[Feat]: Become a Google Certified CMP

[karptonite]

Description

Google will require users of adsense/ad manager to user a Google Certified Consent Management Platform as of January 2024. It would be great if Cookie Consent could be certified!

It is explained in detail here.
https://support.google.com/adsense/answer/13554020?hl=en&ref_topic=10924967&sjid=11075614997312658217-NA
https://support.google.com/adsense/answer/13554116?hl=en#zippy=%2Cgoogle-certified-cmps

Proposed solution

The solution would be to go through the certification process--there is a url on the first page linked to the form to initiate that. Of course, first Cookie Consent would have to make sure it is complaint with the requirements, which I'm not sure it is yet.

Additional details

No response

[orestbida]

#289 #523

AFAIK, for this plugin to be a Google Certified CMP it must first be a IAB certified CMP. To register as IAB certified CMP and implement the TCF framework you need to pay ~$1500 yearly.

A TCF compliant CMP also has strict rules on how the CMP should behave and look like which is just not possible to guarantee with a FOSS/MIT project, where anyone can tweak it based on their needs.

[karptonite]

Hmm... The yearly fee seems like something that could be overcome--I imagine that there are enough companies using this that we could raise this. I can't promise anything, but I might be able to get my company to foot the bill, if that were the only impediment. As for the strict rules, I wonder if it would be sufficient to the defaults be compliant. I mean, anyone can tweak just about and CMP using css, open source or not.

I'm afraid that once Google's new system goes through, there will be no open source way for anyone to verify cookie consent while using ad manager. That would be a real shame, because this is a good package you have created.

[orestbida]

Sadly that looks to be the case.

I know a few people who incorporate ads into their websites but yield minimal returns, and the subscribtion to a certified CMP on a monthly basis would significantly impact their already modest earnings. Hopefully there are (or will be) free CMP-TCF verified solutions.

[karptonite]

It looks like Google may have a version that is free for users of Ad Manager? https://support.google.com/adsense/answer/10924669?sjid=972469827319613161-NA#settings It isn't totally clear to me, what it is, or how flexible it is.

It is true that AdSense doesn't have the best returns, but we use Ad Manager to serve our own ads, and for that, it is useful.

[MyWay]

+1 for this, it would be useful

[cyberbeat]

Google should not be allowed to force people using only solutions they choose, legally other solutions like this one would be also ok.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[torgeirbeyer]

Is there any news on this? Will this package be certified by Google any time soon? Unfortunaltely our client demands that we use a certified CMP, so if not we have to change to another solution.

[jpkeisala]

As I am not so familiar with Google product names like adsense/ad manager/admob. I was first lead to understand first that CMP is required if I use Google Ad's but it seems this is not the case. It is only required if I run Google Ad's on the website/app. So, if I just have Google Analytics and Google Ads this cookieconsent is sufficient.

[tehartos]

As I am not so familiar with Google product names like adsense/ad manager/admob. I was first lead to understand first that CMP is required if I use Google Ad's but it seems this is not the case. It is only required if I run Google Ad's on the website/app. So, if I just have Google Analytics and Google Ads this cookieconsent is sufficient.

Are you sure?

[jpkeisala]

Of course not. I am just a developer who has strong opinions in complex legal matters without any kind of legal degree. But with my non-native English skill I read your screenshot above "when serving ads to users in the European...." I still understand it applies about running ads in my website not if they come to my site from an ad.

[tehartos]

Im also non native, my understanding is different tho. "Publisher" as stated in the screenshot are e.g websites that display ads on their website. Serving ads doesnt equal running ads in my opinion, I think its more of a "displaying" ads. I wish I would be wrong tho. Does someone has tried it out? @orestbida Do you maybe have some insight?

[amitsarkerr]

If I own a website and want to run Google ads for the website, should I bind CMP-authorized cookie consent, or can I use this awesome open source solution?

From my understanding, CMP is needed for websites that use AdSense.
@orestbida, do you have any clarifications?

