Ad Exchange policies and enforcement
This guide is intended to provide answers to commonly asked questions and share the framework of Ad Exchange policy enforcement. The information presented here does not, in any way, change the actual policies, which are available at www.google.com/adxbuyers/guidelines.html. You can also access the Ad Exchange policies from the Program Guidelines link located in the footer of the application.
Automated creative review
Ad Exchange reserves the right to conduct automated creative reviews in order to maintain the quality of ads on the exchange. While this does not change the Ad Exchange guidelines, creatives that don't meet our policies will be paused until corrected. The most common issues are: destination URL not working, flash cookies, raw IP addresses, missing or broken click macros, invalid 4th party calls, undeclared or incorrect landing page, customer creative ID misuse, non certified vendors, and creative download sizes.
Ad Exchange reserves the right to disapprove ads in breach of the content and creative policies outlined in the Google Ads Advertising Policies and to suspend entire accounts for certain violations. If you have any questions about the violations, please contact your account team.
- Animation length
- Ads must remain static after 30 seconds
- May not exceed a 150K initial load. For video creatives, this refers to when nearly 15-20% of the total weight for the first frame is served by the ad server. For display creatives, this refers to when the image or banner is displayed until all the creative assets load on the web page.
- Total download cannot exceed 5MB. Total download is referring to when the complete web page or all of the creative assets have been loaded and displayed.
- Maximum frame rate
- All creatives must open in new windows. The target window for the click-through URL must be set to
"_blank"so the click-through will open in a new window. Do not leave the target statement undeclared
- Trafficking errors, e.g. the destination URL matching where the user is sent, http://www.gooooogle.com, and leads to a parked domain
- Blank ads - each trafficked ad must contain a creative; rendering blank creatives is not acceptable
- Click-to-call ads - currently not supported
If a client’s ad is disapproved under these circumstances, they will be required to make the necessary compliance changes and resubmit their ads for review.
In addition to the above policies, Ad Exchange has the following policy on family safe status:
Google assigns a family status to all ads to make sure that ads are shown to an appropriate audience. Products that are considered to have "non-family safe" status cannot currently be run on Ad Exchange.
We continue to review this status and reserve the right to change this policy for Ad Exchange.
Data and third-party ad serving includes the following topics.
- Redirects or server-to-server callouts.
- Redirects or callouts to any technology, including ad servers, rich-media servers, tracking technologies, or verification technologies.
- The technology is issued by a single buyer on Ad Exchange solely for their own use and is not licensed to any third parties
- The technology is an approved technology vendor
No fifth-party calls are allowed. You cannot have an ad on Ad Exchange that calls a third-party ad server that calls another third-party ad server (fourth-party call) that calls another third-party ad server (fifth-party call).
Policy for third and fourth-party calls
Refer to the requirements for third-party ad serving, under third-party ad serving for a complete list of policy requirements.
You may use a cookie, web beacon, or other tracking mechanism to collect anonymous traffic data for purposes of aggregated reach, frequency and/or conversion reporting, provided you use a certified third party vendor for this purpose. Collecting impression-level data via cookies or other mechanisms for purposes of subsequent re-targeting, interest category categorization or personalization, or syndication to other parties on Google Display Network inventory is prohibited. This restriction does not apply to click- or conversion-level data.
You may not associate cookies, web beacons, or other tracking mechanisms with personally-identifiable information (PII) for any purpose or with precise user location for behavior targeting unless the user has knowingly and expressly opted in. For purposes of this document, PII and precise user location does not include IP addresses.
You will not, and will not assist or knowingly permit any third party, to set a cookie, or alter or delete a cookie set, on any Google owned and operated domains, including, without limitation, on a DoubleClick domain.
You can see a list of approved technology vendors who perform data collection, by searching for a research vendor type.
An ad served by a buyer for an advertiser contains a tracking URL, collecting user data to be used with subsequent campaigns. For example, using the pixel below, the vendor "collectuserdata.net", needs to be declared in the ad:
If the vendor is not available on the list of declarable vendors, it is either white-listed on the approved technology vendors list or not allowed under any circumstances.
Flash cookies and other locally shared object (LSO) technologies are not allowed on Ad Exchange.
Flash cookies & local storage
Flash cookies are defined as any locally shared object (LSO) technologies (including, but not limited to, flash cookies, browser helper objects, or HTML5 localStorage) for behavioral advertising, ad delivery, reporting, and/or multi-site advertising.
A flash banner is served that sets a .lso file; the banner writes data about the page the user was on, the products displayed in the banner, and makes a backup of the user’s web cookie data. Users cannot easily or transparently block LSO objects, and it is against Google policies to gather ad serving data from an ad impression.
Please refer to the Requirements for third-party ad serving, under third-party ad serving.
Malware is not accepted or tolerated within any Google product including Ad Exchange. Google verifies any creatives directly uploaded into Ad Exchange, or follows the third-party redirect for malware or viruses through proprietary systems.
Malware violations are not accepted or tolerated within any Google product, including Ad Exchange. Google reviews creatives or the third-party redirect uploaded in the service. Learn more about What Google does to prevent malware.
Given Ad Exchange's relationship with third-parties, however, there is the possibility that a buyer on Ad Exchange, either in their system or through a call-out from their system, may have a policy violation or introduce malware or viruses to Ad Exchange. Any buyer that intentionally violates policy or actively uploads malware or viruses directly into Ad Exchange will be immediately and permanently terminated. For those using external calls, Google will attempt to detect any such activity and suspend the associated creative or call-out. Should a violation be detected, Google's policy toward the buyer is as follows in the Enforcement section.
Buyers that serve ads from a third-party are required to use a Google click macro in their tags. This allows clicks to be reported back to Google, which can then share them with publishers. Click macros are also used to protect inventory by detecting invalid clicks and impressions. All certified vendors and tags have been tested to support the Google click macro.
Learn more about the different macros and their implementation.
Helping partners comply with the California Consumer Privacy Act (CCPA)
Google has a long history of taking a user-first approach in everything we do. As a part of our commitment to users, we never sell personal information and we give users transparency and control over their ad experiences via My Account and several other features to help you manage your account. Per our Personalized advertising policy, we never use sensitive information to personalize ads. We also invest in initiatives such as the Coalition for Better Ads, the Google News Initiative and ads.txt in order to support a healthy, sustainable ads ecosystem.
Today, we’re building on that feature set by offering restricted data processing, which will operate as set forth below, to help advertisers, publishers, and partners manage their compliance with the California Consumer Privacy Act (CCPA).
About the California Consumer Privacy Act
The California Consumer Privacy Act (CCPA) is a new data privacy law that establishes various rights for California state residents. The law applies to companies that do business in California and meet one of several criteria related to revenue, data processing, and other factors. CCPA requires giving residents the right to opt out of the “sale” of their “personal information” (as the law defines those terms), with the opt-out offered via a prominent “Do Not Sell My Personal Information” link on the “selling” party’s homepage. CCPA does recognize certain exceptions to the definition of “sale,” such that not all transfers of personal information are “sales.” For example, transferring personal information to a “service provider” under the law is not a sale.
Restricted Data Processing
The Authorized Buyers and Open Bidding services always operate under Restricted Data Processing for queries. Buyers/bidders do not need to make any changes for this behavior to be applied.
For customers on our online contracts and updated platform contracts, the restricted data processing terms will be incorporated into our existing platform contracts via the controller-controller terms and will come into force on Jan 1, 2020. There is no action required on your part to add this restricted data processing language into your contract.