Google has a long history of taking a user-first approach in everything we do. As a part of our commitment to users, we do not sell personal information. We give users transparency and control over their ad experiences via My Ad Center, My Account and several other features to help you manage your account. Per our Personalized advertising policy, we don't use sensitive information like health, race, religion, or sexual orientation to personalize ads. We also invest in initiatives such as the Coalition for Better Ads, the Google News Initiative, and ads.txt to support a healthy and sustainable ads ecosystem.
We’re building on that feature set by offering restricted data processing, which will operate as set forth below, to help publishers manage their compliance with US states privacy laws.
Service provider terms
Google already offers data protection terms pursuant to the General Data Protection Regulation (GDPR) in Europe. We are now also offering service provider terms, which will supplement those existing data protection terms, effective January 1, 2023. For customers on our online contracts and updated platform contracts, the service provider terms will be incorporated into our existing contracts via the data protection terms. For such customers, there is no action required on your part to add the service provider terms into your contract.
Enabling restricted data processing (RDP) for applicable US states
For traffic in US states, or any region globally, publishers have the ability to configure restricted data processing (RDP). When an RDP signal is present, Ad Manager will not serve ads that are based on a user’s prior behavior and will send a non-personalized ad request to all bidders. There are multiple ways in which a publisher can enable RDP:
1. Consent management platform
Many publishers will work with a consent management platform (CMP) to communicate the appropriate consent signals to their advertising partners based on the type of consent they receive from a user.
Google’s own consent management solutions will allow you to enable RDP to serve non-personalized ads for eligible web users in applicable US states, as well as provide optional messaging features, via the Privacy & messaging tab.
2. Publisher ad tags
Publishers can also choose to activate RDP for only some users, via GPT and AdSense/Ad Exchange asynchronous ad tags on a per-request basis. This may be useful if you choose to display a “Do Not Sell My Personal Information” opt-out link. For those users that opt out, you may decide that passing this signal satisfies your regulatory obligations.
3. Standardized IAB framework
Today, publishers can choose to use the IAB Tech Lab US Privacy String to apply restricted data processing where necessary. Publishers can pass this string, or work with a CMP to do so. Using a standardized framework to enable RDP ensures that mediation partners can read the signal. By Q1 2024, AdSense, AdMob, and Ad Manager will begin supporting IAB Tech Lab’s Global Privacy Platform (GPP) for applicable US states and will activate RDP whenever the GPP signal is received. After GPP is fully supported by AdSense, AdMob, and Ad Manager for US states, we will recommend that publishers start sending the GPP string instead of IAB US Privacy String.
4. Privacy & messaging settings
To restrict data processing and only show non-personalized ads to eligible users in applicable US states, publishers can change their US state regulations settings in the Ad Manager UI. These settings will apply to all US states covered by privacy legislation. They do not control data you may be sharing outside of your account (for example, through mediation).