How Swiss Companies Can Comply with Google’s New Ad Consent Policies

An important update is coming for Swiss businesses that use Google Ads as they will need to follow Google's new consent requirements for obtaining users’ consent. Starting July 31, 2024, new rules will ensure users understand and agree to how their data is used for advertising. These rules are similar to those in other European countries and aim to give users more control over their data. In essence, you'll need to get user permission for two things: using cookies on their devices and using their information to personalize ads.

We have discussed this change in an associated blog post where we explained what this means for businesses in Switzerland who wish to continue using Google’s advertising services, such as AdSense, Ad Manager, and AdMob. 

In short, Swiss businesses using Google Ads will need a Consent Management Platform (CMP) certified by Google to get user consent by July 31st. As of January 16, 2024, publishers and developers using Google’s ad services have already had to start using a Consent Management Platform (CMP) certified by Google and compliant with the Interactive Advertising Bureau’s (IAB) Transparency and Consent Framework (TCF 2.0). This requirement aligns with the EU’s regulations, the GDPR and the ePrivacy Directive, to ensure explicit user consent. 

The CMPs must also be able to handle the Additional Consent specification for ad tech providers not registered with the TCF. If your CMP cannot manage this, you might face limitations, like only being able to serve a restricted number of ads. This means your advertising reach could be significantly reduced. 

In this article, we are taking a closer look at what businesses in Switzerland need to do to comply with these changes. 

What is the ePrivacy Directive?

The ePrivacy Directive is a European Union law that focuses on protecting the privacy of people using electronic communications, such as emails, text messages, and online messaging. It aims to make sure that personal information is kept safe and that people have control over how their data is used, by setting out a series of requirements as follows: 

• Keeping messages confidential: Electronic communications must remain private and cannot be intercepted or monitored without consent.
• Controlling cookies on websites: Websites need visitors’ permission to store cookies on their devices.
• Reducing spam emails: Businesses must get people's consent before sending promotional messages.
• Protecting your data security: Service providers need to take measures to keep your communication data secure.

What is the GDPR?

The General Data Protection Regulation (GDPR) is the EU’s comprehensive data protection law enacted in 2018 that aims to change the way EU citizens’ personal data is collected, processed and stored, transferring the power over personal data from companies to data subjects. It does this by setting out strict consent requirements, establishing data subject rights, mandating a series of principles for data processing, and imposing hefty fines for non-compliance. In short: 

• Organizations must obtain clear and explicit consent from individuals before collecting or processing their personal data.
• Individuals have the right to access, rectify, erase, and restrict the processing of their data. They can also object to data processing and have the right to data portability.
• Organizations must be transparent about how they collect, use, and store personal data. They are also required to implement measures to ensure data protection and to demonstrate compliance with GDPR.
• Non-compliance with GDPR can result in hefty fines, up to €20 million or 4% of the company's global annual turnover, whichever is higher.

What does consent mean under the ePrivacy Directive and the GDPR?

For both the ePrivacy Directive and GDPR, consent means you clearly and freely agree to your information being used. This means you understand what data is being collected, how it's used, and you have the option to say no.

How Does the IAB TCF work with Google Ads and the GDPR? 

Here's a breakdown of how the IAB Transparency and Consent Framework (TCF) works with Google Ads and GDPR compliance:

1. The TCF provides a standardized way for businesses to manage and communicate consent between publishers, advertisers, and technology vendors. This ensures that all parties handle user data consistently and transparently.
2. Google requires the use of CMPs that are certified under the TCF. These CMPs collect, store, and share user consent data in a way that aligns with both Google’s policies and GDPR requirements.
3. By using TCF-compliant CMPs, businesses can provide users with clear and consistent information about how their data will be used. This enhances transparency and helps build user trust.
4. The TCF simplifies compliance with GDPR by providing a clear framework for obtaining, storing, and managing user consent. This reduces the risk of non-compliance and potential penalties.

What do businesses in Switzerland have to do? 

Here's a breakdown of what Swiss businesses using Google Ads need to do to comply with the new rules:

• Double-check your consent tools: Make sure your Consent Management Platform (CMP) follows both GDPR and Google's ad consent rules.
• Choose a Google-certified CMP: Not all CMPs are created equal! Look for one with a Google stamp of approval that works with the IAB Transparency and Consent Framework (TCF). This ensures everything is talking the same language when it comes to user consent.
• Be clear about cookies: Before storing cookies on users' devices, you need their permission. Show a clear cookie consent banner that explains what cookies your site uses (categorized for easy understanding) and gives users the option to accept or reject them.

