back to article Google turns cookie monster on AdSense, DoubleClick clients

Google has warned its AdSense and DoubleClick customers to sort out their cookie tracking policies before the European Commission gets pissy with them. In a blog post published on Monday (July 27) by Jason Woloz, the Chocolate Factory’s security and privacy programme manager for display and video ads, the search monster said …

  1. bigtimehustler

    Except that if your running a tiny little website, and you are not based in the EU, are you really going to care? It's not like the EU is going apply to extradite you to charge you and its not likely they are going to start blocking thousands of tiny websites either.

    1. Ben Tasker

      No, but you probably will care if Google decides they're not going to take the (potential) risk of serving ads on your site. If they decide the site isn't compliant with their policies, that's the logical outcome - though somehow I doubt Google are going to bother auditing in order to deliberately cut off some (albeit small) part of their revenue stream.

      It's much more likely that they've sent out the notification so they can tell the commission they've pointed it out to publishers, and the responsibility therefore rests with the individual publishers.

      1. Matt Langley

        They will cut you off if you don't comply.

        Google will simply cut you off if you don't apply. The cookie code is served as part of their ads, so it's them that are liable.

        I suspect that the EU have pointed this out to them, and Google generally take a precautionary approach when dealing with publishers. It's cheaper.

        I was contentiously objecting because it is an absurd statement of the standard browser functionality, and negatively impacts on user experience, and for small content sites, the cost of determining whether a user is in Europe or not is prohibitive. I guess I'll have to annoy my users with a stupid paranoia inducing 'consent' form now, and find someway to block them that doesn't involve cookies if they decline.

        Stupid law, passed by idiots bent on making EU citizens second class citizens of the net.

  2. Phil O'Sophical Silver badge

    “informed, specific, freely given and must constitute a real indication of the individual's wishes.”

    Typical bureaucratese, and the EU seems to accept that a popup that says "we use cookies, go away if you don't like it" is OK? That's what they really need to fix.

    1. Anonymous Coward
      Anonymous Coward

      That's what they really need to fix.

      Why? You have some god-given right to use their website? As long as you're given a clear and full description of the cookies they use and how they use them then I can't see the problem with them saying "don't use our website if having read this explanation it's likely to cause you any anxiety or nightmares".

      1. DropBear
        FAIL

        "Why? You have some god-given right to use their website?"

        Hey, neat idea! Do you mind if I steal and adapt it as "Hey, we're going to pollute the heck out of this planet - if you don't agree please don't use it: find a different one!"...?

        1. Ben Tasker
          FAIL

          Hey, neat idea! Do you mind if I steal and adapt it as "Hey, we're going to pollute the heck out of this planet - if you don't agree please don't use it: find a different one!"...?

          That's a terrible analogy. A website setting cookies is equivalent to pouring oil into the sea and filling the atmosphere with carbon and methane? Really?

          He's right, a website can set whatever they want, so long as they give you (the consumer/reader) the information required to decide whether you're willing to accept those terms. I agree the "we set x cookies, tough shit" style banners aren't quite in the spirit of the law, but then a banner that says "we set x cookies -> accept, deny" would be no different if the result of clicking "deny" was that you get redirected off the site - it'd be closer to the spirit of the law though.

          There are altogether too many 3rd party services being called from pages nowadays IMO, but it's not just the cookies that are the issue, it's the overall behaviour of those parties. The argument should be about the behaviour and not a specific mechanism, if advertisers switched to using Local Storage instead of cookies, they'd bypass the law and still be capable of the same thing....

      2. Phil O'Sophical Silver badge

        You have some god-given right to use their website?

        Not at all, but the the current message is simply a pointless waste of screen estate. I know of no large website that doesn't use cookies. It's just politicians doing something useless so they can be seen to be doing something, with our money.

        1. Julz

          Well wordpress seems to be used on ~1/4 of all websites (http://w3techs.com/technologies/overview/content_management/all) and it relies on cookies but doesn't explicitly ask; perhaps wordpress need to change...

    2. sabroni Silver badge

      re: “informed, specific, freely given and...

      ... must constitute a real indication of the individual's wishes.” Typical bureaucratese? Sounds like an accurate description of what consent means to me.

  3. Pseu Donyme

    The trouble with Google is that their business model - pushing targeted ads where targeting is based on personal profiling without consent - is at odds with privacy and hence any decent data protection laws. What they are trying to do here is circumvent the EU law's spirit with an interpretation of its letter such that they'd be allowed to carry on as they were, when the only real solution would be dropping the offending business model based on the (non-existent) US law.

    1. The First Dave

      As the owner of a very small website that just about covers its costs by running Google adverts, I'm not at all impressed.

      _I_ don't set any cookies at all - no tracking etc. - but Google does, as part of showing adverts.Personally I'd rather turn off their cookies, even if it cost me a little money, but instead I'm being told that unless I put up a message on my site I may be chased by both Google and by the EU

      But neither side will tell me what that message needs to say...

      1. Indolent Wretch

        Well targeted ads raise "much" more revenue than untargeted ones, would you prefer having the cookies and getting your current revenue or removing the cookies and google paying you a fraction of it.

      2. graeme leggett Silver badge

        "But neither side will tell me what that message needs to say..."

        Something along the lines of.

        "This website uses cookies so that the adverts (and it's Google that decides what they are not me) that appear while you are reading it should be relevant to you. That means that I get paid more for including those ads, which means I can afford to let you read this stuff for free.

