Requesting Consent from European Users

Under the Google EU User Consent Policy, you must make certain disclosures to your users in the European Economic Area (EEA) and obtain their consent to use cookies or other local storage, where legally required, and to use personal data (such as AdID) to serve ads. This policy reflects the requirements of the EU ePrivacy Directive and the General Data Protection Regulation (GDPR).

To support publishers in meeting their duties under this policy, Google offers a Consent SDK. The Consent SDK is an open-source library that provides utility functions for collecting consent from your users. The full source code is available on GitHub.

Ads served by Google can be categorized as personalized or non-personalized, both requiring consent from users in the EEA. By default, ad requests to Google serve personalized ads, with ad selection based on the user's previously collected data. Google also supports configuring ad requests to serve non-personalized ads. Learn more about personalized and non-personalized ads.

This guide describes how to use the Consent SDK to obtain consent from users. It also describes how to forward consent to the Google Mobile Ads SDK once you have obtained consent.

Prerequisites

Apps can import the Consent SDK with a Gradle dependency that points to Google's Maven repository. In order to use that repository, you need to reference it in the app's project-level build.gradle file. Open yours and look for an allprojects section:

Example project-level build.gradle (excerpt)

allprojects {
    repositories {
        jcenter()
        maven {
            url "https://maven.google.com"
        }
    }
}

Add the maven directive above if it's not already present.

Next, open the app-level build.gradle file for your app, and look for a "dependencies" section.

Example app-level build.gradle (excerpt)

dependencies {
    implementation fileTree(dir: 'libs', include: ['*.jar'])
    implementation 'com.android.support:appcompat-v7:26.1.0'
    implementation 'com.google.android.ads.consent:consent-library:1.0.6'
}

Add the line in bold above, which instructs Gradle to pull in the latest version of the Consent SDK. Once that's done, save the file and perform a Gradle sync.

Prior to using any other methods in the Consent SDK, you should update consent status to make sure the Consent SDK has the latest information regarding the ad technology providers you've selected in the AdMob UI. If the list of ad technology providers has changed since the user last provided consent, the consent state is set back to an unknown state.

If you don't use mediation

If you aren't using mediation, you have two options for implementing the Consent SDK to collect consent.

One option is to use the Consent SDK to present a Google-rendered consent form to your users. The consent form displays a list of the ad technology providers you've selected in the AdMob UI. The Consent SDK stores the user consent response.

The other option is to use the Consent SDK to dynamically retrieve the full list of ad technology providers from AdMob, as explained in publisher-managed consent collection. However, in this case you'll need to determine how the list of providers should be made available to your users and present your own consent form to your users.

Once the user has made a consent choice, you can ask the Consent SDK to store the user's consent choice as explained in Storing publisher managed consent.

Upon collecting consent, if a user has consented to receive only non-personalized ads, you'll need to forward consent to the Google Mobile Ads SDK.

If you use AdMob mediation

You can use the Consent SDK to dynamically retrieve the full list of ad technology providers from AdMob, as explained in publisher-managed consent collection. You'll need to determine which additional ad technology providers from other ad networks need to be presented to your users for consent.

As an app developer, you'll need to collect user consent for both the ad technology providers returned by the Consent SDK and the providers from other ad networks. You'll also need to manually store user consent responses and forward consent to the Google Mobile Ads SDK if the user consented to receive only non-personalized ads.

Google currently is unable to obtain and handle consent for mediation networks, so you'll need to obtain and handle consent for each ad network separately. We are actively working with all of our open source and versioned mediation networks to provide updated documentation with details on how to forward consent. Documentation is already live for the following mediation networks:

When using the Consent SDK, it is recommended that you determine the status of a user's consent at every app launch. To do this, call requestConsentInfoUpdate() on an instance of ConsentInformation.

import com.google.ads.consent.*;

public class MainActivity extends Activity {
    ...