Important Note: Using a non-compliant CMP could stop your campaigns in Google Ads.

On January, 13, 2023, the EDPB published a report outlining six common cookie consent banner setup mistakes which caused businesses to be found non-compliant with the GDPR. Below we are listing out a summary of these cookie banner mistakes:

• Mistake 1: Failing to Display a ‘Reject All’ Button
  • Many cookie banners only have an ‘Accept All’ button, or an option to view more choices, but lack a ‘Reject All’ button. To comply with GDPR, your banner must include this option so users can clearly refuse all non-essential cookies.
• Mistake 2: Using Deceptive Designs for Links
  • Some cookie banners hide the ‘Reject’ option in a hard-to-find link, which invalidates consent. Consent must be clear and easily understood, so avoid using hidden or misleading links for refusing cookies.
• Mistake 3: Using Deceptive Colors and Contrast for Buttons
  • Using business branding colors in cookie banners is common, but ensure the contrast between button text and background is readable. Poor contrast can lead to unintentional consent, which is invalid under GDPR.
• Mistake 4: Having Pre-ticked Boxes
  • Pre-ticked boxes for cookie consent are not allowed under GDPR and the ePrivacy Directive. Users must actively choose their preferences, so avoid using pre-selected options for cookies.
• Mistake 5: Wrongly Classifying Cookies
  • If you classify cookies as “essential” or “strictly necessary,” be prepared to provide documentation supporting these classifications. Misclassifying cookies can lead to non-compliance.
• Mistake 6: Not Displaying a Consent Withdrawal Option
  • Both GDPR and the ePrivacy Directive require that users can easily withdraw their consent. While not mandatory, having a visible and accessible way for users to withdraw consent, such as a hovering icon, is recommended for compliance.

What are the benefits of implementing Google’s changes for running ads? 

• You are compliant: By following Google's rules, your business will comply with data protection laws in Europe, the UK, and Switzerland. This helps you avoid fines and legal trouble.
• You build trust: Clear consent practices make users feel their data is safe. This can increase their trust and willingness to use your services.
• You have full access to ads: Using a Google-approved Consent Management Platform (CMP) means you can show all types of ads without limits, helping you reach more customers.
• You get better data management: Proper consent tracking helps you manage user data correctly and respond to their requests about their data easily.
• You get a competitive edge: Being ahead in following these rules shows that your business cares about data privacy, making you more attractive to customers and partners.
• You avoid disruptions: Staying compliant prevents Google from limiting your ad services, ensuring your advertising efforts run smoothly without interruptions.

How can Clym help? 

Clym is a user-friendly CMP that simplifies compliance and puts you in control of user consent. It integrates seamlessly with Google Ads and helps you meet GDPR requirements. As of January 2024, Clym is proud to announce its approved status as the newest CMP to join IAB Europe's Transparency and Consent Framework v2.2 TCF. 

As a Google certified CMP, Clym helps with TCF 2.2 implementation by offering a compliance tool that integrates the framework helping businesses simplify consent management, facilitating compliance with GDPR and user-friendly data processing. 

Clym assists businesses in seamlessly aligning with IAB TCF standards, facilitating compliance with the ePrivacy Directive and GDPR provisions. Our Consent Management Platform (CMP) streamlines user consent management, addressing the DSRs and meeting practical requirements for a standardized and trustworthy online experience.

Clym's user-friendly interface allows individuals to navigate and customize their privacy settings, ensuring a personalized and transparent online experience. This process involves users interacting with the CMP, making informed decisions about data consent. Simultaneously, vendors in the digital ecosystem receive these signals through the CMP, establishing a clear and efficient communication channel.

Here is an example of how vendors are listed in the initial banner on a website: 

In addition to this, Clym helps businesses display a cookie consent banner that is in compliance with the EDPB’s report and subsequent requirements for avoiding the mistakes outlined earlier in this article. 

Convince yourself and see Clym in action today by booking a demo or reaching out to us to discuss your specific needs.