Has GDPR Changed Google Adsense Requirements?

google adsense requirements

You’ve possibly found out how the General Data Protection Regulation will affect data collection, storage, and usage, but how will it affect Google AdSense?

Several Adword tools and features could cause GDPR-compliance issues and attract huge penalties. To avoid this, you need to understand the impact of the directive and take the necessary measures.


Do you want to learn how to use Google AdSense within the parameters of the GDPR?

In this piece, we’ll look at the GDPR and how it affects the use of Google AdSense inside and outside the EU and the European Economic Area (EEA).

We’ll also look at Google AdSense requirements for publishers and share some essential tips for GDPR compliance.

What’s GDPR?

GDPR is a new EU regulation established to harmonize data privacy regulations across the EU and reshape how data privacy affects companies that do business in Europe or EEA.

The GDPR came into force on 25th May 2018 to replace the previous Data Protection Directive 95/46/EC.

Under this regulation, you cannot collect, store, or use personal data of an EU or EEA citizens or residents without their consent. It applies to any organization that handles sensitive data of EU citizens or does business with Europe or EEA.

According to the Article 29 Working Party (WP29), failure to comply with the new regulation could lead to penalties and fines amounting to EUR20 million.

Violations could also carry criminal charges that could lead to a jail term.

What’s Sensitive Data According to the GDPR?

The GDPR states that sensitive data is any information that can be used directly or indirectly to identify the data subject.

Sensitive data include physical addresses, health-related info, biometric info, birthdates, emails, and demographic data.

Does the GDPR Apply to Your Use of Google AdSense?

Yes, it does. This is because Google AdSense uses personal data such as IP addresses to track people behaviors and interests.

AdSense also uses cookies, which, according to the Article 29 Working Party (WP29), can be combined with other data to identify a person.

Does the Regulation Affect Publishers Outside the EU?

Some interpretations of the new law are still vague, but one thing is clear: you don’t have to be based in Europe or the EEA to be affected by this new law.

If your site reaches European citizens and residents, then you need to ensure your use of AdSense is GDPR compliant. You may also need to update your site to ensure full compliance with the new regulations.

Do You Need to Comply?

To get an answer to this question, consider these questions:

  • How many visitors do you get from the EU and the EEA?
  • How many of those visitors see or click on personalized ads?
  • How much money can you lose if can’t serve personalized ads?

If the earnings you get from EU visitors are too high to let slide, then you need to start working on a strategy to ensure your site and your ads are GDPR compliant.

Have Google AdSense Requirements Changed?

If you’re a Google AdSense user, you’ve probably received a mail from Google encouraging you to do the following:

Link to Google’s Privacy Page

The Google Policy Team is encouraging publishers to add a link to Google’s privacy and terms page since this will:

  • Inform users how the tech giant uses data collected from sites or apps that depend on their products or services.
  • Educate users about Ad personalization.
  • Guide users on how to control the information collected by Google on these sites and apps.

Following this guideline is the first step towards GDPR compliance and making your business a success.

Deploy AdSense’s New APIs

Google is encouraging publishers to deploy the new AdSense APIs that are GDPR Compliant.

The new APIs are not just about being compliant with the new EU regulation; some will also help publishers catch up with the 2011 “cookie law.”

Read the EU User Consent Policy

Google will be enforcing the EU User Consent Policy, and they want publishers to read and understand everything about it.

The tech giant has also created a help page that provides more information about the policy. It’s advisable to read this policy.

In the mail, Google has also made it clear that publishers are not required to seek user consent for sites visitor’s activities on Google-owned websites. They’ve also made it clear that they are the data processors, and this means that AdSense publishers are the data controllers.

Google wants AdSense publishers to seek user consent before they collect or use data. Publishers violating Google’s terms are likely to be banned from using Google AdSense.

Tips for GDPR Compliance

If a majority of your ad revenue comes from the EU or EEA, here are a few things you can do to ensure you comply with GDPR when using Google Adwords.

