Google has a long history of taking a user-first approach in everything we do. As a part of our commitment to users, we do not sell personal information. We give users transparency and control over their ad experiences via My Ad Center, My Account and several other features to help you manage your account. Per our Personalized advertising policy, we don't use sensitive information like health, race, religion, or sexual orientation to personalize ads. We also invest in initiatives such as the Coalition for Better Ads, the Google News Initiative, and ads.txt to support a healthy and sustainable ads ecosystem.
Google welcomes privacy laws that protect consumers. In May 2018, we launched several updates to help publishers comply with the General Data Protection Regulation (GDPR) in the EEA.
We’re building on that feature set by offering restricted data processing, which will operate as set forth below, to help publishers manage their compliance with US states privacy laws.
Service provider terms
Google already offers data protection terms pursuant to the General Data Protection Regulation (GDPR) in Europe. We are now also offering service provider terms, which will supplement those existing data protection terms, effective January 1, 2023. For customers on our online contracts and updated platform contracts, the service provider terms will be incorporated into our existing contracts via the data protection terms. For such customers, there is no action required on your part to add the service provider terms into your contract.
Enabling restricted data processing (RDP) for applicable US states
For traffic in US states, or any region globally, publishers have the ability to configure restricted data processing (RDP). When an RDP signal is present, Ad Manager will not serve ads that are based on a user’s prior behavior and will send a non-personalized ad request to bidders. There are multiple ways in which a publisher can enable RDP:
1. Consent management platform
Many publishers will work with a consent management platform (CMP) to communicate the appropriate consent signals to their advertising partners based on the type of consent they receive from a user.
Google’s consent management solution provides optional messaging features via the Privacy & messaging tab.
2. Publisher ad tags
Publishers can also choose to activate RDP for only some users, via GPT and AdSense/Ad Exchange asynchronous ad tags on a per-request basis. This may be useful if you choose to display a “Do Not Sell My Personal Information” opt-out link. For those users that opt out, you may decide that passing this signal satisfies your regulatory obligations.
3. Standardized IAB framework
Ad Manager supports IAB Tech Lab’s Global Privacy Platform (GPP) for applicable US states. Further details on Google’s integration are available in this article. Using a standardized framework to enable RDP enables other partners to also read the signal.
Publishers may also choose to use the IAB Tech Lab US Privacy String to apply restricted data processing where necessary; however, we recommend that publishers migrate to the GPP string instead of IAB US Privacy String.
4. Privacy & messaging settings
To restrict data processing and only show non-personalized ads to eligible users in applicable US states, publishers can change their US state regulations settings in the Ad Manager user interface. These settings will apply to all US states covered by privacy legislation. They do not control data you may be sharing outside of your account (for example, through mediation).