Google Ads is one of the most commonly-used advertising networks. It offers various tools and functions that can help widen a business’s reach in order to grow a suitable audience. Google Ads employs the use of “interest-based advertising”—a form of digital advertising which can affect how a business complies with the CCPA-compliant service provider.
When an Ad Network is acting as a service provider, the information it collects cannot be considered as a sale under the CCPA.
You can read Google’s CCPA Service Provider Addenda to the Google Ads Controller Terms and to the Google Ads Data Processing Terms for more information.
Google’s restricted data processing feature, when enabled, affects each Google product differently. For Google Ads, in particular, certain features will be made unavailable upon the application of restricted data processing.
This Google Ads support article states that enabling restricted data processing will result in the inaccessibility of functionalities such as adding users to remarketing lists, adding users to similar audience remarketing seed lists, and other related features.
There are two ways in which restricted data processing can be enabled for Google Ads.
The first case is on a per-user basis, where you can enable restricted data processing only for specific users in your audience who have actively requested to opt-out. For this case, you will need to integrate a few lines of code into your business’s website in order to include the new “restricted_data_processing” parameter into your global site tag.
The second case, on the other hand, allows you to enable restricted data processing across all of the users in your audience who have California-based IP addresses. Compared to the other alternatives, this method may be the simplest way to become CCPA-compliant while still using Google Ads as it solely entails the selection of a checkbox through the Google Ads Audience Manager tool.
Google Ads is not the only Google product where restricted data processing may be enabled. Google’s CCPA compliance feature may also be enabled in the following products:
Furthermore, there are actually a number of products which operate with restricted data processing already enabled by default. These Google products do not require any further action in order to enable Google’s CCPA compliance feature:
There are several alternatives to using Google’s restricted data use feature. Here, we describe three other methods a business can use to comply with the CCPA.
Google has recently integrated with the Interactive Advertising Bureau’s (IAB) Transparency & Consent Framework (TCF 2.0).
According to IAB Europe’s details on the new framework’s launch, TCF v2.0 allows consumers to exercise their Right to Opt-Out by giving them further control over the disclosure, sharing, and selling of their personal information. The framework achieves this by enabling consumers to grant, restrict, or withhold access to their personal information.
As a Google Ads advertiser, your business would need to set up and enable support for the TCF v2.0. There are three main things that you would need to do to properly set up TCF v2.0, and these are described with more specific instructions in this Google Ads support article:
The TCF v2.0 code snippet should be added to all of your website’s pages where you have Google Ads tags attached.
You may already have a custom opt-out tool in place, such as a cookie manager or another bespoke solution. If so, you’ll need to make sure that California consumers can see a prominent “Do Not Sell My Personal Information” link on your website. This link should direct consumers to a webpage with clear instructions on how to opt-out. Be sure you have created internal processes for how to track, manage, and keep record of these opt-out requests.
Up until this point we have focused on cookie-based sharing or selling of personal information. Now let’s discuss a type of ad campaign that requires you also share or sell a list of email addresses.
Google Ads offers “audience targeting” to help increase the efficacy of their interest-based advertising services. Commonly, this would require your business to upload an audience list that Google can use to find similar audiences for you. This audience list will often be a list of email addresses of your business's best customers.
If you collect email addresses from consumers and share them with Google through the use of similar audiences, you would need to provide an additional way for California consumers to opt-out.
One easy way to do this is to add a dedicated form for California consumers to submit a Request to Opt-Out on your business’s website. Make sure that you have a robust internal process so that, once a consumer submits a Request to Opt-Out, you can ensure that the consumer’s information will be removed from your Google Ads audience list. Additionally, you’ll want to make sure that you’ve provided clear instructions on how a consumer can opt out of both cookie-based and email sharing or selling.
When you have sent a notice to the consumer of the completion of their opt-out request, you may ask that consumer to opt back in to the sale of their personal information after 12 months.
Disclaimer: This content is provided for general informational purposes only and does not constitute legal or other professional advice. Without limiting the foregoing, the content may not reflect recent developments in the law, may not be complete, and may not be accurate or relevant in an applicable jurisdiction. This content is not a substitute for obtaining legal advice from a qualified licensed attorney in the applicable jurisdiction. The content is general in nature and may not pertain to specific circumstances, so it should not be used to act or refrain from acting based on it without first obtaining advice from professional counsel qualified in the applicable subject matter and jurisdictions.
Get monthly updates on the latest updates on policy & the shifting privacy landscape.
Dive into a world of knowledge, trends, and industry updates on the TrueVault blog.
