EU User Consent Policy
If your agreement with Google incorporates this policy, or you otherwise use a Google product that incorporates this policy, you must ensure that certain disclosures are given to, and consents obtained from, end users in the European Economic Area, the UK and Switzerland. If you fail to comply with this policy, we may limit or suspend your use of the Google product and/or terminate your agreement.
Properties under your control
For Google products used on any site, app or other property that is under your control, or that of your affiliate or your client, the following duties apply for end users in the European Economic Area, the UK and Switzerland.
You must obtain end users’ legally valid consent to:
- the use of cookies or other local storage where legally required; and
- the collection, sharing, and use of personal data for personalization of ads.
When seeking consent you must:
- retain records of consent given by end users; and
- provide end users with clear instructions for revocation of consent.
You must clearly identify each party that may collect, receive, or use end users’ personal data as a consequence of your use of a Google product. You must also provide end users with prominent and easily accessible information about that party’s use of end users’ personal data.
Properties under a third party's control
If personal data of end users of a third party property is shared with Google due to your use of, or integration with, a Google product, then you must use commercially reasonable efforts to ensure the operator of the third party property complies with the above duties. A third party property is a site, app or other property that is not under your, your affiliate's or your client's control and whose operator is not already using a Google product that incorporates this policy.
US Privacy Laws
Integration with IAB CCPA Framework Technical Specifications
Google is not currently a signatory to the IAB Privacy’s Limited Service Provider Contract. We have however integrated with the IAB CCPA Framework v1.0 Technical Specifications in Ad Manager, AdSense, and AdMob as detailed below.
Technical integration
Google supports the IAB Tech Lab’s v1.0 technical specifications for reading the us_privacy string in our publisher ad products and applies restricted data processing when the string indicates a user has opted out (additional detail below).
Our ad tags will interact with the publisher’s page to retrieve the us_privacy string. Publishers who choose to use the IAB signal should follow the technical specification provided by the IAB Tech Lab to implement the us_privacy string on their pages.
- When the IAB string indicates a user has not opted out, there will be no changes to ad serving behavior and the IAB signal will not be propagated further to other vendors.
- When the IAB string indicates a user has opted out, Google will enable restricted data processing (as outlined in our help center for Ad Manager, AdSense, AdMob). When restricted data processing is enabled, Google does not call out to third parties via RTB and the signal would not be propagated further to other vendors.
Global Privacy Platform integration
Google consent management solutions uses the IAB Global Privacy Platform (GPP) framework to send opt-out requests for CPRA messages, in addition to the IAB US Privacy string mentioned above, previously used for CCPA. However for EEA/UK, Google will continue to support the IAB Europe TCF v2 framework as an independent framework and not via GPP.
App support
Please see the app developer site for more information on implementing the us_privacy string for the Google Mobile Ads SDK.
- AdMob: iOS GMA SDK, Android GMA SDK
- Ad Manager: iOS GMA SDK, Android GMA SDK
IMA SDK support
Please see the IMA SDK developer site for more information on implementing the us_privacy string for the Google Interactive Media Ads SDK.
IMA SDK
IMA DAI SDK
- HTML 5 IMA DAI SDK
- iOS IMA DAI SDK
- Android IMA DAI SDK
- tvOS IMA DAI SDK
- Google Cast IMA DAI SDK
- Roku IMA DAI SDK
Restricted data processing settings
Select a data processing setting
By default, data processing in AdSense isn't restricted and personalized ads will be shown to users on your site or app. To restrict data processing and only show non-personalized ads to eligible users in applicable US states, you need to change the CPRA settings. These settings don't control data you may be sharing outside of your account, for example through mediation.
To change the CPRA data processing settings for your entire account, complete the following steps:
- Sign in to your AdSense account.
- Click Privacy & Messaging
CPRA
- Select the option you want to apply to your AdSense account.
- Don't restrict data processing: Google will show personalized ads to eligible users in applicable US states.
- Restrict data processing: Google will only show non-personalized ads to eligible users in applicable US states.
- Click Save changes.
Don’t restrict data processing
If you choose “Don’t restrict data processing”, you can select the advertising partners that are eligible to receive bid requests for users Google determines are in the applicable US states.
Complete the following steps to specify eligible advertising partners.
- Sign in to your AdSense account.
- Click Privacy & Messaging
- In the “Review your ad partners” section, select the list you want to use.
- Use active ad partners: Use the list of all available advertising partners provided within this feature’s setting. Google and all active advertising partners are eligible for bid requests from users Google determines are in the applicable US states.
- Custom ad partner: Customize the list of all available advertising partners to create your own custom list. Only selected advertising partners are eligible for bid requests from users Google determines are in the applicable US states. Under this option, users in your AdSense account are notified when new advertising partners join the platform. New advertising partners are not automatically added to your custom list and can be manually included.
- Click Save changes.
Restrict data processing
When a publisher enables restricted data processing, on the publisher’s instruction Google will further limit how it uses data and begin serving non-personalized ads only. Non-personalized ads are not based on a user’s past behavior. They are targeted using contextual information, including coarse (such as city-level, but not ZIP/postal code) geo-targeting based on current location, and content on the current site or app or current query terms. Google disallows all interest-based audience targeting, including demographic targeting and user list targeting when in restricted data processing mode.
Restricted data processing options:
Publishers must decide for themselves when and how to enable restricted data processing mode, based on their own compliance obligations and legal analysis. Two common scenarios are below.
- Some publishers may choose not to display a “Do Not Sell My Personal Information” link on their properties. Such publishers may choose to enable restricted data processing for all of their programmatic traffic for users in the applicable U.S. states via a network control. If they select this option, Google will use user IP addresses to determine the location of users and enable restricted data processing mode for any users we can detect have an IP address in applicable U.S. states.
- Alternatively, other publishers may choose to display a “Do Not Sell My Personal Information” link. Such publishers may choose to send a restricted data processing signal on a per-request basis once a user has opted out of the sale of their personal information.
Finally, partners who have implemented the Global Privacy Control may choose to enable restricted data processing when they receive a GPC opt-out signal.
No comments:
Post a Comment