Google has a long history of taking a user-first approach in everything that we do. As a part of our commitment to users, we never sell personal information and give users transparency and control over their ad experiences via tools like My Account, Why this Ad and Mute this Ad. We also invest in initiatives such as the Coalition for Better Ads, the Digital News Initiative, the Google News Initiative and ads.txt in order to support a healthy, sustainable ads ecosystem and help you, our publishers, grow.
In August 2017, we announced our commitment to comply with the European Union's new General Data Protection Regulation (GDPR), which applies to users in the European Economic Area (EEA) and the UK.
This article provides additional details about how we're supporting impacted publishers. Additionally, we've provided answers to some commonly asked questions.
Across our publisher suite (Google Ad Manager, Ad Exchange, AdMob and AdSense), both you and Google operate as independent controllers of personal data. We operate as a controller because we regularly make decisions on the data to deliver and improve the product – for example, testing ad serving algorithms, monitoring end-user latency and ensuring the accuracy of our forecasting system. Additionally, we use data to deliver relevant and high-performing ads in features like Optimised Pricing in the open auction. Learn more about how we process data in Ad Manager and Ad Exchange here.
The designation of Google’s publisher products as controller doesn't give Google any additional rights over data derived from a publisher’s use of those products. Google’s uses of data continue to be controlled by the terms of its contract with its publishers, and any feature-specific settings chosen by a publisher through the user interface of our products.
You're not required to seek consent for a user’s activity on Google’s sites (we obtain that ourselves when users visit our sites). We're asking only that you seek consent for your uses of our ads products on your properties. We already require that certain consents are obtained from your users in the EEA and the UK, and we're updating those requirements in line with the GDPR. We encourage you to link to this user-facing page explaining how Google manages data in its ads products. Doing so will meet the requirement of our EU user consent policy to give your users information about Google’s uses of their personal data.
Google operates as a data processor for some features in Ad Manager, Ad Exchange and AdMob. As such, Google only processes data on behalf of, and on the instruction of, relevant publishers.
The GDPR introduced significant new obligations for the ecosystem (see GDPR legal and regulatory guidance references below), and the changes we've announced to our EU user consent policy reflect this. We've updated our Help page for the EU user consent policy to address questions that we've received from our customers.
We provide a range of optional tools to help you with gathering user consent across your websites and apps, including:
- Funding Choices 'Privacy and messaging', a consent gathering tool available for desktop and mobile web:
- Updates to suggested consent language at cookiechoices.org (where we list alternative consent solutions)
- A consent component for Accelerated Mobile Pages (AMP)
We'll continue to engage with IAB Europe on their transparency and consent framework, as well as work to ensure that industry solutions are interoperable with Google’s publisher ad serving products (Ad Manager, AdSense).
Control over ads personalisation
We also provide publisher controls for ads personalisation:
- Ad Technology Provider Controls (Ad Manager Help Centre, AdMob Help Centre, AdSense Help Centre) give you the ability to select which partners you want to measure and serve ads for EEA and UK users on your sites and apps when inventory is sold via programmatic channels, including Programmatic Guaranteed. You can select your preferred partners from a list of companies that have provided us with information about their compliance with the GDPR – all of whom also have to comply with our data usage policy to help protect your users’ data. The full list of ad technology providers featured in those controls is available in the Help Centres for Ad Manager, AdSense and AdMob. (Measurement and ad technology partners who haven't yet provided this information should contact us using this form.)
- A non-personalised ads solution (Ad Manager Help Centre, AdSense Help Centre) allows you to present EEA and UK users with a choice between personalised ads and non-personalised ads (or to choose to serve only non-personalised ads to all users in the EEA and the UK). Non-personalised ads only use contextual information, including coarse general (city-level) location.
European child privacy regulations
In August 2020, we announced our commitment to comply with the Age Appropriate Design Code (AADC) which applies to users in the United Kingdom, and additional child privacy regulations applicable to users in the European Economic Area (EEA) and Switzerland.
Under the Age Appropriate Design Code and related child privacy regulations, publishers may not be able to show personalised ads to users under 18 years of age in the European Economic Area, United Kingdom and/or Switzerland. As a publisher, you can mark an ad request for restricted data processing by using the TFUA tag to indicate a request for a user under 18 years of age. Additionally, Google will implement safeguards to prevent age-sensitive ad categories from being shown.
For more information about the GDPR and its application to digital publishers and advertising:
- Article 29 Working Party Guidelines on consent under the GDPR (2018)
- Article 29 Working Party Guidelines on transparency under the GDPR (2018)
- Opinion 06/2014 on the notion of legitimate interests of the data controller under Article 7 of the GDPR
- IAB Europe Guidance: Five Practical step to comply with the EU E-Privacy Directive (2015)
For regulatory guidance on cookie consent in advertising, refer to: