About support for GDPR in Ad Manager
Google provides extensive tools to help Ad Manager publishers comply with the GDPR and our EU User Consent Policy. This includes helping publishers select their preferred ad technology providers (ATPs) for ads personalization from a list of companies that have provided Google with information about their compliance with the GDPR—all of whom also have to comply with our data usage policy to ensure publisher data is protected. This list of ATPs applies to programmatic demand and can be extended to reservations, as well.
Additionally, the IAB Europe Transparency & Consent Framework v2.0 is now available and Google has begun reading and passing the TC string for all ad requests. Users can provide consent on a per-vendor and per-purpose basis. If a publisher decides to use the TCF v2.0 to manage consent, then the TC string will be checked against the list of ad technology providers a publisher has declared or Google has detected.
You can access the EU user consent settings for GDPR in Ad Manager by clicking Home Privacy & messaging GDPR Settings.
You can access the reservation creatives declaration settings by clicking Home Admin Delivery Delivery settings.
Declare ad technology providers that you work with on reservation creatives. Reservation creatives are associated with non-programmatic line items, including guaranteed (Sponsorship and Standard) and non-guaranteed (Network, Bulk, Price Priority, and House). Google will check for consent for any ad technology providers that you declare when determining whether reservation creatives are eligible to serve.
Complete the following steps to declare ad technology providers for reservations for your entire network:
- Sign in to Google Ad Manager.
- Click Admin Delivery Delivery settings.
- Select an option to declare the ad technology providers you work with on reservation creatives:
- No ad technology providers to declare: You choose not to declare any ad technology providers for reservation creatives.
- Declare ad technology providers: Search for the names of ad technology providers you work with on reservation creatives, then select the ad technology providers to add them to the list.
- Click Privacy & messaging GDPR Settings.
- In the Add custom ad partner URLs field, enter the URL of any owned ad technology. If you use any ad technology owned by you or your company on your site or app, such as a content delivery network, enter its URL, domain, or subdomains to make sure that ad technology isn’t blocked in reservation requests. This list should only include ad technologies that you were unable to declare in the previous step.
It is your responsibility to ensure that you have consent for any URLs that you enter if consent is required.
- Allow Google to extend consent checking to all reservations in the EEA. You can opt in to the "Check reservation creatives for consent" feature to allow Google to scan all reservation requests and ensure that your network only serves reservations for which you have user consent. This option applies to publishers who are using Google's tools to manage consent for GDPR, as well as those who are using the TCF v2.0 to manage consent.
If you do not opt in, it is still your responsibility to ensure that your reservations have the necessary user consent to serve if consent is required.
- Click Save.
You can declare additional ad technology providers for reservation creatives directly on creative and creative wrapper detail pages. These declarations will override the settings selected on the EU user consent page and only apply to the associated creative or creative wrapper.
Complete the following steps to declare additional ad technology providers:
- Sign in to Google Ad Manager.
- Click Home Delivery Creatives or Admin Inventory Creative Wrappers.
- Click the name of an existing creative, or add a new creative.
- In the “Associated ad technology providers” section of the details page, select one of the following options:
- Use EU user consent settings: Applies the declarations you have already selected in the GDPR settings.
- Set custom settings: Allows you to enter custom declarations for the selected reservation creative or creative wrapper.
- If you chose to set custom settings, declare the ad technology providers you want to work with on this reservation creative or creative wrapper.
- No ad technology providers to declare: You choose not to declare any additional ad technology providers for this reservation creative or creative wrapper.
- Declare ad technology providers: Search for the names of ad technology providers you work with on this reservation creative or creative wrapper, then select the ad technology provider to add them to the list.
Any override you make here will override your network-level EU user consent/GDPR settings for this creative or creative wrapper. When both creative- and creative wrapper-level declarations are available, all declared ad technologies will be used.
- Click Save.
Ad technology providers declaration status
Google scans all creatives to detect the declared ad technology providers. This scan also detects any ad technology providers that have not been declared and lists them so that you can update the declarations on the EU user consent settings or the creative.
Possible statuses include:
- Incomplete: At least one detected ad technology provider wasn’t declared at the network level or on the creative. Action may be required; review the creative.
- We found ad technology providers that you haven't declared: No action is required as publishers have no obligation to make any declarations on their reservation creatives. Additionally, declaring vendors that are not in the GDPR-certified list might block all reservation campaigns.
- We found unknown URLs that may affect serving eligibility: Action may be required if the referred technology is owned by you or your company on your site or app, such as a content delivery network. Otherwise, ad technology providers that are not listed can contact Google to seek certification.
- Complete: All detected ad technology providers have been declared, either at the network level or on the creative. No action required.
- Dash ("-"): The creative hasn't been scanned recently because it isn't active and its status may be out of date. Represented by a dash ("-"). No action required.