Breach notice: Resolving violations of the Identifying Users policy
In the interests of protecting end user privacy, Google ads product policies mandate that publishers must not pass any data to Google that Google could use or recognize as personally identifiable information (PII).
Publishers are given 30 days to remediate breaches of the identifying users policy. During this period, publishers will receive weekly email messages from email@example.com containing a list of ad requests grouped by domain from which PII is being detected.
For each weekly email, please investigate the list of ad requests and respond to the policy team using the form linked in the email.
An ad request is counted whenever your site requests an ad to be displayed. An ad request is reported each time a request was sent, even if no ads were returned and backup ads were displayed instead. Ad requests contain several key pieces of information used to target advertisements and perform analysis including: ad size, ad slot ID, and URL.
When the policy team detects that a given ad request is sending PII, we group the ad requests triggering the PII detection over the past 7 days together by URL path, and send them to publishers for remediation. Additional information is also reported along with the ad request to aid publishers in the remediation process.
The ad requests take the following form:
Domain: example.com has 1 unique url(s).
Url group: example.com/subscription.rtb
Found 3 time(s) or .75 of the total records
Url sample: http://firstname.lastname@example.org
Record sample: GET /pagead/ads?client=ca-pub-123456789&format=728x90&output=html&h=90&slotname=9037932612&adk=1049035565&w=728&lmt=1419923683&ea=0&flash=15.0.0&url=http%3A%2F%2Fwww.example.com%2Fsubscription.rbt%3Femail%3Dredacted@example.com&dt=1419941683831&ref=http%3A%2F%2Fwww.example.com%2F
Most recent time: 2015-01-04 21:28:46 UTC
Please refer to the following definitions to interpret this information:
Url group: The specific URL on which the PII is being detected.
Found () times: The number of times that PII has been detected from a given URL group over the past 7 days.
Url sample: A sample URL corresponding to the URL group from which PII was detected. PII is redacted from these samples.
Record sample: The raw ad request containing PII. Please note that the ad request is reported in escaped form.
The specific page that's passing PII can be found in the escaped ad request. Its URL is located between the
url= and the
&dt tags. Use an unescaping tool to unescape the URLs and visit the page in question.
If you are notified that your account is in breach of the identifying users policy, please respond to the breach notice promptly, using the form linked in the email.
You should included the publisher ID exactly as it is provided in the email from Google. You will be asked to specify a status, which is a way of updating the policy team regarding your progress in resolving the breach.
The following statuses are available:
- I took steps to fix the issue. Please send an updated report.
If you believe that you have fixed the issue, and would like to obtain an updated list of ad requests that are triggering the policy team’s PII detection system, please select this status.
- I acknowledge the alert and I will investigate accordingly.
If you are still working on fixing the issue, please select this status. In this case, the policy team will send you an updated list of ad requests within the next seven business days to help inform your remediation efforts.
- I believe I was contacted in error. Please re-review my account.
If you believe that you were contacted in error, please select this status. In this case, the policy team will conduct a re-review of your account and send you a follow-up message. Learn more about false positives.