If you enable restricted data processing with Google (including following a user opt-out by clicking on a “Do Not Sell My Personal Information” link) then Google will restrict how it uses certain unique identifiers, and other data processed in the provision of services to you, to only undertake certain business purposes, on a forward-looking basis, as set out here.
In addition to restricted data processing, we offer data deletion and retention controls to assist our customers with their CCPA compliance. Subject to the terms of our CCPA service provider addendum, our data deletion and retention commitments apply when we act as your service provider with respect to data processed while restricted data processing is enabled, on a backwards-looking basis.
Note: In certain cases, due to our privacy-by-design and data minimization practices, we may not be able to identify specific user data in response to a deletion request. For example, we generally do not have the ability to associate an email address with pseudonymous advertising identifiers. Also note that, consistent with Google's retention policy and as permitted by the CCPA, in certain cases we will retain limited data following a deletion request, for example to protect against fraud and abuse and to enable ads-related billing and payments. Finally, note that, as permitted by the CCPA, in certain cases, we aggregate data to facilitate solely internal purposes, such as generating aggregate campaign performance reports.
Read below for more information on several product features to assist with your CCPA compliance. If you believe you may be in scope of the CCPA, we recommend that you work with your legal advisors to assess how to best meet your CCPA compliance obligations.
Products that already operate using restricted data processing
|Product||Action you can take in response to CCPA data deletion request|
|Customer Match||We don't retain data files advertisers upload for any longer than necessary to create Customer Match audiences and ensure compliance with our policies. Read How Google uses Customer Match data. Once those processes are complete, we'll promptly delete the data files uploaded in Google Ads or API. For information on how to update or replace an existing Customer Match audience, see Update your customer list.|
|Remarketing with Floodlight tags (in Campaign Manager, Display & Video 360 and Search Ads 360)||
Advertisers control which users are added to remarketing lists, and which are not. In addition customers can adjust the duration users stay on a remarketing list, for example by using the features listed below:
|Conversion tracking with Floodlight tags||Due to our privacy-by-design and data minimization practices, we are not able to identify specific Floodlight user data in response to a deletion request. For example, we do not have the ability to associate an email address with pseudonymous Floodlight identifiers. As permitted by the CCPA, in certain cases we aggregate data to facilitate solely internal purposes, such as generating aggregate campaign performance reports.|
|Campaign Manager 360 provided lists||Advertisers control how long cookies remain on a given audience list. To remove a user from a list, you can add a "1" next to the identifier associated with the cookie that you would like to remove from the list. To learn more, see “File formatting > File headers > Delete” in the Provided lists Help Center article.|
|Google Ads Store sales (direct upload)||Google deletes the unmatched transaction data uploaded by the advertiser after 30 days and deletes matched data after a 6 month period to allow for reporting and compliance checks. If you would like to delete the data before the 6 month window, please reach out to your account manager, or to the support teams via the help icon within your Google Ads account, for additional information and steps.|
Google Analytics has long provided features and policies to help you safeguard your data. The following features, in particular, may prove useful as you evaluate the impact of CCPA for your company's unique situation and Analytics implementation.
Products that require action to enable restricted data processing
|Product||Action you can take to comply with CCPA data deletion requirements|
|Remarketing with Google Ads||list management here. If you use the Google Analytics tag for Google Ads remarketing, please see the "Google Analytics" section above.|
|Conversion Tracking with Google Ads||Due to our privacy-by-design and data minimization practices, we are not able to identify specific user conversion data in response to a deletion request. For example, we do not have the ability to associate an email address with pseudonymous conversion identifiers. As permitted by the CCPA, in certain cases we aggregate data to facilitate solely internal purposes, such as generating aggregate campaign performance reports.|