10 min read
As privacy regulations evolved, Google made it mandatory as of 2024 to use a Google-certified Consent Management Platform (CMP) for businesses that serve ads in the EEA and the UK. The requirement was introduced due to stricter General Data Protection Regulation (GDPR) and ePrivacy Directive rule enforcement, which requires valid consent before data collection.
Read this article as we explain how to choose a Google-certified CMP that’s suitable for your business. You’ll learn how to continue serving ads while staying compliant with privacy laws and preventing fines.
What is a Google-certified CMP?
A Google-certified CMP is a consent management platform that has been assessed and vetted by Google for meeting strict privacy law compliance and consent management requirements. It helps websites and apps ensure that consent is collected accurately, especially for Google’s advertising services, like AdSense, AdMob, or Ad Manager.
Getting a Google-certified CMP is essential for businesses that serve ads for users in the European Economic Area (EEA) and the UK. It helps ensure compliance with data privacy laws like the General Data Protection Regulation (GDPR) and the IAB's Transparency and Consent Framework (TCF).
Why does choosing a Google-certified CMP matter?
If your business is running personalized ads through the EEA or the UK, as of 2024, using a Google-certified CMP is no longer optional. Google requires advertisers to use a certified CMP that’s compliant with the IAB TCF v2.2 and data privacy laws.
If you don’t use a Google-certified CMP while serving ads, it can result in:
- Loss of ad revenue. If your CMP is not compliant with Google’s requirements, services like Google Ads or AdSense may stop serving personalized ads to users in the EEA and UK, affecting revenue.
- Non-compliance penalties. If you’re not using a Google-certified CMP but serving ads in the EEA or UK, you’re risking poor user consent management. This can result in non-compliance fines. For example, the GDPR fines can go up to €20 million, or 4% of the firm’s global annual revenue (whichever is higher).
Requirements for Google CMP certification
To become Google-certified CMPs, these tools go through extensive assessments. Here are the main requirements for Google CMPs:
- IAB TCF v2.2 compliance. Google requires CMPs to ensure TCF compliance because it holds them accountable in terms of compliance with the GDPR and ePrivacy Directive provisions.
- Google Consent Mode v2 integration. CMPs must support Consent Mode v2 to serve ads. It helps manage Google Tag behavior based on consent choices.
- Consent signal accuracy. CMPs must ensure that, according to EU data privacy laws, cookie storing and personal data collection can only happen after consent is given. Additionally, these tools must guarantee that user consent is accurately passed to Google.
- Compliance. CMPs that are Google-certified should give you the tools to ensure GDPR, ePrivacy Directive, and other data privacy law compliance. It must also help you document compliance for proof.
- Compatibility. Google-certified CMPs support web and mobile environments, including iOS and Android, and apps.
How to choose the right CMP
Choosing the right CMP that’s Google-certified isn’t difficult if you know what to look for. Here’s a detailed guide on how to choose a CMP that’s most suited for your business needs:
1. Review the Google-certified CMP list
Google has a full list of certified CMP partners that you can review to find the right choice for your business. You can filter the partners based on their features, like free trials or monthly pricing.
To make your search simpler, notice that the partners are categorized into 3 tiers (bronze, silver, and gold) based on their ease of integration, customer support, and other features.
2. Examine customization options
When choosing a CMP, think of specific features or customization options that your business may require. For example, if you’re running a business in multiple countries, check if the tool supports translations. You can filter Google’s certified CMP list by the languages you need to narrow your search.
3. Check for TCF compliance
The IAB Transparency & Consent Framework (TCF) is the key requirement to becoming a Google-certified CMP. If the CMP provider doesn’t provide information about IAB TCF v2.2 compliance, you can check the official IAB Europe CMP list.
4. Review transparency practices
A good Google-certified CMP should enable you to ensure complete transparency about data collection and allow managing consent. This includes allowing you to easily add buttons for accepting or rejecting consent. Here’s a simple example of a cookie banner made with TinyCookie:
The “Accept” and “Reject” buttons are added by default. You can alter the banner and button texts or their placement. You can also add consent preference management options.
5. Evaluate data privacy law compliance
Finding the right Google-certified CMP also includes reviewing its compliance with data privacy laws, like the GDPR. Here are the main data privacy law requirements that each CMP should ensure:
- Granular consent management. To ensure you give users control over how their personal data is used, the CMP should also allow setting up granular consent options.
