Policies

Restricted data processing (CCPA) settings in Google’s publisher ad tags

Any per-request restricted data processing settings you configure will apply globally. For example, if you add per-request restricted data processing parameters to a request for a non-California user, restricted data processing mode will be enabled and only non-personalized ads will serve.

CCPA restricted data processing settings for pages using GPT and AdSense tags

Requesting ads

By default, ad requests to Google do not limit how data is processed and personalized ads are served, with ad selection based on both the content of the web page and the history of the individual user visiting the page. Google already supports sending signals via ad tags for multiple regulatory compliance and privacy reasons including:

  • Non-personalized ads settings in Google’s publisher ad tags 
    (Ad Manager, AdMob Android & iOS requesting consent developer documentation, AdSense)
  • Tagging an ad request for EEA users under the age of consent (TFUA)
    (Ad Manager, AdMob, AdSense)​
  • Tagging an ad request for child-directed treatment (TFCD)
    (Ad Manager, AdMobAdSense)
    Publishers may choose to use the TFCD parameter to tag requests for under-age users for CCPA compliance. Restricted data processing also will be enabled when the TFCD parameter is set

This article outlines how to request restricted data processing mode via ad tags. When you enable restricted data processing, Google will limit how it uses data and only serve non-personalized ads. If you want to enable restricted data processing for all users located in California who visit your property, no changes to your ad tagging are needed. You can read more about restricted data processing, including how to enable it in the UI in the Google Ad Manager, AdMob, or AdSense help centers.

If you choose to enable restricted data processing by sending a restricted data processing signal on a per-request basis, those changes will fully take effect in serving by 11PM Pacific Time on December 12, 2019. 

If you wish to enable restricted data processing for only some users, GPT and AdSense/Ad Exchange asynchronous ad tags offer publishers a way to trigger the serving of restricted data processing on a per-page basis. This may be useful if you choose to display a “Do Not Sell My Personal Information” opt-out link. For those users that opt out, you may decide that passing this signal satisfies your CCPA obligations. See "Helping publishers comply with the California Consumer Privacy Act (CCPA)" (Google Ad Manager, AdMob, AdSense) for more information about restricted data processing mode.

  • For the GPT tag, use the following code snippet:

    googletag.pubads().setPrivacySettings({
    'restrictDataProcessing': true
    });

  • For the AdSense and Ad Exchange asynchronous ad tag, use the following code snippet:

    <ins class="adsbygoogle"
    style="display:inline-block;width:728px;height:90px"
    data-ad-client="ca-pub-0123456789abcdef"
    data-ad-slot="0123456789"
    data-restrict-data-processing="1"></ins>

These methods will trigger restricted data processing  for subsequent Google ad requests from the page issued by the following supported ad tags: GPT, AdSense or Ad Exchange asynchronous ad tags (adsbygoogle.js), and the IMA SDK. Verify that an ad tag is restricting data processing by finding the ad request in your browser developer tools and looking for the parameter &rdp=1.

These same APIs allow disabling restricted data processing (and reactivation of personalization) by passing in false and 0, depending on the type the API expects. If a page contains multiple types of Google ad tags (for example, both a GPT tag and an AdSense/Ad Exchange asynchronous tag), you must use the RDP control for each type of tag.

Restricted data processing settings for other tags

GPT passback tags

If you're using GPT passback tags, you can mark an ad request as restricted data processing by using the same googletag.pubads().setPrivacySettings API that traditional GPT uses.

Omission of this setting defaults to allowing personalized ads.

Code example:

<script async
src="https://securepubads.g.doubleclick.net/tag/js/gpt.js"></script>
<div id='gpt-passback'>
  <script>
     window.googletag = window.googletag || {cmd: []};
     googletag.cmd.push(function() {
       googletag
         .defineSlot('/123/sports', [300, 250], 'gpt-passback')
         .addService(googletag.pubads());
       googletag.pubads().setPrivacySettings({
        'restrictDataProcessing': true
       });
       googletag.enableServices();
       googletag.display('gpt-passback');
     });
  </script>
</div>

Tagless Request

If you're using Tagless Request, you can mark an ad request as restricted data processing by adding the rdp=[int] parameter directly to the tag request URL. We recommend you specify the parameter early in the tag to avoid any risk of truncation. Specify rdp=1 to mark the ad request as restricted data processing. Omission of the parameter defaults to disabling restricted data processing and allowing personalized ads. 

Code example:

https://securepubads.g.doubleclick.net/gampad/ad?iu=/12345/adunit&sz=728x90&rdp=1&c=12345

Google Mobile Ads SDK

Please see the app developer site for more information on the Google Mobile Ads SDK.

Google Interactive Media Ads SDK (for Video)

On video requests, you can indicate that you want Google to treat your video content as restricted data processing. You can do this with a manually constructed master video tag (Ad Manager only) or using any of the platform-specific IMA SDKs (HTML 5 IMA SDK, iOS IMA SDK, Android IMA SDK, Google Cast IMA SDK).

If your video player uses Ad Manager's Dynamic Ad Insertion feature, it can also include the rdp=1 parameter with a video on demand (VOD) or live stream request to pass the parameter to any included ad requests (DAI HTML5 SDK, DAI Cast SDK, DAI iOS SDK, DAI Android SDK, DAI Roku SDK, DAI tvOS SDK).

Legacy Google publisher ad tags

Other types of Google ad tags (e.g., the legacy GAM tag, GUT tag, and AdSense or Ad Exchange synchronous tag (show_ads.js)) do not support restricted data processing ad requests. We recommend migrating to one of the tags that has full-feature support for both personalized ads and restricted data processing mode.

AdSense for Search

By default, ad requests to Google do not limit how data is processed and personalized ads are served, with ad selection based on both the user’s search query and the history of the individual user doing the search. When you enable restricted data processing, Google will limit how it uses data and only serve non-personalized ads.

You can either enable restricted data processing on a request basis as described below or by asking your account manager to disable personalization for specific properties.

  • For the Custom Search Ads - web ad tag, add the following text to the pageOptions in the Custom Search Ads tag:

    personalizedAds: false,

  • For the AdMob tag:

    builder.setAdvancedOptionValue("personalizedAds", "false");

  • For the iOS tag:

    [request setAdvancedOptionValue:@"false" forKey:@"personalizedAds"];

These methods will trigger restricted data processing and serve non-personalized ads for that particular request. This is a stateless parameter. If the parameter is not set in subsequent requests for that user, the behavior will revert to the default behavior, which is to request personalized ads.

Accelerated Mobile Pages (AMP)

For ad requests from AMP pages and AMP stories, you will soon be able to pass a user’s opt out signal using the amp-consent and amp-story-consent component. For more details, please follow the Github issue.

Was this helpful?
How can we improve it?