[jpkeisala]

The new Google consent management requirements for serving ads are indeed targeted towards publishers using Google's ad serving products, not advertisers simply running Google Ads campaigns.

[gvigroux]

Why not using the same technique as: https://github.com/brainsum/cookieconsent ?
It seems it's enough to pass some GTAG values to be compatible with Consent Mode V2

[StayFrosty54]

I'm sorry but I really really need someone to ELI5 this whole thing. We're doing conversion tracking from ads that point to our website and are using this cookie consent plugin. We're now gettings emails from google that we'll be required to use Consent Mode v2 starting from july. Can we extend this functionality into the plugin like for example described here: #669

Or do we absolutely have to use a CPM certified solution?

[jpkeisala]

See article here https://uninterrupted.tech/blog/manage-user-cookie-consent-with-google-tag-manager-adapting-to-cookie-consent-v3/

CMP is not required unless you decide to show ads in your own website.

[karptonite]

I opened this, and I'm not going to close it because people still seem interested, but I don't think that becoming a certified CMP is in the cards. This is because, as I now think I understand, this package is a consent plugin, but not a consent management platform. A consent management platform also deals with consent data on the backend--google cares about how that data is handled. That is outside the scope of this project. Again, if I understand this correctly.

[johnwbaxter]

I'm just going to add a little extra insight here. We have been talking to a google account ads account manager about our implementation using this great plugin recently. At no point did they demand we use an off the shelf CMP, just that we handle consent mode properly.

You need to deny consent initially and then when the user accepts the cookies in question, you then grant consent in the GTM datalayer. On top of that, you need to configure your GTM tags to work with consent that is given by your site.

You can do all of this with this plugin, you don't need a paid CMP.

Also, this has events that you can tap into that lets you pump off any data you need to log consent into a database, so ok, natively, it doesn't do the backend functionality, obviously, but it gives you the tools you need to implement it.

[ecjep24]

@johnwbaxter let's accept the this challenge

[alxndr-w]

Also, this has events that you can tap into that lets you pump off any data you need to log consent into a database, so ok, natively, it doesn't do the backend functionality, obviously, but it gives you the tools you need to implement it.

And it's not that difficult. I've implemented this into my favorite CMS (REDAXO).

onFirstConsent: () => {
    logConsent();
},

onChange: () => {
    logConsent();
}

[...]

function logConsent() {

	const cookie = cc.getCookie();
	const preferences = cc.getUserPreferences();

	let formData = new FormData();
	formData.append('consentId', cookie.consentId);
	formData.append('acceptType', preferences.acceptType);
	formData.append('acceptedCategories', preferences.acceptedCategories);
	formData.append('rejectedCategories', preferences.rejectedCategories);
	formData.append('acceptedServices', preferences.acceptedServices);
	formData.append('rejectedServices', preferences.rejectedServices);

	fetch('/?api-call=cc&action=log', {
		method: 'POST',
		body: formData
	});
}

And the basic backend stuff for that is just as easy, put all form data into a database table with - you guessed it - consentId, acceptType, etc. and a datestamp.

edit: Advanced stuff, but maybe useful, would be tracking revisions (content as well as logging the revision number. Didn't implement that yet)

edit2: original source

[johnwbaxter]

Nice comment @alxndr-w !! That will be useful for people doing this :)

[mwendell]

@alxndr-w wouldn't it be preferable to record the user's cookie consent in a cookie? If you need to cookie the user anyway, to attach their preferences to your database entry, can't you simply include that preference data in the identification cookie itself?

I could be completely wrong, so I'm curious what you think or what I'm missing in my understanding here.

[alxndr-w]

@mwendell it's not about saving the user preference for the user – it's to have the user consent in a log for the website's operator.

Use case, as far as I know: the user can't remember that he gave consent, calls his lawyer and sues the operator.

As an operator, you can ask for his consent id and can prove that he gave consent.

--

Another usecase could be websites with login to save the preferences and attach them to the user.