If your website or app uses Google services such as Google Analytics, AdSense, Ad Manager, or Google Ads, you must understand and implement Google's EU user consent policy.
Google's EU user consent policy sets the requirements for responsible data management in digital advertising and data privacy compliance requirements for businesses using Google advertisement products in the European Union (EU), European Economic Area (EEA), the United Kingdom (UK), and Switzerland.
The article explains what Google’s EU user consent Policy is and how websites that have received a noncompliance notice from Google can use a Consent Management Platform (CMP) to enable compliance and continue using Google ad products.
What Is Google's EU User Consent Policy?
Google’s EU user consent policy is a document that sets data privacy compliance requirements for publishers and advertisers operating in European Economic Area (EEA), the United Kingdom (UK), and Switzerland to obtain valid user consent before storing cookies or other trackers on a user’s device or collecting their personal data.
The policy aligns with the requirements set by the main European privacy laws: the General Data Protection Regulation (GDPR), the ePrivacy Directive, and the UK’s DPA 2018.
Google introduced the EU user consent policy in 2015, which was updated on May 25, 2018, when the GDPR became effective.
Read the Google's guide on the EU User Consent Policy.
Who does Google’s EU User Consent Policy Apply to?
The Google EU user consent policy applies to businesses that collect data of users located in the European Union (EU), European Economic Area (EEA), the United Kingdom (UK), or Switzerland, and the businesses use Google products that incorporate the policy.
The following Google products incorporate the EU user consent policy include:
- Google Analytics
- Google Ads
- Ad Manager
- AdSense
- AdMob
Other Google products that incorporate this policy are the following ones:
- Google Maps
- YouTube API
- reCAPTCHA
- Blogger.
Thus, you must comply with Google's EU user consent policy if you use any of these Google technologies on a website or app.
Google EU user consent policy is particularly relevant for:
- Global Websites and Apps
Any website or app that is accessible to users from the EU, EEA, the UK, or Switzerland, regardless of where the business is based, needs to comply with these policies. - Digital marketers and advertisers
Marketing agencies using advertising tools like Google Ads, Google Analytics, or any other third-party tools, must comply with the EU user consent policy to legally target or analyze the user ad personalization from the EU, EEA, the UK, or Switzerland. - E-commerce platforms
Online retailers and e-commerce platforms that offer goods or services to users from the EU, EEA, the UK, or Switzerland must adhere to these regulations, as they often process user data for personalized advertising or transactions. - Content publishers using ad networks
Publishers and developers who monetize their sites through advertising tools such as Google AdSense, Ad Manager, or AdMob, and collect user data for personalized advertising must also comply with the policy.
Google’s EU user consent policy also applies to businesses located outside the EU, EEA, or UK. If businesses have end users located in these regions, they must comply with the policy, regardless of where the business that collects their data is based.
Note that if you use data from a third party that uses Google products, you must ensure that the third party complies with the policy.
Audits and Enforcement of Google’s EU User Consent Policy
Google conducts periodic reviews of sites and apps that use Google products. It carries out the following checks:
- Presence of a cookie notice
Does the site have a clear cookie notice asking for user consent? - Explicit consent
Does the site require users to give clear affirmative Cookie Consent? - Data collection
Does the cookie notice inform users that their personal data is collected to serve personalized ads? - Data usage information
Does the consent notice link to Google’s Business Safety site? - Respect user choices
Does the site respect user choices? If users reject all types of cookies, are all cookies and other trackers blocked and do not collect any personal data? If users grant granular consent, does the site set the right cookies?
What Happens if I Don’t Comply with the EU User Consent Policy?
Google ensures compliance by scanning websites that use their products. If your website or app fails to comply with the EU user consent policy, Google will issue a noncompliance notice and ask to make changes to ensure compliance within 60 days.
Google’s Policy team performs regular checks and sends customers reminders every two weeks to fix the issue.
If your website or app fails to ensure compliance within set time, Google takes further actions, such as limiting or blocking Google products.
Failure to comply with Google’s EU User Consent Policy can result in:
- Limited functionality or even blocking Google products, such as ads or analytics.
- Revenue loss due to personalized data lacks. Google restricts building new user lists and restricts existing user lists globally. This prevents remarketing.
- Measurement restriction. Google restricts data collection and conversions for EEA and UK users.
- Potential legal risks if non-compliance also violates the GDPR.
Non-compliance with the GDPR could lead to huge fines. Penalties can be up to €10 million or 2% of the company’s global annual revenue for the preceding financial year. For repeat violations or more severe breaches, penalties may reach €20 million or 4% of global annual revenue, whichever is higher.
Download the GDPR compliance list and ensure your website compliance:
Compliance Checklist for Google’s EU User Consent Policy
To ensure compliance with Google’s EU User Consent Policy, follow this practical checklist:
- Implement a consent mechanism (banner)
The easiest way to inform users about their data collection and get consent is through a cookie banner. Implement a Cookie Banner on your website or app.
Use a Cookie Banner provided by a Google-certified Consent Management Platform (CMP). - Obtain legally valid user consent
Only explicit cookie consent is legally valid under the GDPR, meaning that users must actively agree to the collection and use of their personal data.
Consent should be freely given, specific, informed, and unambiguous.
Provide a Cookie Banner to collect consent before running any cookies or other trackers.
