The Impact of Google’s New EU User Consent Policy
June 29, 2015 – Todd Ruback
New Policy Requires Compliance with EU ePrivacy Directive for Sites and Apps
To be clear, I’ve long been a fan of companies like Google that have pushed the boundaries of convention and led in many categories of software innovation. Its wild commercial success, while enviable, has also resulted in a high level of regulatory scrutiny, which in turn leads it to making decisions carefully and with deep deliberation. It’s significant therefore that on Monday, July 27th, Google announced a new user consent policy affecting website publishers whose sites or apps are accessed from the EU. This new policy states that sites and apps using Google’s products will have to comply with the ePrivacy Directive, commonly known as the “cookie law,” by giving notice and obtaining consent for any data collection, sharing, and usage occurring from the use of Google’s products.
This announcement is important for a few reasons. First, it is yet more evidence that enforcement of the ePrivacy Directive is a priority issue for EU regulators. Second, Google, as a third party on websites and apps, is setting clear expectations for its clients to comply with the law. While Google didn’t expressly state the consequence if a website publisher fails to comply with the ePrivacy Directive, one can speculate that it won’t be in Google’s interest to be on that site. Third, this announcement highlights the fact that in order to be transparent an organization must first know what third parties are on their sites and apps. Digital intelligence is no longer a trend, it is an expectation.
What to Do
Evidon’s suite of privacy tools includes EU Site Notice, App Notice, and MCM, all of which empower websites and apps with the intelligence to make meaningful and transparent disclosure and obtain consent. We recommend deploying all or some of these tools without delay to avoid regulatory scrutiny.
EU Site Notice, the gold standard of transparency tools in the EU, was built specifically for compliance with the ePrivacy Directive. Whether you want to deploy an express or implied notice and consent, this transparency tool is flexibly architected to help you provide meaningful notice and obtain consent pursuant to regulatory expectations.
App Notice, our newest privacy tool, is the first-to-market solution for apps to comply with the ePrivacy Directive through our notice and consent platform.
MCM is used widely by websites to see not only the invisible activity happening behind the scene, but also the interrelationship between the authorized and unauthorized parties on the sites. The tool is integrated with Site Notice, our transparency disclosure tool, to automatically populate your disclosures with new trackers on your site or your app, and also alert you to new parties on your site or app so you can impose the controls you deem appropriate.
Google’s policy announcement is a significant event in the privacy world and should not be understated. Contact Evidon as soon as possible to discuss how we can help your organization comply with the ePrivacy Directive. I can be reached at todd@evidon or you can learn more about our company and products at evidon.wpengine.com.
Todd Ruback, Esq., CIPP-US/E, CISP
Chief Privacy Officer