Google expands EU user consent policy to Switzerland from July 31, 2024

Google has announced that beginning on July 31, 2024, its EU User Consent Policy will be extended to include users in Switzerland. 

How to apply EU user consent policy

When your contract with Google includes this policy, or you use a Google product that incorporates it, you must provide specific disclosures to and obtain consents from end users in the European Economic Area (EEA) and the UK. If you do not follow this policy, Google may limit, suspend, or terminate your access to their product and agreement.

Responsibilities for your properties

For Google products used on any website, app, or other property controlled by you, your affiliates, or your clients, the following obligations apply to end users in the EEA and the UK:

1. Obtain lawful consent from end users for:

• The use of cookies or other local storage where required by law.
• The gathering, sharing, and utilization of personal data for advertising personalization.

2. When requesting consent, you must:

• Keep records of the consents granted by end users.
• Offer clear and straightforward instructions for end users to withdraw their consent.

3. You must also:

• Transparently identify all parties that may collect, receive, or use end users' personal data due to your use of a Google product.
• Provide prominent and easily accessible information about each party’s use of the personal data.

Policy Background and Application

This policy aligns with the requirements of the General Data Protection Regulation (GDPR) and the ePrivacy Directive, as well as equivalent UK laws. These laws apply to end users in the EEA, which includes EU Member States, Iceland, Liechtenstein, and Norway, as well as the UK.

To sum up

Google ensures compliance by conducting reviews of sites and apps that use their advertising services. Reviewers visit a site or app as a typical consumer would, examining the provided information and obtained consents.

Google prioritizes working with partners to achieve compliance. If a partner is found to be non-compliant, Google will initially reach out to highlight the issue and work towards compliance. If the partner fails to engage or demonstrate good faith efforts within a reasonable timeframe, further actions, including account suspension, may be taken.

Starting January 16, 2024, publishers serving ads to users in the EEA and the UK must adopt a Certified Consent Management Platform (CMP) to comply with this policy. Google will continue to audit publisher partner sites and apps utilizing a Certified CMP. For a sneak peek at the updated policy, click here. 

With Stape and server-side tracking you can ensure that your data collection is more accurate, secure, and compliant with privacy regulations. 

We have detailed blog posts on:

• Consent mode in server Google Tag Manager
• Google Consent Mode V2
• Consent Settings for server GTM tags
• Server-side consent management with sGTM and Cookiebot
• The smart way to anonymize user data and use consent mode in Google Analytics 4 using GEO headers

You can also start using Stape EU hosting to keep your data within the European Union, ensuring compliance with regional data protection laws and reducing latency for your European users.