You have no doubt seen the blizzard of announcements from Google – updates covering the General Data Protection Regulation (GDPR) and the e-Privacy Directive. These include their new EU User Consent Policy, support center documents and FAQs.
Google of course has worked to ensure their own conformance and while claiming to have done the same for their publishing and advertising customers and partners, gaping holes remain. On a macro level, these are evidenced by the new tensions between Google and France’s media and advertising industries following Google’s last-minute changes to its GDPR policy which caused havoc in the European ad market. These have now escalated to the point where the French media plan to meet with government over Google-GDPR concerns.
What you need to know specifically however, with respect to AdSense, is that it can be configured to use both behavioral and contextual targeting but that the default is behavioral. In other words, Adsense by default collects information on an individual’s web-browsing activity to select which advertisements to display to that individual. The data captured is not only accessible by you but of course by Google, as well some 199 Google partners.
So if you have relied on Google to take care of this, they have not. It’s down to you to configure your own use of Adsense to ensure you are conforming to GDPR regulations. And take it from me; that’s no small task to get right:
- In addition to disclosing all the other businesses that potentially have access to personal information and getting consent to record it, you also have to provide a way to revoke that consent, and a way to delete all that information on demand. In other words, to become GDPR compliant, you need to implement additional new features that allow users to delete their personal information such as their email address along with any links or other information the consumer wants removed. In essence allowing the consumer to be “forgotten”. This is not easy to do.
- Then, if you use plugins for tools such as marketing automation, customer support or chat widgets, etc. you will have to go through this whole process again with each of these products to again give consumers a way to delete their personal information and all other data such as support tickets.
In totality, it’s a huge amount of work. Getting the initial consent up front is trivial by comparison!
That said, there can be a severe revenue hit using contextual over behavioral targeting, especially if your business is primarily EU based. Behavioral targeting can double or triple ad revenues or more. So even with GDPR, behavioral targeting can be critical for the very survival of many businesses. If you choose to take this route, I would urge you to undergo a data mapping exercise to understand what personal data you capture, how it flows through your systems and how it is used. You can then take the necessary steps to cover any GDPR requirements that are uncovered. Until this exercise is complete, I would recommend you switch your Adsense default to use contextual targeting. Though painful, it’s the only way you can guarantee that you don’t run afoul of the regulations.