    @Override
    protected void onCreate(Bundle savedInstanceState) {
        ...
        ConsentInformation consentInformation = ConsentInformation.getInstance(context);
        String[] publisherIds = {"pub-0123456789012345"};
        consentInformation.requestConsentInfoUpdate(publisherIds, new ConsentInfoUpdateListener() {
            @Override
            public void onConsentInfoUpdated(ConsentStatus consentStatus) {
                 // User's consent status successfully updated.
            }

            @Override
            public void onFailedToUpdateConsentInfo(String errorDescription) {
                 // User's consent status failed to update.
            }
        });
        ...
    }
    ...
}

The call to requestConsentInfoUpdate() requires two arguments:

  • An array of publisher IDs that your app requests ads from. Find your publisher ID.

  • An instance of ConsentInfoUpdateListener.

If the consent information is successfully updated, the updated consent status is provided via the onConsentInfoUpdated() method of the ConsentInfoUpdateListener. The returned ConsentStatus may have the values listed below:

Consent Status Definition
ConsentStatus.PERSONALIZED The user has granted consent for personalized ads.
ConsentStatus.NON_PERSONALIZED The user has granted consent for non-personalized ads.
ConsentStatus.UNKNOWN The user has neither granted nor declined consent for personalized or non-personalized ads.

Once consent information is successfully updated, you can also check ConsentInformation.getInstance(context).isRequestLocationInEeaOrUnknown() to see if the user is located in the European Economic Area or the request location is unknown.

If the isRequestLocationInEeaOrUnknown() method returns false, the user is not located in the European Economic Area and consent is not required under the EU User Consent Policy. You can make ad requests to the Google Mobile Ads SDK.

If the isRequestLocationInEeaOrUnknown() method returns true:

Google's Consent SDK provides two ways to collect consent from a user:

Remember to provide users with the option to Change or revoke consent.

The Google-rendered consent form is a full-screen configurable form that displays over your app content. You can configure the form to present the user with combinations of the following options:

  • Consent to view personalized ads
  • Consent to view non-personalized ads
  • Use a paid version of the app instead of viewing ads

You should review the consent text carefully: what appears by default is a message that might be appropriate if you use Google to monetize your app; but we cannot provide legal advice on the consent text that is appropriate for you. To update consent text of the Google-rendered consent form, modify the consentform.html file included in the Consent SDK as required.

The Google-rendered consent form is configured and displayed using the ConsentForm class. The following code demonstrates how to build a ConsentForm with all three consent options:

URL privacyUrl = null;
try {
    // TODO: Replace with your app's privacy policy URL.
    privacyUrl = new URL("https://www.your.com/privacyurl");
} catch (MalformedURLException e) {
    e.printStackTrace();
    // Handle error.
}
ConsentForm form = new ConsentForm.Builder(context, privacyUrl)
    .withListener(new ConsentFormListener() {
        @Override
        public void onConsentFormLoaded() {
            // Consent form loaded successfully.
        }

        @Override
        public void onConsentFormOpened() {
            // Consent form was displayed.
        }

        @Override
        public void onConsentFormClosed(
                ConsentStatus consentStatus, Boolean userPrefersAdFree) {
            // Consent form was closed.
        }

        @Override
        public void onConsentFormError(String errorDescription) {
            // Consent form error.
        }
    })
    .withPersonalizedAdsOption()
    .withNonPersonalizedAdsOption()
    .withAdFreeOption()
    .build();

The methods above prepare the Google-rendered consent form with the following options:

withListener()
Registers a listener for the ConsentForm. Each of the overridable methods in ConsentFormListener corresponds to an event in the lifecycle of the consent form.
Overridable methods
onConsentFormLoaded The consent form successfully loaded.
onConsentFormError The consent form failed to load. The errorDescription parameter provides a description of the error.
onConsentFormOpened The consent form was opened.
onConsentFormClosed The consent form was closed. The parameters of the method provides the following information:
  • consentStatus is a ConsentStatus value that describes the updated consent status of the user.
  • userPrefersAdFree has a value of true when the user chose to use a paid version of the app instead of viewing ads.
withPersonalizedAdsOption()
Indicates that the consent form should show a personalized ad option.
withNonPersonalizedAdsOption()
Indicates that the consent form should show a non-personalized ad option.
withAdFreeOption()
Indicates that the consent form should show an ad-free app option.

Once you have created a ConsentForm object, load the consent form by invoking the load() method of ConsentForm, as shown below:

form.load();

To present the user with the Google-rendered consent form, call show() on an instance of ConsentForm, as demonstrated below:

form.show();

After the user selects an option and closes the form, the Consent SDK saves the user's choice and fires the onConsentFormClosed event. You can listen for this event and forward consent to the Google Mobile Ads SDK.

