Since Google’s privacy policy has previously come under scrutiny by various governments (and that has been fairly well publicized), we’ve put together a piece about a slightly related topic:
How many of you do actually effectively comply with Google’s terms for the use of their various products, mainly in regards to the inclusion of legally adequate privacy notices?
One of the most interesting facts we’ve come across researching the privacy policy landscape at iubenda is that a lot of web services require you to have a privacy policy in order to use their service. In other words, if you don’t have a privacy policy (conspicuously) posted on your site, you are violating their terms of service and may be at risk of having at least your account suspended.
If you are like most people you don’t read most of what the terms of service documents outline prior to actually using the service (here’s a little thing we found). Mostly that isn’t much of a problem since these ToS are standard, following common sense and they don’t actively require you to do anything to be able/eligible to use their service.
We found a post from a while back that has researched a similar question based on Google Analytics, AdSense and AdWords (now Ads) and what we found was that:
- More than 90% were breaking at least one of Google’s policies
- More than 65% were breaking at least two of Google’s policies
- More than 40% were breaking at least three of Google’s policies
Most people on the web rely on some service provided by Google, but many ultimately fail to comply with Google’s terms for those services: they do not have a privacy policy and those who do regularly fail to bundle the relevant information into it. Below is an overview over some of Google’s popular web products that you probably use and the exact section in their ToS detailing the requirements for you to use a privacy policy.
Google Products that Require a Privacy Policy
Here’s a list of Google products for the web (and mobile apps) that require you to make use of some sort of privacy notice:
Google Analytics requires a Privacy Policy
When you sign up for Google Analytics, you consent to their terms that state under “7. Privacy”:
You will not and will not assist or permit any third party to, pass information to Google that Google could use or recognize as personally identifiable information. You will have and abide by an appropriate Privacy Policy and will comply with all applicable laws, policies, and regulations relating to the collection of information from Visitors. You must post a Privacy Policy and that Privacy Policy must provide notice of Your use of cookies that are used to collect data. You must disclose the use of Google Analytics, and how it collects and processes data. This can be done by displaying a prominent link to the site “How Google uses data when you use our partners’ sites or apps”, (located at www.google.com/policies/privacy/partners/, or any other URL Google may provide from time to time). You will use commercially reasonable efforts to ensure that a Visitor is provided with clear and comprehensive information about, and consents to, the storing and accessing of cookies or other information on the Visitor’s device where such activity occurs in connection with the Service and where providing such information and obtaining such consent is required by law.
You must not circumvent any privacy features (e.g., an opt-out) that are part of the Service. You will comply with all applicable Google Analytics policies located at www.google.com/analytics/policies/ (or such other URL as Google may provide) as modified from time to time (the “Google Analytics Policies”).
You may participate in an integrated version of Google Analytics and certain Google advertising services (“Google Analytics Advertising Features”). If You use Google Analytics Advertising Features, You will adhere to the Google Analytics Advertising Features policy (available at support.google.com/analytics/bin/answer.py?hl=en&topic=2611283&answer=2700409) Your access to and use of any Google advertising service is subject to the applicable terms between You and Google regarding that service.
If You use the Platform Home, Your use of the Platform Home is subject to the Platform Home Additional Terms (or as subsequently re-named) available at https://support.google.com/marketingplatform/answer/9047313 (or such other URL as Google may provide) as modified from time to time (the “Platform Home Terms”).
If you need help to generate one, here’s a more detailed post called Privacy Policy for Google Analytics.
Google Ads requires a Privacy Policy
In Google’s words:
The remarketing or similar audiences feature in Google Ads allows you to reach people who previously visited your website, and match the right people with the right message. While remarketing can be a great way to attract past visitors back to your site, you should inform these people that you gather information for remarketing or similar audiences on your website.
When you use the remarketing or similar audiences feature in your website, you’re required to have the following information in your website’s privacy policy:
- An appropriate description of how you’re using remarketing or similar audiences to advertise online.
- A message about how third-party vendors, including Google, show your ads on sites across the Internet.
- A message about how third-party vendors, including Google, use cookies to serve ads based on someone’s past visits to your website.
- Information about how your visitors can opt out of Google’s use of cookies by visiting Google’s Ads Settings. Alternatively, you can point your visitors to opt out of a third-party vendor’s use of cookies by visiting the Network Advertising Initiative opt-out page.
If you need help to generate one, here’s a more detailed post called Privacy Policy for Google Ads Remarketing.
Google AdSense requires a Privacy Policy
Google AdSense Online Terms of Service state under “10. Privacy”:
Our privacy policy explains how we treat your personal data and protect your privacy when you use our Services. By using our Services, you agree that Google can use such data in accordance with our privacy policy. You and Google also agree to the Google Ads Controller-Controller Data Protection Terms.
You will ensure that at all times you use the Services, the Properties have a clearly labeled and easily accessible privacy policy that provides end users with clear and comprehensive information about cookies, device-specific information, location information and other information stored on, accessed on, or collected from end users’ devices in connection with the Services, including, as applicable, information about end users’ options for cookie management. You will use commercially reasonable efforts to ensure that an end user gives consent to the storing and accessing of cookies, device-specific information, location information, or other information on the end user’s device in connection with the Services where such consent is required by law.
If you need help to generate one, here’s a more detailed post called Privacy Policy for Google AdSense.
Google AdMob requires a Privacy Policy
Publishers who wish to participate in AdMob must comply with online AdSense program policies:
AdSense publishers must have and abide by a privacy policy that discloses that third parties may be placing and reading cookies on your users’ browsers, or using web beacons to collect information as a result of ad serving on your website. Learn more about preparing your privacy policy.
How iubenda Can Help
Since iubenda’s inception, we’ve helped over 50,000 customers with their privacy policies and have available, over 600 pre-written clauses. Not surprisingly many of Google’s products have found their way in there.
This makes it a simple matter of clicking to add Google services to your privacy and cookie policies.
Simply create an account, go to your dashboard and start generating your privacy policy, then add Google AdSense, Google Analytics and AdMob clauses.
After, save and place your privacy policy with your Google clauses on your site or app, it’s as easy as that.