        If you are not happy with targeted ads, then you are welcome to go and look at other websites, perhaps they've got what you want. I'd like to make an exception - I'm certain you're a nice person - but website hosting costs money."

  4. itzman
    FAIL

    Cookies now non negotiable...

    Most websites that are useful these days seem to depend on being able to set cookies - deliberately one assumes..

    That's the result of all this cookie legislation. Instead of 'we use stealth cookies that you can disable if you are smart' its now 'we have made cookies mandatory for the operation of this site, and if you don't want to let us set them, you cannot use our site'.

    1. auburnman

      Re: Cookies now non negotiable...

      Yeah it's a pretty bad own goal for the EU here. Worse, once the general public is attuned to tolerating these sort of extra conditions for site access, along will come "Turn off AdBlock or GTFO."

      1. John Brown (no body) Silver badge

        Re: Cookies now non negotiable...

        "Turn off AdBlock or GTFO."

        There are already sites which do that. I can't remember where I last saw since I never went back.

    2. Boothy

      Re: Cookies now non negotiable...

      You should still be able to use the site without cookies, just some of the functionality (visible or hidden) might not work, or at least might not work as well as it should.

    3. Charlie Clark Silver badge

      Re: Cookies now non negotiable...

      The law already makes a clear distinction between cookies that are necessary, because they provide state and for which consent isn't required, and ones that aren't necessary, such as ads, which do. Any web developer worth their salt knows the difference.

    4. Orv Silver badge

      Re: Cookies now non negotiable...

      Among other things, cookies are the normal way of doing session tracking for sites that require logins, so you don't have to log in on every page. There are other ways to do it (like passing the session key as a parameter in the URL) but they're uglier and sometimes less secure.

  5. Anonymous Coward
    Anonymous Coward

    Accept or go

    My website, cost of access is accepting cookies. EU legislated for the wrong thing, but I am just annoyed there is no standard config for "kill the stupid popups, I don't care about law-abiding site's questions".

  6. ratfox

    I wonder how many people actually care about the fact that they are tracked with cookies. Certainly, it feels like the we-use-cookies popups are being either ignored or clicked without much attention.

  7. This post has been deleted by its author

  8. incloud

    Google should stop passing the buck, and support Do Not Track

    As a site must obtain a user's consent before doubleclick.com or google.com cookies are placed or used (to at last comply with the 2009 e-privacy directive), how is that consent signalled to Google so the cookies or other tracking techniques are not used?

    Surely the only way to do this reliably and transparently is to use the W3C recommended DNT (Do Not Track) signal.

    Designed to communicate a user's choice not to be tracked, this recommendation also describes the reciprocal signal DNT:0, set via server placed JavaScript, in order to communicate a user's "freely given, specific, and informed" consent to be tracked across multiple domains, i.e. from a first-party site to its embedded third-parties..

    The agreed wording for the definition of "tracking", after much argument and deliberation between all parties including representatives of the on-line advertising industry and Silicon Valley companies is:

    "Tracking is the collection of data regarding a particular user's activity across multiple distinct contexts and the retention, use, or sharing of data derived from that activity outside the context in which it occurred. A context is a set of resources that are controlled by the same party or jointly controlled by a set of parties."

    Instead of leaving the mess for its AdSense customers to deal with, when will Google finally agree to respect the Do Not Track signal?

    1. Doctor Syntax Silver badge

      Re: Google should stop passing the buck, and support Do Not Track

      Just this.

      The thought that was running through my mind when reading the article is that this is what DNT is for. Insist that sites respect DNT and you really shouldn't need to bother with working out suitable texts.

    2. Charlie Clark Silver badge

      Re: Google should stop passing the buck, and support Do Not Track

      Do Not Track Does Not Work.

      1. Anonymous Coward
        Anonymous Coward

        They wouldn't have a buck to pass

        If they support DNT, given that some browsers make it the default, they'd lose a lot of revenue being unable to identify users. They will never support DNT. The most they'll do is support something that requires a lot of work for users to enable, and can't be done via default, so few will do it.

  9. Anonymous Coward
    Meh

    I guess it comes to how you implement

    On my site, you have the banner to accept or decline with a link to what we use them for (stat's mainly.

    If you accept, you get the option to turn it of again if you want.

    If you decline 90% of the site works fine, some bits don't work, but nothing major.

    Unlike The Reg that sets them if you want them or not and puts in a banner saying, we've set them so tough shit.

    There is a "good" way and a bad"way. Take your choice.

  10. Anonymous Coward
    Anonymous Coward

    Good time to start phasing out tracking ads

    The key new requirement is you must get consent before the first ad sets a cookie - so that's either a blocking popup, or no Google (or similar) ads on the first page, for EU visitors.

    I looked at my stats. For a general-purpose site in English, I get 12% of revenue from the EU (half of that is UK), and it's falling. India and the rest of Asia is where the growth is (almost entirely mobile as well). (The US is down to 25% of revenue and falling).

    So I'm going to check the country of the user when they arrive. If they're from the EU, don't serve them any Google Adsense (or similar cookie-setting) ads. There are some alternatives ads (especially for the UK). Yes, I'll take a hit on income, but as there will be some income from the alternate ads it'll be below 10%, and a better user experience.

    The only other thing that sets cookies is Google Analytics, so it's time to remove that as well.

    End result: no need for a cookie popup or banner, a faster site for some users, and a gradual move away from relying on cookie-setting ads (which we'll all have to do in the next few years anyway, it's time to start).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like