Google has updated its privacy policy, all thanks to the upcoming General Data Protection Regulation (GDPR) legislation in Europe.
As a domain registrar and Registry, Google is making changes, which are outlined below:
Dear Partner,
Over the past year we’ve shared how we are preparing to meet the requirements of the GDPR, the new data protection law coming into force on May 25, 2018. The GDPR affects European and non-European businesses using online advertising and measurement solutions when their sites and apps are accessed by users in the European Economic Area (EEA).
Today we are sharing more about our preparations for the GDPR, including our updated EU User Consent Policy, changes to our contract terms, and changes to our products, to help both you and Google meet the new requirements.
Updated EU User Consent Policy
Google’s EU User Consent Policy is being updated to reflect the new legal requirements of the GDPR. It sets out your responsibilities for making disclosures to, and obtaining consents from, end users of your sites and apps in the EEA. The policy is incorporated into the contracts for most Google ads and measurement products globally.
Contract changes
We have been rolling out updates to our contractual terms for many products since last August, reflecting Google’s status as either data processor or data controller under the new law (see full classification of our Ads products). The new GDPR terms will supplement your current contract with Google and will come into force on May 25, 2018.
In the cases of DoubleClick for Publishers (DFP), DoubleClick Ad Exchange (AdX), AdMob, and AdSense, Google and its customers operate as independent controllers of personal data that is handled in these services. These new terms provide clarity over our respective responsibilities when handling that data and give both you and Google protections around that controller status. We are committing through these terms to comply with our obligations under GDPR when we use any personal data in connection with these services, and the terms require you to make the same commitment.
- Shortly, we will introduce controller-controller terms for DFP and AdX for customers who have online terms.
- By May 25, 2018 we will also introduce new terms for AdSense and AdMob for customers who have online terms.
If you use Google Analytics (GA), Attribution, Optimize, Tag Manager or Data Studio, whether the free or paid versions, Google operates as a processor of personal data that is handled in the service. Data processing terms for these products are already available for your acceptance (Admin → Account Settings pages). If you are an EEA client of Google Analytics, data processing will be included in your terms shortly. GA customers based outside the EEA and all GA 360 customers may accept the terms from within GA.
Product changes
To comply, and support your compliance with GDPR, we are:
- Launching a solution to support publishers that want to show only non-personalized ads.
- Launching new controls for DFP/AdX programmatic transactions, AdSense for Content, AdSense for Games, and AdMob to allow you to control which third parties measure and serve ads for EEA users on your sites and apps. We’ll send you more information about these tools in the coming weeks.
- Taking steps to limit the processing of personal information for children under the GDPR Age of Consent in individual member states.
- Launching new controls for Google Analytics customers to manage the retention and deletion of their data.
- Exploring consent solutions for publishers, including working with industry groups like IAB Europe.
Find out more
You can refer to privacy.google.com/businesses to learn more about Google’s data privacy policies and approach, as well as view our data processing terms and data controller terms.
If you have any questions about this update, please don’t hesitate to reach out to your account team or contact us through the Help Center. We will continue to share further information on our plans in the coming weeks.
Thanks,
The Google Team