Google recently notified advertisers of important changes to how it uses customer data. Several states have passed similar legislation giving users more control over how companies like Google can use their personal information for ad targeting. Having briefly reviewed it, here’s our PPC Better take on the good, bad, and ugly of this change.
The good. Google is suppressing the users who take advantage of the global opt out system from your ad targeting audiences automatically. That means that you aren’t at risk for failure to comply with the with restricted data processing or universal opt-out mechanisms simply by uploading your customer list to create an ad targeting audience.
The bad. More of your customers will now fail to improve the platform’s ability to understand your true target audience. This means that any customer list based campaigns you have in market are likely to see a reduction in traffic quality at least in the short term.
The ugly. I don’t think anyone can with a straight face tell you “Oh, I understand what all this means and what I, as a small/mid sized business advertiser should do about it.” In making a good faith effort to comply the with regulations I have been looking for attorneys who specialize in the area and can provide a quick consultation to explain what exactly all this means and help me stay in compliance. Haven’t had any luck finding one. At all.
My current takeaway from those efforts are that the only lawyers who do this sort of work only do it for a small number of billionaire corporations. Also, from what I can find on lawtube, even the white shoe lawyers don’t actually have much of a clue how any of this stuff will work in practice. When words like “cross contextual behavioral targeting” get into a courtroom in front of a judge and jury made up of ordinary people who aren’t totally sure which link is the ad on google…
So what is PPC Better doing about it?
The steps that we are taking include:
- Add cookie consent tool to allow users to opt out of cookies if desired
- Update privacy policy
- Update website terms of use
- Implement Google Ads “Enhanced Conversions”
We’re taking those actions to make a good faith effort to comply with customer privacy requests. We also only use platforms for customer communication which are also making a good faith effort to comply with customer data privacy laws and regulations.
Because this email has many helpful links to additional information that other advertisers might miss in their email box but also find useful, we’re pasting the full text including links below.
Here’s the text of the notice.
Important updates regarding Restricted Data Processing control & Universal Opt-Out Mechanisms |
Dear Partner, You’re receiving this email because you’re listed as a contact for a Google ads and/or analytics product. Over the course of 2024, Florida, Texas, Oregon, Montana, and Colorado have privacy law provisions coming into effect. In addition, the Colorado Privacy Act (CPA) will begin enforcement of its Universal Opt-Out Mechanism (UOOM) provisions. |
For US State laws, Google continues to offer compliance tools to help our partners make their own compliance decisions. For Colorado’s UOOM provision, we will be taking direct action by receiving Global Privacy Controls directly from Users and turning off Ads Targeting. Partners can review relevant controls in our Help Center. |
What’s Changing? For New US State laws | We will supplement the existing Google Ads Data Processing Terms, Google Ads Controller-Controller Data Protection Terms, Google Measurement Controller-Controller Data Protection Terms, and U.S. State Privacy Laws Addendum. No additional action is required to accept these terms if you’ve already agreed to the online data protection terms. We will act as your service provider or processor with respect to data processed while Restricted Data Processing (RDP) is enabled for the states outlined above. If you’ve enabled RDP via a product control in Google Ads, then RDP functionality will expand to the other states as they come into effect. You can refer to this article for more information on RDP and to determine whether RDP meets your compliance needs and to this article for more information on our commitment to data protection law compliance. For partners operating in Colorado | Colorado Privacy Act Universal Opt-Out Mechanism provisions require that Global Privacy Control signals opt the user out of Ad Targeting. When customers receive or create a GPC, they can send Google a relevant Privacy Parameter like RDP in order to turn off Ad Targeting, Sale, or Share of data. |
Customers should also note that Google can receive Global Privacy Control signals directly from users and will engage RDP mode on their behalf. As a result of these changes, advertisers might view less personalized ads inventory for bidding resulting in changes to targeting efficiency. Additionally, Customer Match, Audiences API, and Floodlight Remarketing lists may see degraded functionality due to increased user opt-outs via the Global Privacy Control. For users who have opted out of Ad Targeting via Global Privacy Controls, Google will disable personalized ad serving based on Customer Match, Audiences API, Floodlight, and Remarketing lists for those users. This email relates to Google’s ads and analytics products. If you also use other Google products, such as Workspace or Cloud Identity, this email does not affect your use of those products. |
Sincerely, |
The Google Ads Team |
Recent Comments