party consent provider.
- Test – Using GTM’s Preview feature (TagAssistant), visit your website and test consent choices. Accept/decline all scripts and accept/decline individual scripts. The new “consent” tab within TagAssistant will help display to you whether or not consent settings are properly being captured and updated.
When Do I Need To Be Compliant?
To help our clients avoid having their Google Ads, Adsense, Analytics and/or Tag Manager accounts potentially shut down, we highly recommend our customers set up compatibility with this newly required platform as soon as possible. The deadline for implementing Google Consent Mode v2 is 6 March 2024.
How Can I Get Help Becoming Compliant With These New Policies?
To ensure compliance with the new Google Consent Mode V2 and align with the evolving regulations on cookie consent, users can leverage our website policies service to streamline the process. Our service will provide the following:
Policy Review and Update: Users can use our website policies service to review and update their privacy and cookie policies to reflect the requirements of Google Consent Mode V2 and other pertinent regulations. This involves ensuring that the policies clearly articulate the types of cookies used, the purpose of each category, and the mechanism for obtaining user consent.
Customised Consent Banner: Our website policies service sets up a customised consent banner that complies with the guidelines of Google Consent Mode V2. This includes providing options for users to selectively consent to different cookie categories, in line with the regulatory framework.
Cookie Management Tools: Through our service, we can integrate cookie management tools into your website that allow visitors to exercise granular control over their cookie preferences. This empowers website owners to respect user choices and manage cookie settings in accordance with the stipulations of Google Consent Mode V2.
Automatic Updates: Our website policies service is designed to stay abreast of regulatory changes and updates related to Google Consent Mode V2. Users can rely on our service to automatically incorporate any modifications required to stay compliant with evolving guidelines.
You can learn more about our Website Policies Service here, but please get in touch if you would like us to assist you with making your website compliant.
Do You Already Have An Infinity3 Care Plan?
For those clients on our “Maintain” or “Business” Care Plans, we will automatically update your website policies for you as this is included in the service. If you do not have, or only have a “Basic” or “Protect” Care Plan, you will need to contact us to arrange our Website Policies service for you.