You run a content site with AdSense. A visitor from Germany loads your page, AdSense doesn’t show ads, and the dashboard later complains about “consent management.” Or you’re in the US, never thought about cookies, and AdSense quietly restricts personalized advertising for ~30% of your traffic. Since March 2024, Google has required a certified CMP (Consent Management Platform) for any AdSense publisher serving users in the EEA, UK, or Switzerland. California adds CCPA/CPRA on top. This article covers the bare minimum to stay compliant without losing revenue.
Common causes
You’re reading this for one of these reasons:
1. EU GDPR + ePrivacy requires consent before ad cookies
In the EEA / UK / Switzerland, you legally cannot set advertising cookies until the user has actively consented (not pre-checked boxes, not implied by scrolling). AdSense personalized ads use cookies; therefore, personalized ads require consent first.
How to spot it: VPN to Germany → open your site → if no consent UI appears, you’re non-compliant.
2. California CCPA/CPRA “opt-out of sale/share”
California requires a “Do Not Sell or Share My Personal Information” link in the footer. AdSense’s personalized advertising is considered a “share” under CPRA, so this link must be there for CA visitors.
How to spot it: VPN to California → check the footer. If no DNSMPI link, you’re non-compliant.
3. AdSense requires consent signaling via TCF v2.2
It’s not enough to have a consent banner; AdSense reads consent via the IAB TCF v2.2 standard. If your consent banner doesn’t pass the TC string through, AdSense treats every visit as “no consent” and stops personalizing.
How to spot it: In AdSense → Reports → Personalization, if “Non-personalized” is > 50% of impressions and you have substantial EU traffic, your CMP isn’t signaling correctly.
4. Your CMP is “free” but not IAB-certified
Some popular cookie banner plugins look like CMPs but don’t implement TCF v2.2. They show a banner, the user clicks “accept,” and nothing is actually passed to AdSense.
How to spot it: Open page, accept consent, then in DevTools console run __tcfapi('getTCData', 2, console.log). If undefined, your “CMP” isn’t IAB-certified.
5. CMP loads too late or async
If the CMP loads after AdSense’s script has already fired, AdSense gets a default “no consent” state. Personalization fails even though the user later accepts.
How to spot it: Performance tab → check load order. CMP script should fire before adsbygoogle.js.
Shortest path to fix
Step 1: Pick a certified CMP
Easiest: enable Google’s Funding Choices / Privacy & messaging inside AdSense. Free, certified, integrated.
Alternatives if you need more customization:
- Cookiebot — paid, fully featured
- OneTrust — enterprise
- iubenda — paid, simple
- Klaro! — open source, self-hosted
For most indie sites, Funding Choices is the right answer.
Step 2: Configure regions
In AdSense → Privacy & messaging:
- Create a GDPR message → choose “European Economic Area, UK, Switzerland.”
- Create a CCPA / state regulations message → choose “California (and other US states).”
- Set what happens when user rejects: serve “non-personalized ads” (fills less but still earns).
Step 3: Install the CMP code on every page
Funding Choices generates a <script> snippet. Place it in the <head> of your root layout, before the AdSense script:
<head>
<script async src="https://fundingchoicesmessages.google.com/i/pub-XXXXXXXXX?ers=1"></script>
<script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-XXXXXXXX"></script>
</head>Step 4: Default to non-personalized ads pre-consent
So users who don’t consent still see ads (just non-personalized):
<script>
(window.adsbygoogle = window.adsbygoogle || []).pauseAdRequests = 1;
window.googletag = window.googletag || {cmd: []};
</script>Funding Choices automatically signals consent state to AdSense; you usually don’t need extra code.
Step 5: Add the DNSMPI link for CA visitors
In your footer template:
<a href="/do-not-sell">Do Not Sell or Share My Personal Information</a>Or, if Funding Choices generates a CCPA message, use its provided UI link.
Step 6: Update /privacy to reference your CMP
Add to your privacy policy: “We use Google Funding Choices (or [your CMP]) to manage user consent for advertising cookies. You can change your consent preferences at any time by clicking [link].”
Step 7: Verify with VPN
VPN to Germany → consent banner appears → click accept → personalized ads serve. VPN to California → DNSMPI link visible in footer. VPN to US (non-CA) → no banner needed but ads serve normally.
Prevention
- Default to Funding Choices for new sites — free, certified, AdSense-integrated.
- Always serve non-personalized ads to non-consenters; never fully block ads, you lose revenue.
- Test from at least 3 regions (EU, CA, rest of US) after any consent-related change.
- Review CMP config every 6 months — IAB TCF gets minor updates and your config can drift out of compliance.
- Make the consent state visible to the user (link in footer to reopen the banner).