GP - EU user consent policy
Hi guys,
I received an email:
Dear Publisher,
We want to let you know about a new policy about obtaining EU end-users’
consent that reflects regulatory and best practice guidance. It
clarifies your duty to obtain end-user consent when you use products
like Google AdSense, DoubleClick for Publishers, and DoubleClick Ad
Exchange.
Please review our new EU user consent policy
as soon as possible. This requires that you obtain EU end users’
consent to the storing and accessing of cookies and other information,
and to the data collection, sharing, and usage that takes place when you
use Google products. It does not affect any provisions on data
ownership in your contract.
Please ensure that you comply with this policy as soon as possible, and not later than 30th September 2015.
If your site or app does not have a compliant consent mechanism, you
should implement one now. To make this process easier for you, we have
compiled some helpful resources at cookiechoices.org.
This policy change is being made in response to best practice and
regulatory requirements issued by the European data protection
authorities. These requirements are reflected in changes recently made
on Google’s own websites.
Thank you in advance for your understanding and cooperation.
Regards,
The Google Policy Team
How exactly are we supposed to implement a mechanism for user consent?
I received an email:
Dear Publisher,
We want to let you know about a new policy about obtaining EU end-users’
consent that reflects regulatory and best practice guidance. It
clarifies your duty to obtain end-user consent when you use products
like Google AdSense, DoubleClick for Publishers, and DoubleClick Ad
Exchange.
Please review our new EU user consent policy
as soon as possible. This requires that you obtain EU end users’
consent to the storing and accessing of cookies and other information,
and to the data collection, sharing, and usage that takes place when you
use Google products. It does not affect any provisions on data
ownership in your contract.
Please ensure that you comply with this policy as soon as possible, and not later than 30th September 2015.
If your site or app does not have a compliant consent mechanism, you
should implement one now. To make this process easier for you, we have
compiled some helpful resources at cookiechoices.org.
This policy change is being made in response to best practice and
regulatory requirements issued by the European data protection
authorities. These requirements are reflected in changes recently made
on Google’s own websites.
Thank you in advance for your understanding and cooperation.
Regards,
The Google Policy Team
How exactly are we supposed to implement a mechanism for user consent?
Comments
I've created a ticket so we might look at adding a geographically restricted option for EU consent in the future, however we have no immediate plans to do so at this time.
While the EU users will get accustomed to this idiocy, the rest of the world won't know what the hell is happening, and they'll think that it's some kind of a spying thing (trust me, you can not believe how 'funny' some of the users are). The recommended message for us to include is:
"We use device identifiers to personalise content and ads, to provide social media
features and to analyse our traffic. We also share such identifiers and other
information from your device with our social media, advertising and analytics
partners."
This would drive me away instantly. So, what we are looking at here is another "GET ACCOUNTS" saga, where (when & while introduced) the earnings plummeted by 50% in a couple of days.
I think it's critical, that somehow this consent is limited to the holy folk of EU only. Otherwise, I'm sure, without a slightest doubt, that our earnings will fall badly (I predicted the fall with GET ACCOUNTS and I was not wrong, we predicted the fall in earnings when "Require several interactions before showing an interstitial ad" was temporarily removed, and it happened).
I kindly ask you to research this issue and see if there is a way to identify EU devices so only they see them. If there's anything I can do to help you, I will, whether you need man hours or anything else.
@lorne, please give this a bit more thought. Thanks.
Btw, I'll ask my account manager at Google what is her recommendation about this "EU user consent policy" and if it's anything useful, I'll report back.
I'm on a vacation, but I'll try to message my account manager tomorrow. The internet connections here are terrible and I'm away for most of the day anyway.
@lorne: On cookiechoices.org there is a sample code for the consent. Maybe we'd need it in Andromo as well? I guess that when Google will scan for this piece of code in apps they'll want to see it or else they'll think that the consent is not present.
Also, it's probably critical, that the consent is shown to EU users only. Otherwise we risk driving our other users away and a large increase in bad ratings. That will hurt our earnings and our business.
OK, I'll keep asking as well about the EU limit option and if I find anything useful, I'll let you guys know.
Thanks.
Your team managed it at ultra high speed, while many seasoned developers I follow still try to find out how.
Well done for it!
Personally, I will not use it until I get some notification a little bit more formal. Maybe a GP developer warning message or something.
Awesome as always! =D>
I just wrote to my admob account mgr and asked, if they could provide me with an example text for the basic google services. I will post, when I hear back from them.
@sylviathewitch: Nice to see you around.
The answers to got:
1/ I asked if the way of how we determine location and when to show the msg is ok:
" It looks good to me, the important point is that the message is being shown per session/user."
Per session? #confused
2/ I asked if, when using admob, disclosure only is good enough or if we need "disclosure and consent".