If you choose to collect consent yourself, you can use the getAdProviders() method of the ConsentInformation class to get the ad technology providers associated with the publisher IDs used in your app. Note that consent is required for the full list of ad technology providers configured for your publisher IDs.

List<AdProvider> adProviders =
    ConsentInformation.getInstance(context).getAdProviders();

You can then use the list of ad technology providers to obtain consent yourself.

Upon getting consent, record the ConsentStatus corresponding to the user's response using the setConsentStatus() method of the ConsentInformation class.

ConsentInformation.getInstance(context)
    .setConsentStatus(ConsentStatus.PERSONALIZED);

After reporting consent to the Consent SDK, you can forward consent to the Google Mobile Ads SDK.

To allow users to update their consent, simply repeat the steps outlined in the Collect consent section when the user chooses to update their consent status.

If a publisher is aware that the user is under the age of consent, all ad requests must set TFUA (Tag For Users under the Age of Consent in Europe). To include this tag on all ad requests made from your app, call setTagForUnderAgeOfConsent(true). This setting takes effect for all future ad requests.

ConsentInformation.getInstance(context).setTagForUnderAgeOfConsent(true);

Once the TFUA setting is enabled, the Google-rendered consent form will fail to load. All ad requests that include TFUA will be made ineligible for personalized advertising and remarketing. TFUA disables requests to third-party ad technology providers, such as ad measurement pixels and third-party ad servers.

To remove TFUA from ad requests, call setTagForUnderAgeOfConsent(false).

Testing

The Consent SDK has different behaviors depending on the value of ConsentInformation.getInstance(context).isRequestLocationInEeaOrUnknown(). For example, the consent form fails to load if the user is not located in the EEA.

To enable easier testing of your app both inside and outside the EEA, the Consent SDK supports debug options that you can set prior to calling any other methods in the Consent SDK.

  1. Follow the instructions in the update consent status section to call requestConsentInfoUpdate. Then run your app. Check the logcat output for the following log:

    I/ConsentInformation: Use
    ConsentInformation.getInstance(context).addTestDevice("33BE2250B43518CCDA7DE426D04EE231")
    to get test ads on this device.

  2. Whitelist your device to be a debug device using the advertising ID from logcat:

    ConsentInformation.getInstance(context).addTestDevice("33BE2250B43518CCDA7DE426D04EE231");
    

  3. Finally, call setDebugGeography to set your preferred geography for testing purposes.

    // Geography appears as in EEA for test devices.
    ConsentInformation.getInstance(context).
        setDebugGeography(DebugGeography.DEBUG_GEOGRAPHY_EEA);
    // Geography appears as not in EEA for debug devices.
    ConsentInformation.getInstance(context).
        setDebugGeography(DebugGeography.DEBUG_GEOGRAPHY_NOT_EEA);
    

After completing these steps, calls to update consent status will take into account your debug geography.

The default behavior of the Google Mobile Ads SDK is to serve personalized ads. If a user has consented to receive only non-personalized ads, you can configure an AdRequest object to specify that only non-personalized ads should be requested. The following code causes non-personalized ads to be requested regardless of whether or not the user is in the EEA:

Bundle extras = new Bundle();
extras.putString("npa", "1");

AdRequest request = new AdRequest.Builder()
        .addNetworkExtrasBundle(AdMobAdapter.class, extras)
        .build();

If non-personalized ads are requested, the ad request URL currently includes &npa=1. However, note that this is an internal implementation detail of the Google Mobile Ads SDK and is subject to change.

FAQ

How many ad technology providers does the Consent SDK support?
The Consent SDK does not impose a limit on the number of ad technology providers a publisher chooses to enable.
Does the list of ad technology providers returned by the SDK automatically update if I change my selection in the AdMob UI?
Yes, if you make changes to the list of ad technology providers in the AdMob UI, the changes will propagate to Google's ad servers in approximately one hour.

Send feedback about...

Google Mobile Ads SDK for Android
Google Mobile Ads SDK for Android
Need help? Visit our support page.