Google has a long history of taking a user-first approach in everything we do. As a part of our commitment to users, we do not sell personal information. We give users transparency and control over their ad experiences via My Ad Center, My Account and several other features to help you manage your account. Per our Personalized advertising policy, we don't use sensitive information like health, race, religion, or sexual orientation to personalize ads. We also invest in initiatives such as the Coalition for Better Ads, the Google News Initiative, and ads.txt to support a healthy and sustainable ads ecosystem.
Google welcomes privacy laws that protect consumers. In May 2018, we launched several updates to help publishers comply with the General Data Protection Regulation (GDPR) in the EEA.
We’re building on that feature set by offering restricted data processing, which will operate as set forth below, to help publishers manage their compliance with US states privacy laws.
Service provider terms
Google already offers data protection terms pursuant to the General Data Protection Regulation (GDPR) in Europe. We are now also offering service provider terms, which will supplement those existing data protection terms, effective January 1, 2023. For customers on our online contracts and updated platform contracts, the service provider terms will be incorporated into our existing contracts via the data protection terms. For such customers, there is no action required on your part to add the service provider terms into your contract.
Select a data processing setting
By default, data processing in AdSense isn't restricted and personalized ads will be shown to users on your site or app. To restrict data processing and only show non-personalized ads to eligible users in applicable US states, you need to change the CPRA settings. These settings don't control data you may be sharing outside of your account, for example through mediation.
To change the CPRA data processing settings for your entire account, complete the following steps:
- Sign in to your AdSense account.
- Click Privacy & Messaging
CPRA
- Select the option you want to apply to your AdSense account.
- Don't restrict data processing: Google will show personalized ads to eligible users in applicable US states.
- Restrict data processing: Google will only show non-personalized ads to eligible users in applicable US states.
- Click Save changes.
CPRA Don’t restrict data processing
If you choose “Don’t restrict data processing”, you can select the advertising partners that are eligible to receive bid requests for users Google determines are in the applicable US states.
Complete the following steps to specify eligible advertising partners.
- Sign in to your AdSense account.
- Click Privacy & Messaging
- In the “Review your ad partners” section, select the list you want to use.
- Use active ad partners: Use the list of all available advertising partners provided within this feature’s setting. Google and all active advertising partners are eligible for bid requests from users Google determines are in the applicable US states.
- Custom ad partner: Customize the list of all available advertising partners to create your own custom list. Only selected advertising partners are eligible for bid requests from users Google determines are in the applicable US states. Under this option, users in your AdSense account are notified when new advertising partners join the platform. New advertising partners are not automatically added to your custom list and can be manually included.
- Click Save changes.
Restrict data processing
When a publisher enables restricted data processing, on the publisher’s instruction Google will further limit how it uses data and begin serving non-personalized ads only. Non-personalized ads are not based on a user’s past behavior. They are targeted using contextual information, including coarse (such as city-level, but not ZIP/postal code) geo-targeting based on current location, and content on the current site or app or current query terms. Google disallows all interest-based audience targeting, including demographic targeting and user list targeting when in restricted data processing mode.
Restricted data processing options:
Publishers must decide for themselves when and how to enable restricted data processing mode, based on their own compliance obligations and legal analysis. Two common scenarios are below.
- Some publishers may choose not to display a “Do Not Sell My Personal Information” link on their properties. Such publishers may choose to enable restricted data processing for all of their programmatic traffic for users in the applicable U.S. states via a network control. If they select this option, Google will use user IP addresses to determine the location of users and enable restricted data processing mode for any users we can detect have an IP address in applicable U.S. states.
- Alternatively, other publishers may choose to display a “Do Not Sell My Personal Information” link. Such publishers may choose to send a restricted data processing signal on a per-request basis once a user has opted out of the sale of their personal information.
Finally, partners who have implemented the Global Privacy Control may choose to enable restricted data processing when they receive a GPC opt-out signal.