Block Data Collection and Targeting in Google AdSense

By default, the settings on your AdSense are designed to pass information to Google about a visitor’s session–the post they engaged with, the keywords they searched, the time they spent on your site, etc.

Google and other ad tech vendors use this information to create and continually refine “interest-based profiles” that they use to target ads. Now that the GDPR is here, you’ll need user’s explicit consent to collect and use this information.

Google AdSense has some tools that allow you to block default data collection and targeting. Make use of them!

You also need to outsource SEO services from a company that understands the application of the GDPR. For example, this SEO company is one of the leading firms that can help to enhance your online presence, increase your brand awareness, and avoid GDPR-compliance issues.

Apply for Funding Choices

Funding choices were introduced to keep AdSense users from losing revenue due to the increased use of adblocks. But you can also use it to make your use of Google AdSense GDPR compliant.

The tool allows the site visitors to choose between paying a small fee or whitelisting the website site if they wanted to continue browsing the site.

Serve Your Consent Notices

If funding choices and other Google AdSense features don’t work, you can come up with your consent notices. To make this work, you’ll have to make some changes in your AdSense ad tags to:

1. Pause Ad Requests

This change means that an ad tag will have to wait for a clear signal before the ad request is sent. This change will be useful if you need to wait for a visitor to interact with a consent notice before firing ad request.

Will this change affect content loading?

No, it won’t because ad tags are asynchronous.

2. Serve Individualized Ads

This change will enable ad tags to issue requests for non-individualized ads if a visitor opts-out of individualization. It’s useful if you want to give your visitors a choice between individualized and non-individualized ads.

Ensure Your Data Privacy Policy Informs Visitors How You’ll Use Their Data

When coming up with your data privacy policy, make sure it states how you intend to use the data you collect using AdSense. Ensure everything in it is written in a clear and easy-to-understand manner.

You should ensure the data privacy policy answers the following questions.

  • Which companies are involved in collecting data about your visitors’ online activities?
  • What information is collected?
  • How will it be stored and by who?
  • How long will it be stored?
  • Can it be deleted?
  • How will it affect the data subject concerned?

Providing this information ensures the site visitors understand and give consent to use their data for the intended purposes. This protects you from GDPR-compliance issues.

Audit Your Data

Audit the data you’ve collected using AdSense, and make sure there’s no personal data that you’ve captured, stored, or sent to third parties without explicit consent.

After auditing your data, you need to develop a concrete strategy to ensure you collect, store, process, and send data using methods that meet the GDPR requirements.

Have a Prove That Consent Has Been Given

If a user agrees to online profiling and individualized ads, you need to have a record or a document that shows they gave consent. The file should also show how you obtained approval in a clear and understandable manner.

Take Advantage of the New Data Retention Controls in AdSense

The new data retention controls in Google AdSense will enable publishers to determine how long data is stored on Google’s servers. These new controls allow Google to automatically delete data older than the retention period that the publisher selected.

Publishers should also make use of the exciting data protection features available on AdSense.

If you use Google Analytics to track the performance of your AdSense, here is what you should do to ensure GDPR compliance.

  1. Ensure no Personal Identifiable Information (PII) is sent to Google Analytics
  2. Check your pseudonymous identifiers for PII
  3. Turn on the IP anonymization feature in the Google Analytics

Some of these changes will reduce the Google Analytics reporting accuracy, but at least you’ll have peace of mind knowing that your use of Google products and services is GDPR compliant.

Wrapping Up

GDPR will affect the AdSense world in some ways. Make sure you review the Google Adsense requirements and recommendations for GDPR compliance.

You should also follow the compliance tips we’ve highlighted above. Doing this will help you to prevent GDPR-compliance issues.

You can check out our recent SEO articles to learn more about GDPR and other interesting topics that can help to improve your digital marketing strategy.