Section 3 of the AdSense Terms requires users to comply with all laws:
That single statement speaks volumes.
This article will take an in-depth look at the broader privacy considerations when using Google AdSense with your website. It will also offer strategies for compliance.
- 1. What Google AdSense Does
- 1.1. Data Collected by Google AdSense is Protected
- 3. Privacy Laws Affecting Your Website
- 3.1. General Data Protection Regulation (GDPR)
- 3.1.1. What Does the GDPR Cover?
- 3.2. California Online Privacy Protection Act (CalOPPA)
- 4. Examples from Google AdSense-Compliant Privacy Policies
What Google AdSense Does
These technologies gather personal information from users and their devices, including information about IP addresses and user location, as well as behavior information such as websites visited, products viewed or purchased, and other personal preferences. All of this information is protected by various privacy laws because it can be used to identify an individual.
Take a look at the screenshot below. Google AdSense is displaying a standard banner ad at the top and a retargeting ad in the right sidebar, also called a remarketing ad. The website, Food Network, earns pay-per-impression income from the banner ad and pay-per-click income from the retargeting ad.
Blogs are an increasingly common place where Google AdSense is used. In the example below from Coastal Living, we see ads at work inside blog content and in the sidebar.
We also see Google AdSense at work in YouTube videos, one of the fastest-growing media for advertising revenue.
Depending on the advertiser's plan, viewers must watch an entire higher-priced ad before getting to their selected video, or they can skip a lower-priced ad after a few seconds.
Data Collected by Google AdSense is Protected
The data Google collects from users is protected by privacy laws. So, too, is the logic Google deploys to deliver targeted and retargeted ads that will drive revenue through high engagement.
User IP addresses, browsing histories, website preferences, device location and even device preferences all are collected by Google.
If you are an AdSense user, you share privacy protection obligations with Google, and you must adhere to Google's Terms for using its AdSense service.
Section 2 of the Google AdSense Online Terms of Service spells out the many ways Google AdSense collects user data from your site. Just as importantly, this clause requires your agreement to allow Google to collect this information, and also to deliver ads to your users based on that data.
Section 10 specifically requires the following:
- Options for your website visitors to grant consent or decline consent for collecting and using their information.
State, federal and international laws of varying scope and enforcement strength make it advantageous to comply with privacy regulations. Knowing where your website visitors live and how their personal information is being collected and managed by you and third party vendors is critical to creating a sound policy.
Privacy Laws Affecting Your Website
Let's take a brief look at each of these regulations so you understand the connection to the law and to obligations in meeting the Google AdSense Online Terms of Service.
General Data Protection Regulation (GDPR)
The GDPR is possibly the most stringent set of privacy protection laws in the world. Governing all 28 member states, the GDPR was created to protect the privacy rights of EU citizens.
The GDPR applies to all websites attracting EU citizens, whether or not the website is located in the EU.
GDPR defines activities subject to its rules as:
- Offering goods or services to EU citizens, whether or not an online payment is required, or
- Monitoring website behavior and online activities of EU citizens
Interestingly, certain activities on your website, such as displaying Google ads, are exempt from the GDPR if the ads are presented generally to a global audience versus specifically to an individual user. However, the data you collect and share with Google AdSense is affected under rules pertaining to third-party information sharing.
What Does the GDPR Cover?
The GDPR protects a long list of personally identifiable consumer data and grants considerable rights to EU citizens in controlling how their data may be collected and managed.
It's important to understand the comprehensive list of data protected by the GDPR, as well as have a comprehensive list of the data you are collecting. The GDPR requires you to fully disclose all data you are currently collecting, data you might collect in the future, and the ways in which you use the data.
The GDPR also imposes rules pertaining to consumer rights for granting consent to collect their data, revoking consent, requesting copies of their data, or directing you to transfer or delete the data.
Specifically, when using Google services, you agree to comply with Google's EU User Consent Policy.
The GDPR also imposes handling and disclosure requirements for website cookies. Under the law, you are required to advise your website visitors of your Cookies Policy, and also to give them easy access to simple instructions for changing their cookies preferences.
The cookies rule was designed to benefit consumers by educating them about how their information might be collected online, and their rights for controlling that.
Your Cookies Policy must identify your specific reasons for using cookies to collect personal information from your website visitors. It also must identify all third parties collecting information from your website users via cookies.
California Online Privacy Protection Act (CalOPPA)
In the United States, no privacy law is more comprehensive or restrictive than CalOPPA. Enacted in 2003, CalOPPA was the first state privacy law in the United States.
If your website attracts visitors from the state of California, regardless of where your website is headquartered, you are subject to the rules and regulations imposed by CalOPPA.
In many ways, CalOPPA is similar to the GDPR in terms of the types of data it protects and its mission to improve both the protection of private consumer data and also the public's understanding of their privacy rights. Basically, if you meet GDPR requirements, you'll likely be satisfying CalOPPA requirements as well.
Examples from Google AdSense-Compliant Privacy Policies
The language is both succinct and clear - a requirement of the GDPR and CalOPPA - and includes consumer-centric information regarding opt-in, opt-out and other rights. Most importantly, Scripps is plainly stating that it has third-party relationships, such as with Google AdSense.
In doing this, Scripps is meeting legal requirements to disclose the nature of third party information sharing relationships and Google's requirements for disclosures.
Venus presents display ads on its website and utilizes Google technologies to remarket its products to its website visitors after they leave the Venus site. Both of these practices are subject to Google's AdSense Online Terms of Service.
With these two clauses, Venus fully discloses its many current and potential reasons to collect consumer information for third party use as well as how the information is shared and how it's managed.
Venus also provides helpful information for consumers to control their options in allowing or preventing the collection of their information for these purposes.
Pealim attracts a mostly younger audience from around the world. The plain and simple language used in their disclosures helps ensure their site visitors can understand the website's privacy protection procedures and their rights as consumers.
Understanding and respecting all of the applicable privacy laws, third party disclosure requirements and the Google AdSense Online Terms of Service is critical to protecting your legal liability.
- Answer the questions related to your entity type and location.
- Answer the questions relating to what type of information you collect from your users.