Google as a data controller
Google operates as a data controller for Ad Manager and Ad Exchange. Publishers use these products as independent data controllers, not processors or joint controllers. This is reflected in our Controller-Controller Data Protection Terms, which now form part of Ad Manager and Ad Exchange contracts for publishers who have online contractual terms, and will be made available to all other Ad Manager and Ad Exchange publishers.
Ad Manager and Ad Exchange are classified as controllers under GDPR because we regularly use data to deliver and improve the product—for example, testing ad serving algorithms, monitoring end-user latency, and ensuring the accuracy of our forecasting system. Additionally, we use data to deliver relevant and high-performing ads in features like optimized pricing in the open auction. These capabilities have been essential to the development of Ad Manager and AdX from their inception, and are critical to the value of the product we deliver to you today.
The designation of Google's publisher products as controller does not give Google any additional rights over data derived from a publisher’s use of Ad Manager and Ad Exchange. Google’s uses of data are controlled by the terms of its contract with its publishers, and any feature-specific settings chosen by a publisher through the user interface of our products.
Our Platforms Program Policies prohibit the use of products like Ad Manager and Ad Exchange to pass any information to Google that Google could use or recognize as personally-identifiable information. This would include, for example, end users’ email addresses or phone numbers.
Each ad request on a publisher’s site or app will share certain data from the user’s device, for instance the user’s IP address will be shared with Google. An ad request on a web page will also share existing cookies or cause new cookies to be set (depending on the user’s browser settings). For details of the cookies we use, see Types of cookies used by Google. If a publisher uses publisher provided IDs (PPID), these will also be shared in an ad request. In mobile apps, ad requests will share advertising identifiers. Location data may also be shared, where available, in accordance with Google Publisher Policies.
Subject to Ad Manager and Ad Exchange policies, publishers and buyers may also upload some data (such as audience lists), enter free-form text into certain fields, and provide publisher and buyer data (for example, during publisher account creation or report scheduling).
Google does not use data from publishers' sites to create publisher-specific audience segments or use data entered into the Ad Manager and Ad Exchange UI to inform bidding by other Google products (Google Ads, Display & Video 360). For Ad Exchange-eligible inventory, the publisher can control through the Ad Manager and Ad Exchange UI whether Google Ads and Display & Video 360 can serve relevant ads using: (i) non-signed-in data from its sites (learn more); and (ii) signed-in Google data from its sites (learn more). Further, Ad Manager and Ad Exchange data is never shared with Google’s media sales teams (e.g. YouTube or the Google Display Network) for purposes of competing against our Ad Manager and Ad Exchange publishers. Google’s designation as a controller does not change this position.
What is the data used for?
Google uses Ad Manager and Ad Exchange data to help us provide and develop the Ad Manager and Ad Exchange services (described further below) and make advertising more effective. Identifiers such as cookies or mobile advertising IDs are used to stop users from seeing the same ad over and over again, to detect and stop click fraud, and to show ads that are likely to be more relevant to the user (such as ads based on websites the user has visited). Ad Manager and Ad Exchange data is also used to deliver reports to publishers about their own networks, troubleshoot the Ad Manager and Ad Exchange products, and answer publishers’ questions about the products.
We do not share Ad Manager and Ad Exchange ads data except with the publisher’s consent, as expressly permitted under the terms of their Ad Manager and Ad Exchange agreement or when required by law.
Ad Exchange shares limited user information (detailed below) with potential bidders through its real-time bidder feature. Publishers can control the participating bidders by using in-product controls. This information is shared to help the bidder decide whether they want to serve an ad to the user and, if so, which ad they want to show, and how much they want to bid.
The information that is shared with potential bidders includes:
- The web address of the page, or name of the app, provided the publisher allows such sharing
- The category of that page (e.g., “Sports News”) and its language
- The type of browser and device the user is using, and their device’s screen size
- The user’s approximate geographic location
- A truncated version of the user’s IP address, which potential bidders may use for purposes such as determining the user’s approximate geography for themselves, and as a signal to protect against advertising fraud
- For web pages, an encrypted cookie identifier that is unique to the potential bidder, which helps a bidder that has its own cookie on the user’s browser to look at any other information it has associated with that cookie (e.g., based on that cookie, the bidder may know that the user is a female with an interest in hockey)
- For apps and other devices, such as gaming consoles and connected TV devices, an advertising ID that serves the same purpose.
In addition, our Ad Exchange policies restrict the ways in which the Ad Exchange bidders are allowed to use this information.
Internally, Google uses strict access controls (using both automated technical controls and internal policy controls) to limit internal access to personal data to only those with a business need to access it. Internal access to Ad Manager and Ad Exchange data is only permitted if that access is consistent with the terms of the publisher’s Ad Manager and Ad Exchange agreement (see above).
Data retention, data deletion and data portability
Signed-in Google users can delete past searches, browsing history, and other authenticated activity from their Google Accounts. When these events are deleted, they will no longer contribute to that user’s signed-in ads profile. For more information about the data deletion functionalities available in My Activity, please refer to the My Activity help center. Signed-in users can also view and edit their Google account ads profile in Ads Settings.
End user data from users who are not signed-in Google users can no longer be used by Google for purposes of targeting that user if:
- the user’s cookie expires or the user chooses to delete/clear their cookies; or
- the user turns off ads personalization across the web via Google Ads Settings.
We store a record of the ads we serve in our logs, for signed-in and signed-out users. These server logs typically include a user’s web request, IP address, browser type, browser language, the date and time of the ad request, and one or more cookies or an advertising ID that may uniquely identify that user’s browser or mobile device. We anonymize IP addresses in logs by removing part of the address after 9 months. After 18 months, we further anonymize log data by anonymizing or deleting cookie or advertising ID information in both logs and ad serving databases.
User data tied to cookies and advertising IDs is also used to detect and prevent ad fraud and ensure that users don’t see ads that they’ve blocked in the past. In these cases, or in cases where Google stores this data on behalf of its customers (e.g. in Google Analytics), data may be stored for periods longer than those specified above.
When Ad Manager/Ad Exchange associates information about a signed-in Google user’s activity with the user’s Google Account, the user can access that activity through My Activity, as described above. Signed-in Google users can also export all their My Activity records (including ads-related records) via Download your data.
Google relies on the European Commission’s Standard Contractual Clauses (SCCs) for transfers of online advertising and measurement personal data out of the European Economic Area, the UK, or Switzerland. For Processor Services, the Google Ads Data Processing Terms include the SCCs for transfers of personal data to processors established in third countries. For Controller Services, the Google Ads Controller-Controller Data Protection Terms include the SCCs for transfers of personal data to controllers established in third countries. Where there is a relevant transfer of personal data, the SCCs incorporated into partner’s contract with Google apply.
Google has earned ISO 27001 certification for the systems, applications, people, technology, processes, and data centers serving a number of Google products, including Ad Manager/Ad Exchange. Download our certificate here (PDF) or learn more about ISO 27001.