US states privacy laws guidance

Restricted data processing settings in Google’s publisher ad tags

Any per-request restricted data processing settings you configure will apply globally. For example, if you add per-request restricted data processing parameters to a request for a user from an applicable U.S. state, restricted data processing mode will be activated and only non-personalized ads will serve.

Restricted data processing settings for pages using GPT and AdSense tags

Requesting ads

By default, ad requests to Google do not limit how data is processed and personalized ads are served, with ad selection based on both the content of the web page and the history of the individual user visiting the page. Google already supports sending signals via ad tags for multiple regulatory compliance and privacy reasons including:

  • Non-personalized ads settings in Google’s publisher ad tags 
    (Ad Manager, AdMob, Android & iOS, AdSense)
  • Tagging an ad request for EEA users under the age of consent (TFUA)
    (Ad Manager, AdMob, AdSense)​
  • Tagging an ad request for child-directed treatment (TFCD)
    (Ad Manager, AdMobAdSense)
    Publishers may choose to use the TFCD parameter to tag requests for under-age users. Restricted data processing also will be activated when the TFCD parameter is set

This article outlines how to request restricted data processing mode via ad tags. When you activate restricted data processing, Google will limit how it uses data and only serve non-personalized ads. If you want to activate restricted data processing for all users located in applicable U.S. states who visit your property, no changes to your ad tagging are needed. You can read more about restricted data processing, including how to activate it in the UI in the Google Ad Manager, AdMob, or AdSense help centers.

If you wish to activate restricted data processing for only some users, GPT and AdSense/Ad Exchange asynchronous ad tags offer publishers a way to trigger the serving of restricted data processing on a per-page basis. This may be useful if you choose to display a “Do Not Sell My Personal Information” opt-out link. For those users that opt out, you may decide that passing this signal satisfies your regulatory obligations. See "Helping publishers comply with the U.S. states privacy laws" (Google Ad Manager, AdMob, AdSense) for more information about restricted data processing mode.

  • For the GPT tag, use the following code snippet:

    googletag.pubads().setPrivacySettings({
    'restrictDataProcessing': true
    });

  • For the AdSense and Ad Exchange asynchronous ad tag, use the following code snippet:

    <ins class="adsbygoogle"
    style="display:inline-block;width:728px;height:90px"
    data-ad-client="ca-pub-0123456789abcdef"
    data-ad-slot="0123456789"
    data-restrict-data-processing="1"></ins>

These methods will trigger restricted data processing  for subsequent Google ad requests from the page issued by the following supported ad tags: GPT, AdSense or Ad Exchange asynchronous ad tags (adsbygoogle.js), and the IMA SDK. Verify that an ad tag is restricting data processing by finding the ad request in your browser developer tools and looking for the parameter &rdp=1.

These same APIs allow disabling restricted data processing (and reactivation of personalization) by passing in false and 0, depending on the type the API expects. If a page contains multiple types of Google ad tags (for example, both a GPT tag and an AdSense/Ad Exchange asynchronous tag), you must use the RDP control for each type of tag.

Restricted data processing settings for other tags

GPT passback tags

If you're using GPT passback tags, you can mark an ad request as restricted data processing by using the same googletag.pubads().setPrivacySettings API that traditional GPT uses.

Omission of this setting defaults to allowing personalized ads.

Code example:

<script async
src="https://securepubads.g.doubleclick.net/tag/js/gpt.js"></script>
<div id='gpt-passback'>
  <script>
     window.googletag = window.googletag || {cmd: []};
     googletag.cmd.push(function() {
       googletag
         .defineSlot('/123/sports', [300, 250], 'gpt-passback')
         .addService(googletag.pubads());
       googletag.pubads().setPrivacySettings({
        'restrictDataProcessing': true
       });
       googletag.enableServices();
       googletag.display('gpt-passback');
     });
  </script>
</div>

Tagless Request

If you're using Tagless Request, you can mark an ad request as restricted data processing by adding the rdp=[int] parameter directly to the tag request URL. We recommend you specify the parameter early in the tag to avoid any risk of truncation. Specify rdp=1 to mark the ad request as restricted data processing. Omission of the parameter defaults to disabling restricted data processing and allowing personalized ads. 

