Thanks!

Breaking down Google’s Digital Markets Act (DMA) enforcement

By Roy Yanai
Breaking down Google’s DMA enforcement - OG image

The EU’s Digital Markets Act (DMA) regulates big tech to promote fair competition and data practices, benefiting smaller entities and enhancing consumer privacy. It defines such tech companies as “gatekeepers” by their market presence and imposes rules for equitable digital advertising, requiring clear user consent for data sharing and ensuring transparency in ad performance metrics.

We’ve provided a high-level introduction to the DMA and its implications for the ecosystem, covered how Apple is adopting this new regulation, and here we’ll break down Google’s approach, their updates, and how it will impact advertisers. 

Google’s approach

A major focus from Google regarding the DMA regulation is appropriating user consent, as an enabler for Google to use the full set of user data, as collected from users on websites and Apps, and shared with Google directly or via 3rd party partners such as AppsFlyer. 

They have specific requirements for Publishers (who monetize their platforms via Google ads services) and Advertisers (using Google ads services to reach their customers or acquire new customers), as detailed below.

In addition, users within the EEA will also have the option to link their individual Google services, i.e Youtube, Gmail, Search, and more, or select to separate them, thus disallowing data to be shared across the separate services.

Google requirements for publishers – certified CMP

As a first step, already in effect since January 16, 2024, Google required App and Web owners who are monetizing using Google ads services (Admob, Adsense, Ad Manager) to implement a Google certified Consent Management Platform (CMP) in order to continue serving personalized ads for EEA users within their platforms.

Google’s main motivation behind this requirement is to ensure smooth and standardized user consent flow from the platform (App, website) that serve the ads on behalf of Google, to Google ads services, in order to ensure DMA compliance. The focus is to ensure publishers are working with a CMP that supports the most updated of the Transparency & Consent Framework (TCF) – TCF 2.2, allowing Google an easy way to conclude user consent state, mostly for personalized ads.

Failing to meet this requirement will limit the ads inventory that Google can serve through these platforms for EEA users, to general, broad targeting ads only, without the ability to serve personalized ads, which usually result in better performance.

As part of their preparations for the DMA enforcement, Google is updating their requirements for data sharing with their advertising networks (Google ads and Google Marketing Platform AKA DV360), requiring all advertisers to share 2 new consent related fields with Google for every install, event, or even user info that is uploaded as part of an audience (customer match), when the data originates from a user within the European Economic Area (EEA):

  • ad_personalization=true/false: Sets consent for personalized advertising.
  • ad_user_data=true/false: Sets consent for sending user data to Google for advertising purposes.

Failing to comply and send this consent information to Google may impact advertisers’ ability to measure their Google and DV360 campaigns in the EEA, as well as leverage their EEA users’ data within Google audiences solutions.

How is AppsFlyer helping advertisers navigate this change?

AppsFlyer is committed to helping clients navigate through this change and comply with Google’s DMA requirements, via multiple tools and solutions that are coming very soon:

  • Consent data collection: AppsFlyer will allow advertisers to transmit the consent info, as collected from the user, in one of 2 ways:
    • TCF 2.2 strings: advertisers who work with a TCF 2.2-supporting CMP require no further action. One can simply use the TCF strings (created by the CMP and placed in device storage) to transmit the consent information to AppsFlyer. AppsFlyer will then normalize the consent info and translate it to the Google required consent fields, sparing the App developer most of the DEV efforts.
    • Manual: advertisers not working with a CMP will be able to collect the consent info on their own and send it to AppsFlyer to share forward with Google, as needed.
  • EEA Consent OPT-OUT: AppsFlyer will allow non EEA advertisers to easily OPT OUT from any EEA consent requirements, by letting AppsFlyer know that non of their users activity is in the EEA, without having to implement any changes to their data collection methods (SDK or S2S). The decision to OPT OUT of these Google consent requirements will be done by the advertiser, based on their legal team’s understanding of the DMA regulation.

Summary

Whether you work with Google as a publisher or advertiser, whether your activity is focused in the EEA, is global, or completely outside of the EEA, these Google DMA related changes will require some action from you, even a simple one such as OPTing out of these consent requirements. 


While timelines to comply with these requirements are short given the delayed announcements from gatekeepers, AppsFlyer are working to help minimize impact on advertising activity in the EEA. That being said, AppsFlyer encourages our clients to review the required changes internally and explore the best ways and tools to comply as soon as possible.

Roy Yanai

Roy Yanai is the AVP of Product - Measurement at AppsFlyer. Over the past 6 years, Roy led different product areas within AppsFlyer including Data Exchange, Analytics, Incrementality and iOS solution. Currently, Roy leads the product efforts for AppsFlyer’s attribution and measurement products. Prior to AppsFlyer, Roy served as CEO & Head of Product at Mego - a startup aimed to solve eCommerce delivery pains and founded HackIDC - Israel’s largest Hackathon.
Background
Ready to start making good choices?