"Unfortunately we cannot advise on the message content and explicit Vs implicit consent for legal reasons: you can find everything on the official online material: http://www.cookiechoices.org/ "
Ok, not really helpful ...
Lorne, are you a 100% certain, that the use of admob does only requires "disclosure" = Implied?
Here
https://www.google.com/about/company/user-consent-policy.html
google always talks about "... and obtain consent to ..."
I only would like to make really sure, before starting to update any apps.
Just in case, that we need "disclosure and consent" for admob and/or other settings in the app, can you please add the feature "European Union countries only (uncheck for Worldwide)" also to the License Agreement?
@hendrixs: maybe you can check with your admob contact once again? As I said, my "real" contact isnt in the office until the end of August. My main concern is Does the use of admob requires "disclosure only" or "disclosure and consent"? Thank you :-)
Lorne's away at the moment, so he can't respond, but we've discussed the feature and I'm aware of all of the implementation details. At this point the only information we have to go on is the information in the links you've pointed to, and feedback that everyone's provided.
Our code is based on the Android sample shown on cookiechoices.org (with the addition of location detection). Their example is not session-based, nor does it show an accept/decline style of a dialog. It reads a flag as to whether or not the dialog has been shown already, and sets that flag when they close the message.
If anyone has any further information that says otherwise, your feedback is always welcomed.
@sylviathewitch: Now that you mention it, I'm starting to think, that I too won't get any specific text examples, because they all point us to cookiechoices.org website and to the "What do I put in my consent message?" part. I think they want to avoid giving "legal" advice.
However, I can ask her about the "Does the use of admob requires "disclosure only" or "disclosure and
consent" part.
Anything else, maybe, before I write the email? @lorne? @darryl?
Ok, I asked the admob rep again if admob requires disclosure only or disclosure and consent and here is the reply:
"For
the disclosure & consent piece, we recommend that all of Google’s
advertising partners get consent to cookies from EU visitors - so yes, I
would add both to be safe."
Can you simply please add the "European Union countries only (uncheck for Worldwide)" functions to the License Agreement as well?
This way we can choose to either obtain the consent or not.
Thank you!!
@hendrixs
Would be great to hear a second opinion from the admob team. Looking at the wording in the reply (be safe of WHAT? google? the EU? user complaint?), I don't have the feeling, that the admob rep is dead certain about this issue.
The information at http://www.cookiechoices.org/ uses the term "consent" everywhere however their code example is just a disclosure type, and is not an "Accept/Decline" style of a dialog.
We specifically made it a separate dialog based on that example code (instead of using our current license dialog). If they're saying that the example code is wrong, then we'll make the appropriate changes, but we really need to be sure about that before making any additional changes. So my suggestion when speaking to them would be for them to explicitly state whether or not that the example is incorrect or not.
I am pretty sure, that we will never hear an explicit "Yes" or "No" from google.
You saw, the first answer I received (for legal reasons ... bla bla)
Would it be so much additional work on your end to add the "EU check function" to the license agreement?
With this in place, we would cover every possible scenario.
Thank you very much for considering this!
http://support.andromo.com/kb/common-questions/eu-user-consent#implied-consent-vs-explicit-consent
@sylviathewitch
In the end we want what's available to be correct and follow their rules. Once a feature's added, it's difficult to remove/change in Andromo, and does throw a wrench into what has been already implemented. While I understand them not wanting to provide legal advise as far as the message goes, they should be able state whether the dialog is incorrect or not. I have to say, I'm not very confident given the hesitation in the rep's responses. Any type of update to Andromo is time consuming, so it's not something we like to do without good reason.
Q: Can you suggest how to phrase the consent message within an app?
A: Just like with the desktop and mobile web consent messages, it will
largely depend on your own uses of cookies and other information, and
the third party services you work with. However, we can give you some
pointers. Here is a sample message for an app:
“We use device identifiers to personalise content and ads, to provide
social media features and to analyse our traffic. We also share such
identifiers and other information from your device with our social
media, advertising and analytics partners. [See details] [OK]”
I'm thinking about using a "softer" versions of the recommended text, something like "We use Google AdMob and Google Analytics which use device identifiers to personalize ads and analyse the traffic. These identifiers and other information is shared with advertising and analytics partners."
What do you think? @anteos, @sylviathewitch? Anyone else?
1) I'm in the EU and if I check the "European Union countries only (uncheck for Worldwide)" option, I don't see the message. If I uncheck it, then I do.
2) Google recommends to add "See details" for further information (http://prntscr.com/8f3ps7). I did that via HTML link and when I click it, the app crashes. It crashes on my physical device and it crashes on Genymotion as well.
@lorne @darryl - what if you guys could add a URL form to Launch Notice (http://prntscr.com/8f3qjy) where we could add our Privacy Policy link? Or just make the HTML code work in the notice?
Thanks!
However, I plan to add a softer version as you did, when I implement it. After all, it is not us who collected the data.