- Consent recording. It’s useful to record user consent so you have proof of compliance with GDPR or other laws.
- Secure data handling practices. The GDPR and other privacy regulations require storing user data securely. This includes adopting measures for ensuring confidentiality and data encryption.
6. Review integrations
The CMP of your choice should have no issues integrating with your business tools. Whether you’re using third-party analytics services, a content management system, or other tools, the CMP should be able to work seamlessly alongside them.
Additionally, a CMP should support Google Consent Mode v2 integration and offer compatibility with tools like Google Tag Manager. This helps ensure an effortless setup process without the need for any technical skills.
7. Manage local storage and session storage
Local storage and session storage are data storage options that store data in the browser. They often retain personal data, such as user preferences, for personalization or tracking purposes.
Privacy laws like the GDPR require that the storage methods are blocked unless the user grants consent. This means that Google-certified CMPs should ensure pre-consent blocking for non-essential local or session storage.
8. Assess support and update regularity
Before deciding on a CMP, review the support and maintenance. Here’s what you should take into consideration:
- Customer support options. Look for providers that offer live chat or email. Most of the time, you can find out about support quality and response times from customer reviews.
- Software update regularity. Review the change logs or documentation of the CMP provider to find out if it regularly updates the software. This ensures that the CMP follows the latest requirements for data privacy law compliance and fixes any bugs or vulnerabilities that may arise.
- Guides and resources. Look for CMPs that provide a knowledge base or other resources to help you learn how to use the tool and stay compliant.
9. Scalability and price
Even if your business is small to medium-sized, review the CMP’s plans to see if you can scale as your business grows. It should be able to handle a sudden surge of visitors.
Additionally, a CMP is just one of the many business tools that you’ll require, so make sure you take price into consideration. Compare different Google-certified CMPs to find which one offers the best price-to-value ratio.
Comparing top Google-certified CMPs
The best Google-certified CMP for your business depends on your needs. If you’re just starting out or have a small-to-medium business, Cookiebot and CookieScript are both affordable and user-friendly options. However, if you run an enterprise that’s strictly compliance-focused, then comprehensive solutions like OneTrust can be the right option.
Here’s a quick comparison of popular Google-certified CMPs and their key features:
|
Cookiebot |
CookieScript |
iubenda |
CookieYes |
OneTrust |
|
|
TCF compliance |
 |
|
|
|
|
|
Consent Mode v2 compliance |
|
|
|
|
|
|
Customization options |
High |
Basic |
High |
Moderate |
High |
|
Multi-language support |
48 |
42 |
12 |
175+ |
130+ |
|
Ease of use |
Easy |
Easy |
Easy |
Easy |
Moderate |
|
Free plan |
|
|
|
|
|
|
Price |
From $8/month |
From $9.34/month |
From $3.49/month |
From $10/month |
Custom (from around $1,100/month) |
|
Best for |
Small-to-medium businesses |
eCommerce websites |
Privacy and compliance-conscious companies |
Startups |
Enterprises requiring heavy compliance |
Final thoughts
Using a Google-certified CMP is required for all businesses that serve personalized ads in the EEA or UK. It helps ensure accurate consent management and compliance with data privacy laws, such as the EU and UK GDPR and ePrivacy Directive.
Choosing a Google-certified CMP involves checking its TCF compliance, Google Consent Mode v2 integration, customization capabilities, and support options. According to my research, the best Google-certified CMP is Cookiebot. It ensures a beginner-friendly user interface and setup, supports 48 languages, and offers a limited free plan to test the tool out.
Frequently asked questions
Yes, a Google-certified CMP is mandatory as of March 2024 for businesses that want to use ad personalization features in the European Economic Area (EEA) or the UK. This includes businesses that use Google AdSense, AdMob, or Ad Manager to serve ads.
There are multiple CMPs that are certified by Google and can help businesses comply with Google Consent Mode and privacy regulations. Some of the most widely used options at the moment are CookieScript, Cookiebot, and CookieYes.
If you serve users in the EEA and fail to implement Google Consent Mode v2, you risk non-compliance with privacy laws. This can result in large GDPR fines or penalties and Google restricting you from using certain analytics and advertising features.
