If you’re using or planning to use Google’s Accelerated Mobile Pages (AMP) to load your web pages faster on mobile, you might be wondering how to set-up in a way that allows you to comply with the GDPR and avoid penalties.
That said, collecting cookie consent on AMP pages requires some extra work. You’ll need to:
<amp-consent>element to your AMP pages, and
data-block-on-consentattribute, or use the
data-block-on-consent-purposesattribute if you want to enable per-category consent (more info here: amp.dev/documentation).
To retrieve the consent string on AMP, third party vendors can use
AMP does not allow the loading of iframes from the same domain, therefore, uploading this file on the same domain as your AMP page will result in the cookie notice not being displayed when you load AMP pages from that domain.
However, in practice, Google loads AMP pages directly from their (Google’s) domain, when a user accesses the page by clicking on a search result. Therefore same domain conflict is generally not an issue as it only affects non-production use cases.
In any case, to avoid this issue, you can simply host the HTML file on a different domain or subdomain (e.g. main domain is www.yourdomain.com, but you host the file on amp.yourdomain.com). This approach also works if you redirect from a subdomain to your main domain, for example, if the file is hosted on the main domain (one easy trick is to use www/non-www redirection to do this without adding extra subdomains).
Also note that the AMP iframe needs to be served via HTTPS.
For a step-by-step guide (complete with sample codes, a demo and WordPress tips) and more information on how to block cookies before user consent on Accelerated Mobile Pages, read How to integrate iubenda Privacy Controls and Cookie Solution with AMP.
Besides AMP, you may also find useful these other options for mobile: