Google Provides Guidance To Advertisers On Upcoming Data Privacy Compliance Laws

Last updated on

Recently, Google Ads reached out to advertisers based in the United States who utilize Google Ads or Google Analytics, informing them about forthcoming compliance adjustments.

Numerous individuals are questioning the timing of these changes.

With growing apprehensions regarding user privacy, several states have introduced their privacy regulations, slated for implementation later this year.

Continue reading to understand how Google is readying its products for compliance, the implications for advertisers, and whether any proactive measures are necessary.

What’s Changing In Privacy?

The privacy landscape in the United States is undergoing significant changes this year, marked by two major updates:

  1. Five states, namely Florida, Texas, Oregon, Montana, and Colorado, are rolling out privacy law provisions.
  2. Colorado is gearing up to enforce its Universal Opt-Out Mechanism (UOOM) provisions under the Colorado Privacy Act (CPA).

These developments reflect a growing focus on user privacy and the regulation of data processing practices within individual states.

Google has introduced a compliance tool called “Restricted Data Processing” (RDP) in 2019 to aid advertisers in adhering to diverse country and state laws.

What is Google Doing To Help Advertisers Comply?

In response to these impending state-level adjustments, Google is implementing several measures to safeguard data and ensure advertisers’ compliance.

For new U.S. State Laws going into effect

In the email sent to advertisers, Google is revising the language of the following existing terms:

  1. Google Ads Data Processing Terms
  2. Google Ads Controller-Controller Data Protection Terms
  3. Google Measurement Controller-Controller Data Protection Terms
  4. U.S. State Privacy Laws Addendum

If you’ve already accepted the online data protection terms in your Google Ads account, no further action is required regarding this update.

Furthermore, Google clarifies that it will function as your service provider or processor while Restricted Data Processing (RDP) is enabled for the aforementioned states. An advantageous aspect of this, at the product control level in Google Ads, is that when activated, the RDP functionality will extend as other states implement their own privacy laws.

For partners who operate in Colorado

This update is particularly relevant to advertisers operating in Colorado.

Under the forthcoming Colorado Privacy Act, the Universal Opt-Out Mechanism mandates that Global Privacy Control (GPC) signals must opt the user out of Ad Targeting.

When users or potential customers generate or receive a Global Privacy Control, they can transmit that signal to Google as a Privacy Parameter (similar to RDP mentioned earlier) to disable features such as:

  1. Ad Targeting
  2. Sale of data
  3. Sharing of data

To adhere to this legislation, Google can directly receive GPC signals from users and will activate RDP mode on their behalf.

What Does This Mean For Advertisers?

While the legal jargon provided above is quite detailed, let’s delve into how these changes in state laws and Google’s response to them might impact advertisers.

#1: Less Personalized Ads inventory

One of the most immediate changes will likely be a decrease in personalized ad inventory.

With the updates to restricted data processing and the implementation of opt-out mechanisms, users have a simpler route to avoid being targeted.

If users choose not to enable ad targeting, this directly impacts advertisers’ capacity to target those users personally, thereby affecting the available ad inventory.

This shift can influence inventory availability, targeting efficiency, and the bidding strategies employed in campaigns.

#2: Customer Match will be impacted

Likewise, the match rate on Customer Match lists and other Remarketing lists is expected to decrease, mirroring the trend outlined above. This change is primarily attributed to the Global Privacy Controls update.

Users are now required to have provided consent to receive marketing updates from a brand. Moreover, they will not be tracked if they are not logged into their Google account or if they decline to be tracked while logged in.

If you utilize Customer Match lists, it’s important to monitor those match rates closely when assessing performance fluctuations.

#3: Performance reporting will likely be impacted

According to Navah Hopkins’ LinkedIn post discussing this update, advertisers are bracing for a “wild summer.”

If advertisers’ capacity to deliver personalized ads or leverage Customer Match and other remarketing capabilities is curtailed, performance will undoubtedly be affected.

This could result in volatility or fluctuations in reporting related to conversions, attributions back to campaigns, ROAS, or CPA metrics.

Navah makes a noteworthy point in the comments section of her post, suggesting that advertisers should “move away from relying solely on hard numbers” in reporting.

In essence, there will be additional limitations on what advertisers can report on, and performance reports shouldn’t be the sole basis for making strategic campaign decisions.

In Summary

Google is no stranger to navigating user privacy laws and compliance measures.

What began in 2018 with the introduction of compliance tools for GDPR updates in the EEA and U.K. is now evidently extending to the United States.

In the continually evolving landscape of user privacy and data regulations, advertisers can find some reassurance in these recent updates from Google. These updates demonstrate Google’s proactive approach to individual state law compliance policies, providing advertisers with advanced notice before any necessary action is required.

Ultimately, advertisers must bear in mind that they are accountable for ensuring compliance for their own company and on behalf of the companies they advertise for.

Original news from SearchEngineJournal