Understanding PII in Google's contracts and policies
Many contracts, terms of service and policies for Google's advertising and measurement products refer to 'Personally Identifiable Information' (PII). You may find in such contracts, terms of service and policies a prohibition against passing information to Google that Google could use or recognise as PII.
This article explains how Google will interpret the term PII in the event that PII isn't defined in your existing contract or the applicable product's terms of service or policies. This is to minimise confusion among customers, particularly in light of the EU's General Data Protection Regulation (the GDPR) which will expand the definition of 'personal data' under EU law as of 25 May 2018.
What Google considers PII
Google interprets PII as information that could be used on its own to directly identify, contact or precisely locate an individual. This includes:
- email addresses
- postal addresses
- phone numbers
- precise locations (such as GPS coordinates – but see the note below)
- full names or usernames
For example, if you're a publisher whose contract prohibits you from passing PII to Google, the URLs of pages on your website that display ads by Google must not include email addresses, because those URLs would be passed to Google in any ad request. Google has long interpreted its PII prohibition in this way.
Google interprets PII to exclude, for example:
- pseudonymous cookie IDs
- pseudonymous advertising IDs
- IP addresses
- other pseudonymous end-user identifiers
For instance, if an IP address is sent with an ad request (which will be the case with almost any ad request as a consequence of Internet protocols), that transmission won't breach any prohibition on sending PII to Google.
Note that data excluded from Google's interpretation of PII may still be considered personal data under the GDPR.