Allow users to accept, reject, or customize consent preferences. - Respect user choices
If users reject cookies on the cookie notice, your website or app must block all cookies and other trackers and not collect any personal data. Respect granular user consent. For example, if users grant only functional cookies, set only functional cookies on users’ devices. - Keep consent records
Retain detailed records of how and when consent was obtained from users.
Google requires businesses documenting the text and consent choices presented to users, and the date and time when users gave their consent. - Make it easy to withdraw consent
Inform users about how they can withdraw their consent to collect their personal data.
Make it easy to withdraw consent at any time and without any explanation. - Be transparent
Clearly explain why you use cookies, local storage, session storage, or other trackers.
Clearly explain if you collect and process users’ personal data.
Disclose the reasons why you collect personal data (e.g. for personalized ads, analytics, etc).
Provide a link to your Privacy Policy or Cookie Policy from the consent banner. - Identify third parties
Inform users whether you share their data with third parties.
List all third parties (vendors) that will receive or process personal data, including Google and other ad tech providers.
Link to the Google Ad Technology Providers (ATP) list if you're using Google Ad products. - Use a Consent Management Platform
Use a Consent Management Platform (CMP) that is GDPR-compliant.
Use a CMP that is integrated with Google Consent Mode v2. In 2024, Google introduced Google Consent Mode v2, which requires valid user consent signals before serving personalized ads.
Use a Google-certified CMP. Google certifies CMPs, and only Google-certified CMPs can send Consent Mode v2 signals to Google. - Integrate GTM with consent management
Google Tag Manager (GTM) can be very helpful for your compliance efforts. It allows you to manage when your site’s tags are fired based on user consent. Use GTM’s Consent Mode to configure your tags to fire only when users have consented to the cookies.
Implement Google Consent Mode v2 to send accurate consent signals to Google services.
Pass consent values using the appropriate APIs (gtag, gtm, or your CMP integration). - Perform regular updates
Update your policies and CMP as privacy laws or Google requirements evolve.
Audit your implementation every 6–12 months or after major changes.
An example of a CookieScript Cookie Banner with granular Cookie Consent options.
How Can CookieScript Help Enable Compliance with Google’s EU User Consent Policy?
Google requires using a Google-certified CMP, included in its list of certified partners, to comply with the EU user consent policy.
CookieScript CMP has all the functionalities needed for compliance with the EU user consent policy:
- CookieScript is a Google-certified CMP, included in the list of certified partners.
- CookieScript received GOLD Tier in the new Google Tiering System.
- GDPR-compliant consent mechanism.
- Explicit and granular Cookie Consent options.
- Full consent banner customization.
- Powerful Cookie Scanner, detecting cookies, local storage, session storage,, and other website trackers.
- Integration with Google Consent Mode v2.
- Integration with Google Tag Manager and Google Analytics.
- Integration with IAB TCF v2.2.
- Partner programs for Agencies and Affiliates.
In 2024, users ranked CookieScript CMP on G2, a peer-reviewed website, as the best CMP for small and medium-sized companies.
Frequently Asked Questions
Why does Google have the EU User Consent Policy?
The policy reflects certain requirements of European privacy laws: the General Data Protection Regulation (GDPR), the ePrivacy Directive, and the UK’s DPA 2018. To comply with these laws, Google sets requirements for its product’ users. This policy applies to end users located in the EU, EEA, the UK, and Switzerland. CookieScript, a Google-certified CMP, allows websites to comply with the policy.
Do I need to comply with Google’s EU User Consent Policy?
If your business collects data from users located in the EU, EEA, or the UK, and uses Google products such as Google Tag Manager, Google Analytics, Google Ads, Ad Manager, AdSense, and AdMob, you must comply with the policy. To comply with Google’s EU User Consent Policy, use CookieScript, a Google-certified CMP.
How does Google ensure compliance with Google’s EU User Consent Policy?
Google scans websites that use their products. If your website or app fails to comply with Google’s EU User Consent Policy, Google will issue a noncompliance notice and ask to make changes. If you fail to ensure compliance within a reasonable time, Google might limit or block its products. CookieScript, a Google-certified CMP, allows businesses to comply with the policy.
Do I need to comply with Google’s EU User Consent Policy if I use YouTube videos on my site?
Yes. In addition to ads and measurement products, Google incorporates this policy in YouTube API, Google Maps, reCAPTCHA, and Blogger. If you embed YouTube videos on your site, you need to comply with Google’s EU User Consent Policy. Use CookieScript CMP to comply with the policy. It is a Google-certified CMP, integrated with Google Consent Mode v2 and IAB TCF v2.2.
My consent banner was flagged as non-compliant by Google audit. How to resolve this?
Google sends instructions for complying with the policy. It encourages advertisers to work with the Google-certified CMP partner, integrated with Google Consent Mode or the IAB TCF v2.2 to solve the issue. Use CookieScript CMP to comply with the policy. It is a Google-certified CMP, included in the list of Google-certified CMPs, and is integrated with Google Consent Mode v2 and IAB TCF v2.2.
My website is not based in Europe. Does Google’s EU User Consent Policy apply to me?
Yes, if you use Google products that incorporate the policy (Google Tag Manager, Google Analytics, Google Ads, Ad Manager, AdSense, and AdMob) and have end users located in the EU, EEA, the UK, or and Switzerland, you also need to comply with the policy. Use CookieScript, a Google-certified CMP, to comply with the policy.