Google Provides Guidance To Advertisers On Upcoming Data Privacy Compliance Laws

Google Ads prepares advertisers for changes to its Restricted Data Processing controls as individual state laws will go into effect later this year. The post Google Provides Guidance To Advertisers On Upcoming Data Privacy Compliance Laws appeared first on Search Engine Journal.

Originally Posted on Search Engine Journal by Brooke Osmundson

Last week, Google Ads emailed advertisers in the United States who use Google Ads or Google Analytics with upcoming compliance changes.

Many are asking, “why now”?

As user privacy concerns are at an all-time high, many individual states enacted their privacy law provisions, which will be implemented later this year.

Read on to learn how Google is preparing its products for compliance, what this means for advertisers, and whether you need to take action.

What’s Changing In Privacy?

Two major updates are coming to the privacy landscape for the United States this year.

  1. Five states have privacy law provisions going into effect. These states include Florida, Texas, Oregon, Montana, and Colorado.
  2. Colorado Privacy Act (CPA) enforcements. The state of Colorado will begin enforcement of its Universal Opt-Out Mechanism (UOOM) provisions.

This means that individual states are cracking down on user privacy and how data processing occurs to those users.

This is also known as “Restricted Data Processing” (RDP), a compliance tool Google developed in 2019 to help advertisers comply with various country and state laws.

What is Google Doing To Help Advertisers Comply?

Due to these upcoming state changes, Google is making several changes to protect data and ensure advertisers are compliant.

Google Ads sent an email to U.S. advertisers on updates to restricted data processing.

For new U.S. State Laws going into effect

In the email sent to advertisers, Google is updating the language to these existing terms:

  • Google Ads Data Processing Terms
  • Google Ads Controller-Controller Data Protection Terms
  • Google Measurement Controller-Controller Data Protection Terms
  • U.S. State Privacy Laws Addendum

If you’ve already agreed to the online data protection terms in your Google Ads account, you need not take any further action on this update.

Additionally, Google states it will act as your service provider or processor while Restricted Data Processing (RDP) is enabled for the states above. What’s nice about this at a product control level in Google Ads is that if it’s turned on, the RDP functionality will expand as other states enact their own privacy laws.

For partners who operate in Colorado

This change is more specific to advertisers who operate in the state of Colorado.

In the upcoming Colorado Privacy Act, the Universal Opt-Out Mechanism requires that Global Privacy Control (GPC) signals opt the user out of Ad Targeting.

When users or potential customers create or receive a Global Privacy Control, they can send that signal to Google as a Privacy Parameter (like RDP mentioned above) to turn off things like:

  • Ad Targeting
  • Sale data
  • Share of data

To comply with this law, Google can receive GPC signals directly from users and will engage in RDP mode on their behalf.

What Does This Mean For Advertisers?

While the legal language above is extensive, let’s examine how these state law changes and Google’s response to them may affect advertisers.

#1: Less Personalized Ads inventory

One of the first apparent updates will be less personalized ad inventory.

Because of the restricted data processing updates and opt-out mechanisms, it’s easier for users not to be targeted.

If users decide not to enable ad targeting, that directly affects advertisers’ ability to personally target those users, affecting the ad inventory.

This can affect the inventory, targeting efficiency, and bidding strategies they use in campaigns.

#2: Customer Match will be impacted

Similar to the above, the match rate on Customer Match lists and other Remarketing lists will likely decline. This is mainly due to the Global Privacy Controls update.

Users must have given consent to receive marketing updates from a brand. Additionally, they won’t be tracked if they’re not logged into their Google account—or if they decline to be tracked while logged in.

If you use Customer Match lists, watch those match rates when reviewing performance volatility.

#3: Performance reporting will likely be impacted

According to Navah Hopkin’s LinkedIn post about this update, advertisers are in for a “wild summer.”

If advertisers’ ability to serve personalized ads or fully utilize Customer Match or other remarketing capabilities, performance will undoubtedly be impacted.

This could mean volatility or fluctuations in reporting regarding conversions, attributions back to campaigns, ROAS, or CPA metrics.

Navah makes a great point in the comments of her post on this matter, stating that advertisers should “get away from hard numbers” when it comes to reporting.

Simply put, there will be further limitations on what advertisers can and cannot report on, and the performance reports shouldn’t be the “end all be all” when making strategic campaign decisions.

In Summary

This isn’t Google’s first rodeo regarding user privacy laws and compliance.

What started in 2018 with compliance tools for GDPR updates in the EEA and U.K. is undoubtedly making its way to the United States.

In the ever-changing world of user privacy and data regulations, advertisers can breathe a small sigh of relief in these welcome updates from Google. They show that they’re being proactive about individual state law compliance policies and giving advertisers a heads-up before any action is needed.

Ultimately, advertisers must remember that they are responsible for ensuring compliance for their company and on behalf of the companies they advertise for.


Featured Image: Sergei Elagin/Shutterstock