Google is now requiring that publishers that carry its ads comply with a European Union directive and ask their site visitors' for permission before setting cookies on their computers.
Google spelled out the requirement in its new EU User Consent Policy for publishers that participate in services including AdSense, DoubleClick Ad Exchange and DoubleClick for Publishers.
"If your websites are getting visitors from any of the countries in the European Union, you must comply with the EU user consent policy. We recommend you start working on a policy-compliant user consent mechanism today," said Jason Woloz, Google's security and privacy program manager for display and video ads, in a blog post
Sites that target EU readers should already be asking visitors for permission to store cookies on their machines, under the EU's ePrivacy directive. Browser cookies can be used to store a user's web actions or preferences and the data is often used for behavioral ad targeting. Cookies can also provide convenient functions, such as storing users' login data.
The European Commission's guidelines say that, for consent to be valid, it must be "informed, specific, freely given and must constitute a real indication of the individual's wishes."
In the policy introduced on Monday, Google stresses that its partner publishers must obtain consent from site visitors to collect, share and use their data gathered via an app, site or other service. It also covers storing and accessing of cookie data.
On a website called Cookie Choices, Google gives tips on how to implement the policy and comply with EU laws.
Google won't tell its users what an app or site consent message should say "because it will largely depend on your own uses of cookies and other information, and the third party services you work with." It did give some examples on the Cookies Consent site.
The European Commission offers a cookie consent kit to help website operators comply with the directive.
A EU directive is a legislative act that sets out a goal that all EU countries must achieve. However, it is up to countries to decide how and it often takes time for countries to make laws based on a directive. For example, a U.K. cookie law, based on the directive, came into effect in May 2012.
Loek is Amsterdam Correspondent and covers online privacy, intellectual property, online payment issues as well as EU technology policy and regulation for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to firstname.lastname@example.org