Code example:

https://securepubads.g.doubleclick.net/gampad/ad?iu=/12345/adunit&sz=728x90&rdp=1&c=12345

Google Mobile Ads SDK

Please see the app developer site for more information on the Google Mobile Ads SDK.

Google Interactive Media Ads SDK (for Video)

On video requests, you can indicate that you want Google to treat your video content as restricted data processing. You can do this with a manually constructed master video tag (Ad Manager only) or using any of the platform-specific IMA SDKs (HTML 5 IMA SDK, iOS IMA SDK, Android IMA SDK, Google Cast IMA SDK).

If your video player uses Ad Manager's Dynamic Ad Insertion feature, it can also include the rdp=1 parameter with a video on demand (VOD) or live stream request to pass the parameter to any included ad requests (DAI HTML5 SDK, DAI Cast SDK, DAI iOS SDK, DAI Android SDK, DAI Roku SDK, DAI tvOS SDK).

Legacy Google publisher ad tags

Other types of Google ad tags (e.g., the legacy GAM tag, GUT tag, and AdSense or Ad Exchange synchronous tag (show_ads.js)) do not support restricted data processing ad requests. We recommend migrating to one of the tags that has full-feature support for both personalized ads and restricted data processing mode.

AdSense for Search

By default, ad requests to Google do not limit how data is processed and personalized ads are served, with ad selection based on both the user’s search query and the history of the individual user doing the search. When you activate restricted data processing, Google will limit how it uses data and only serve non-personalized ads.

You can either activate restricted data processing on a request basis as described below or by asking your account manager to deactivate personalization for specific properties.

  • For the Search ads - web ad tag, add the following text to the pageOptions in the Search ads tag:

    personalizedAds: false,

  • For the AdMob tag:

    builder.setAdvancedOptionValue("csa_personalizedAds", "false");

  • For the iOS tag:

    [request setAdvancedOptionValue:@"false" forKey:@"personalizedAds"];

These methods will trigger restricted data processing and serve non-personalized ads for that particular request. This is a stateless parameter. If the parameter isn't set in subsequent requests for that user, the behavior will revert to the default behavior, which is to request personalized ads.

Accelerated Mobile Pages (AMP)

These directions only apply to Ad Manager and AdSense. Learn how to configure each scenario for AMP pages that request ads with <amp-ad type=”doubleclick”> or <amp-ad type=”adsense”>.

For ad requests from AMP pages, publishers may choose to restrict data processing for all users located in applicable U.S. states, or they may choose to restrict data processing selectively by following the instructions below to deactivate personalization. Publishers will use the existing deactivate personalization settings when they want to activate restricted data processing. These terms will be used interchangeably throughout this article.

Requesting non-personalized ads for users in applicable U.S. states

If you use AMP AdSense tags, or AMP Doubleclick without Real Time Config (RTC), you may simply activate restricted data processing in the Google Ad Manager or AdSense UIs, and no further changes to your AMP pages are needed.

If your AMP ad tags do use Real Time Config (RTC), RTC requests are only sent if consent is given or not required. (Note: You can allow specific RTC callouts to be sent regardless of consent state.) To avoid sending RTC requests for users who will receive non-personalized ads (i.e., those in applicable U.S. states) you can use the following components and configurations (amp-geo and amp-consent):

<!-- Set up the amp-geo component to detect end users from the U.S. amp-geo only supports country level geo detection now, but U.S. states detection is coming soon. Please make sure to handle the case “unknown” when the country cannot be determined by amp-geo, and have at least one group contain the “unknown” -->
<amp-geo layout=nodisplay>
  <script type="application/json">
    {
      "ISOCountryGroups": {
        "us": ["us"],
        "eea": ["preset-eea", “unknown”]
      }
    }
  </script>
</amp-geo>

<!-- Set up the amp-consent component to block requests and collect user consents. We'll later configure it to be auto-rejected, so it doesn't actually prompt for consent. This prevents RTC callouts and signals Ad Manager/AdSense to serve non-personalized ads. -->
<amp-consent layout="nodisplay" id="consent-element">
  <script type="application/json">
    {
     “consentInstanceId”: “my_consent”,
      “consentRequire”: false,
“geoOverride”: {
  “us”: {
    “consentRequired”: “remote”,
    “checkConsentHref”: “https://your-endpoint” 
  }
}     
  </script>
</amp-consent>

Because amp-geo does not currently support detecting applicable U.S. states, you need to provide an endpoint to tell AMP if consent is required for the current user via the checkConsentHref setting. AMP expects a JSON object back from the endpoint, please find more information about the endpoint response from the AMP site document.

