Published in: CCPA

Google CMP Requirements: What Ad publisher must know!

Published on: 12/01/2023

Businesses often sell their customers’ personal information to marketers without getting consent from them, including their age, gender, likes, hobbies, and place of education.

Marketers then use this data to display customized advertisements to customers.

While this seems harmless, privacy rules like the CCPA and GDPR were put into force because personal information about an individual is being traded like a commodity.

These laws must be strictly complied with; failing to do so can have dire consequences, as demonstrated by the Cambridge Analytica case, in which 50 million Facebook accounts were used for psychological profiling to help then presidential candidate win the 2016 election.

This evident violation of Facebook users’ consent was carried out without their knowledge.

It was reported that Facebook had to pay a $633,000 fine for this breach.

For this reason, a robust consent management system is essential for any business planning to process customer data.

Google announced changes to its ad network on May 16, 2023, to stay updated with the Data Privacy regulations and provide its customer’s personal data with utmost privacy.

The new requirements include that any company running advertisements on Google’s network or any publisher using Google products such as Google AdSense, Ad Manager, or AdMob in the UK or the European Economic Area must have a consent management platform (CMP) consent signal.

Furthermore, Google will mandate that the CMP in use has Google certification.

In this article, we break down why Google introduced this change, what this means for your business, the new requirements, how you, as a publisher or your business, can comply with the recent changes, and how we can help you.

What is a Consent Management Platform (CMP)?

As their name suggests, consent management platforms (CMPs) manage user consent on websites to collect and use personal data, usually via cookies and third-party trackers.

Most data privacy laws control how websites, companies, organizations, governments, and the like are permitted to collect and use personal information about individuals.

The General Data Protection Regulation (GDPR) of the European Union and the California Consumer Privacy Act (CCPA) are the two most notable examples.

Websites can use various consent management platforms with unique technology for managing user consent to ensure compliance with data privacy rules.

Why do you need a CMP?

Locating and managing cookies and trackers on your websites without a consent management platform may be challenging.

72% of cookies are hidden as “trojan horses” by other trackers.
Eight other cookies may load 18% of the cookies, which hide even further within other trackers.
After visitors visit your website repeatedly, 50% of trojan horses will change.

Why did Google make changes to its requirements?

This follows the release of the most recent version (v2.2) of the Transparency and Control Framework (TCF) by IAB Europe, harmonizing stricter consent requirements for companies.

IAB TCF 2.2 changes include the following:

The legal basis of “legitimate interest” is no longer recognized for consent to personalization (ads, content, profiles).
Standardized data retention durations will be applied to third-party vendors.
If users want to change or withdraw their consent and preferences, they must have easy access to the CMP.

Google ensures that all businesses on their platform maintain compliance with IAB TCF and deliver consumers with tailored experiences that prioritize privacy by imposing a certified CMP requirement on those using Google Ads.

What does this mean for your business?

Businesses or Publishers that target European audiences with Google search, display ads, or other advertisements on the Google network must ensure they have a certified consent solution.

This certification is given to CMP providers who meet several conditions, including compliance with IAB Europe’s Transparency and Consent Framework (TCF) v2.2.

While you wait, your company should consider how consent data might support other marketing campaigns and how a consent management system might fit into your present IT stack.

This new requirement may provide your company the push it needs to fully profit from consent management solutions, which offer the following advantages:

Recognizing every cookie and tracking technology on your website.
Offering your clients, the transparency and authority they should possess over their data concerning profiling and targeted advertising.

Now the question comes, what exactly does this mean for you as a publisher or your business?

You must get consent before serving ads to users, especially those in the UK and the European Economic Area (EEA).
It won’t work anymore like previously, showing a simple pop-up presenting your privacy statement or terms of service.
You will subsequently be required to use a platform that Google has approved, such as PrivacyPillar.

What can you do to comply?

Let’s begin by defining a Consent Management Platform (CMP) for those unfamiliar. An aggregate of software reviews, G2, states that a Consent Management Platform needs to:

Notify users of the types of data processed, the specific entities processing them, the reasons for the processing, the legal basis, and any other legal requirements mandated by various privacy laws.
Provide a dashboard where users can consent, decline, or withdraw consent.
Granular consent records should be created and shared with organizations that depend on CMP data, such as publishing and advertising partners, to facilitate monetization and demonstrate lawful data processing.

A CMP assists companies in being transparent with users regarding the types of data they collect, where they store it, and how they use it.

Conclusion

PrivacyPillar, a Google certified CMP, helps businesses stay in line with changing privacy standards by promoting a transparent and user-centric approach and ensuring legal compliance.

Google’s proactive approach to changing data privacy laws is shown in the ad network modifications that took effect on May 16, 2023, which require all Ad publishers to be compliant with Google certified Consent Management Platform (CMP) by January 16, 2023.

This means a move toward transparent data practices and adhering to IAB TCF 2.2 for companies marketing to European consumers.

PrivacyPillar makes sure your company strikes a balance between personalization and privacy.

Signup with PrivacyPillar today and get a FREE TRIAL of a Google certified CMPs that makes your complicated compliance work easy.

Consent Management Platform

Consent Management Platform

Explore our entire suite of webtools designed to keep your data safe, and your business in compliance

Cookie Consent

Consent Preference

DSAR Management

Social Fortuna

GDPR (EU)

CPRA / CCPA

VCDPA (Virginia)

PIPEDA (Canada)

IAB TCF v2.2

CPA (Colorado)

CTDPA (Connecticut)

LGPD (Brazil)

DPDPA (India)

PDPL (Saudi Arabia)

Ecommerce

Automotive

Healthcare

Fintech

Chambers of Commerce

Blogs

Insights Newsletter (Coming Soon)

Cookie Scanner & Site Audit

Privacy Policy Generator

14 Day Free Trial

About Us

Partnership Programs

Contact Us

Careers

Help Center

FAQs

Our Latest Blog

Send a message.