Google has a long history of taking a user-first approach in everything that we do. As a part of our commitment to users, we never sell personal information and give users transparency and control over their ad experiences via tools like My Account, Why this Ad and Mute this Ad. We also invest in initiatives such as the Coalition for Better Ads, the Digital News Initiative, the Google News Initiative and ads.txt in order to support a healthy, sustainable ads ecosystem and help you, our publishers, grow.
The Lei Geral de Proteção de Dados (LGPD) is a new Brazilian privacy law that's due to go into effect on 16 August 2020. It applies to the processing of personal data, which can include online identifiers, of users located in Brazil. We're committed to supporting advertisers, publishers and other partners as they work to comply with the LGPD and will work with them to make this transition as smooth as possible.
The LGPD shares many concepts with the European General Data Protection Regulation (GDPR) and our products already provide features that customers can use to support their LGPD compliance efforts, including the ability to serve non-personalised ads to users and make other choices about data processing based on a user's geographic location.
This article provides additional details about how we can help assist with your LGPD compliance.
We already offer data protection terms for the GDPR and California Consumer Privacy Act. The GDPR terms reflect Google's status as either a processor or a controller. We'll be updating those existing data protection terms to add additional, LGPD-specific terms, effective 16 August 2020. Google’s status under the LGPD as either a controller or processor will be the same as under the GDPR. The LGPD terms will be incorporated into our existing data protection terms, so no action is required to accept the LGPD terms where the existing data protection terms already form part of your contract.
Third-party ad technology changes
For impressions served via Google Ad Manager, AdSense and AdMob
To assist Ad Manager, AdSense and AdMob publishers with their LGPD compliance, we maintain a list of Ad Technology Providers who have:
- Shared certain information that is required by the LGPD.
- Provided a link explaining their data usage that publishers can share with their users.
- Agreed to comply with our data usage policy.
As of 13 August 2020, serving in Ad Manager, AdSense or AdMob has been restricted to this set of certified ad technology providers for any ad request with a Brazilian-based IP.
This change means that Google Ads and Display & Video 360 campaigns will only serve an ad impression in Brazil if the Ad Technology Provider used by the advertiser is included in our Ad Technology Providers list for Brazil. Any providers that the advertiser is working with can contact Google to seek certification to be included in the Ad Technology Providers list, if they’re not already included.
Learn more about how we use data in Google Ads:
Data collection, deletion and retention controls
In addition to the updated LGPD terms, we plan to offer product controls to assist our customers with their LGPD compliance. You can refer to the below for more information on relevant product features to assist with your LGPD compliance. If you believe that you may be in scope of the LGPD, we recommend that you work with your legal advisors to assess whether any changes are required.
Audience lists in Google Ads
Customer Match Audiences: We don't retain data files advertisers upload for any longer than necessary to create Customer Match audiences and ensure compliance with our policies (see How Google uses Customer Match data). Once those processes are complete, we'll promptly delete the data files uploaded in the user interface or API. For information on how to update or replace an existing Customer Match audience, see Update your customer list.
Remarketing with Google Ads or Floodlight tags: Advertisers control which users are added to remarketing lists and which aren't, as well as the duration that users stay on a list. If you use the Google Ads or Floodlight tag (in Google Marketing Platform) for remarketing, there are many ways that you can ensure that the tag isn't active for users who have indicated that they don't want to receive personalised ads. We recommend that you consult your webmaster on possible solutions, including Google Tag Manager or the global site tag. If you use the Google Analytics tag for Google Ads remarketing, learn more in the Google Analytics data section below.
Google Analytics has long provided features and policies to help you safeguard your data. The following features, in particular, may prove useful as you evaluate the impact of the LGPD for your company's unique situation and Analytics implementation.
- Data retention: Use the Data Retention controls to manage how long your user and event data is held on our servers.
- Users: The User Deletion API lets you manage the deletion of data associated with individual user identifiers (e.g. site visitors) from your Google Analytics and/or Analytics 360 properties.
- Properties and accounts: Google Analytics customers can also delete data for their properties and/or delete data for their accounts.
- Remarketing: Advertisers control which users are added to remarketing lists and which are not. If you use Google Analytics, you can ensure that advertising features are disabled for users who have indicated that they don't want to receive personalised ads. To disable advertising features for those users, including remarketing and advertising reporting features, see Disable advertising features in the Display Features guide.