If setting an endpoint does not work for you, the AMP team is working on an upcoming feature to help you detect applicable U.S. states users. Before that feature launch, you can choose to apply the consent setting to all U.S. users as a temporary solution. The amp-consent config looks like:

<!-- Set up the amp-consent component to block requests and collect user consents for all U.S. users -->
<amp-consent layout="nodisplay" id="consent-element">
  <script type="application/json">
    {
     “consentInstanceId”: “my_consent”,
      “consentRequire”: false,
“geoOverride”: {
  “us”: {
    “consentRequired”: “true”
  }
}     
  </script>
</amp-consent>

You must add the attribute data-block-on-consent to any existing amp-ad components on the page as indicated below. _auto_reject instructs the ads to not wait for prompt, but fallback to serve non-personalized ads directly. 

<!-- Finally we set up the ad tag, directing it to automatically reject consent -->
<amp-ad data-block-on-consent="_auto_reject"
    width=320 height=50
    type="doubleclick"
    data-slot="/4119129/mobile_ad_banner">
</amp-ad>

Serving personalized/non-personalized ads based on consent

Since AMP does not allow custom JavaScript, the requesting of personalized or non-personalized ads is based on the configuration of an amp-consent component, and the attributes data-block-on-consent and data-npa-on-unknown-consent. Assuming you have configured an amp-consent component and linked it to all <amp-ad> tags on the page using data-block-on-consent:

  • If the user has responded affirmatively to the amp-consent component (user accepts the consent prompt), ads will be requested normally.
  • If the user has responded negatively to the amp-consent component (user rejects the consent prompt), non-personalized ads will be requested.
  • If the user’s response to the amp-consent is unknown (user dismisses the consent prompt)
    • By default, no ad requests are sent at all.
    • If data-npa-on-unknown-consent is set to true, non-personalized ads will be requested.
  • If you configure an amp-geo component such that consent isn't applicable based on the user’s geographical location, requests are sent normally.

If your <amp-ad> tags do not use data-block-on-consent, or the amp-consent component has not been correctly configured, requests are sent normally.

The following is an example of a configuration that prompts all users in the applicable U.S. states for consent, with resulting behavior as described above:

<!-- Set up the amp-geo component to detect end users from the U.S. amp-geo only supports country level geo detection now, but U.S. states detection is coming soon. Please make sure to handle the case “unknown” when the country cannot be determined by amp-geo, and have at least one group contain the “unknown” -->

<amp-geo layout=nodisplay>
  <script type="application/json">
    {
      "ISOCountryGroups": {
        "us": ["us"],
        "unknown": ["unknown"]
      }
    }
  </script>
</amp-geo>

<!--Setup the consent for users in the U.S -->

<amp-consent layout="nodisplay" id="consent-element">
  <script type="application/json">
    {
    “consentInstanceId” : “my_consent”,
      “consentRequired”: false,
      “geoOverride”: {
        “us”: {
          “consentRequired”: “true”,
          “promptUI”: “myConsentFlow”
        }
      }
    }
  </script>
  <div id=”myConsentFlow”>...</div>
</amp-consent>

<!-- Finally we set up the ad tag, directing it to wait for consent when necessary, and request non-personalized ads if resolved consent is unknown -->
<amp-ad data-block-on-consent
    data-npa-on-unknown-consent=true
    width=320 height=50
    type="doubleclick"
    data-slot="/4119129/mobile_ad_banner">
</amp-ad>

You can set up your own endpoint to selectively prompt users for consent by configuring the page to send a CORS POST request to an endpoint via checkConsentHref. You can learn more by reading the amp-consent documentation.

Was this helpful?

How can we improve it?
Search
Clear search
Close search
Main menu
2219629886594873836
true
Search Help Center
true
true
true
true
true
148
false
false