- 1.1. How You Use Remarketing to Advertise
- 1.2. How Google and Third-Party Vendors Show Your Ads Online
- 1.4. How Users Can Opt-Out of Google's Cookies
- 2. What Happens If I Don't Comply?
- 3.1. California Online Privacy Protection Act (CalOPPA)
- 3.2. California Consumer Privacy Act (CCPA)
- 3.3. Children's Online Privacy Protection Rule (COPPA)
- 3.4. European Union Cookies Rules
- 3.5. General Data Protection Regulation (GDPR)
- 4. Conclusion
- Answer a few questions about your business:
- Enter the country and click on the "Next Step" button:
Google's rules refer to the "remarketing, re-engagement or similar Audiences feature" though this term covers several approaches. They are each based on the idea that ads may be more effective when targeted at people who've previously shown an interest in you.
These approaches also let you reword your ads to directly address this interest, as well as reduce the likelihood of seeing an ad repeated.
Remarketing ads are those shown to people who've already interacted with your website or app. This could be generic ads to cover all such people or dynamic ads that directly refer to the detail of the interaction. For example, you could show an ad for a product that the user has previously viewed on your site.
Re-engagement isn't a separate feature. Instead it's a term that usually refers to a form of remarketing ad that's shown to people who interacted with your site in a specific way.
Similar Audiences is an automated feature where you provide a marketing list to Google Ads covering people who've interacted with your site in a specific way such as signing up to a newsletter or buying a particular product. Google then identifies common features and behavior among people on that list. It will then show your ad to other online users who share those features or behavior.
"You must disclose clearly any data collection, sharing and usage that takes place on any site, app or other property as a consequence of your use of any Google advertising service."
- A description of how you use remarketing to advertise online
- A message about how third-party vendors (including Google) show your ads across the internet
- Information about how users can opt out of this
Here it is from Google's Help Center:
Let's look at each one.
How You Use Remarketing to Advertise
You must include an "appropriate" description to cover how you use the relevant tool (Remarketing or Similar Audiences):
"An appropriate description of how you're using remarketing or similar audiences to advertise online."
This can be concise, but must address two key points:
- What is happening, namely that they are seeing specifically chosen ads, and
- Why the user will see these specific ads. (For example, because they've interacted with the site or because they share similar characteristics with such people.)
This example from MHG Design covers these points:
How Google and Third-Party Vendors Show Your Ads Online
You must include an explanation of the way that Google and other third-party vendors show your ads on "sites across the Internet." In other words, on sites that neither you nor Google control.
"A message about how third-party vendors, including Google, show your ads on sites across the Internet."
Again, be concise, but make sure you cover the key point: although it's you that's targeting the ads to people who used your site or app, those ads could appear on other websites that you don't operate.
This example from Farmdrop includes this point as part of a wider note on targeted ads:
The key point is that even though the ads result from the user's activity on your site or app, the cookies come from Google or another vendor rather than you. This is important as it reduces the risk that the user incorrectly assumes they can limit such ads just by blocking cookies relating to your website.
This example from Drenge covers this point in detail:
How Users Can Opt-Out of Google's Cookies
You must detail the key ways in which users can opt out of receiving these cookies.
These opt-out methods:
- Visiting Google's Ad Settings pages
- Visiting Google's Marketing Platform opt-out page. (This applies if you are using the "Remarketing pixels" tool on Google Marketing Platform.)
- Visiting the Network Advertising Initiative opt-out page. (This applies if you are using a third-party vendor for ads.)
- Using their device settings to block ads locally
This excerpt from Conde Nast shows how to create a clause that covers a range of cookie opt-out methods:
What Happens If I Don't Comply?
Google also says that in cases of "repeated or egregious violations" it will stop accepting any ads from you. Your account will be suspended, meaning that you can access it and check reports, but can't run any new ads. You won't be allowed to create a new account while your existing one is suspended.
Using the Remarketing and Similar Audiences features inherently involves handling personal data, which means that you come under several laws that cover Privacy Policies. These add requirements not specifically addressed by Google's own policies.
California Online Privacy Protection Act (CalOPPA)
CalOPPA covers any online service, regardless of location, that collects data about Californians. The rules say you must say whether (and how) you respond to a web browser's "Do Not Track" signal. This is highly likely to be relevant if you are using Google's Remarketing tools that rely on cookies.
Ecosia does this in a clear and simple manner:
California Consumer Privacy Act (CCPA)
The CCPA covers large companies ($25 million annual revenue or higher), those who make most of their money from selling personal data, and those who handle personal data about a lot of people (at least 50,000 people, households or devices). If you meet any of these criteria, the CCPA applies if you handle data about people in California, regardless of your location.
Children's Online Privacy Protection Rule (COPPA)
COPPA applies if you have users in the US and you either know people under 13 are using your site or service, or you aim it at under-13s. If the rule applies, you need to detail all the personal data you collect about under 13s.
Uwingu does this with a dedicated page:
European Union Cookies Rules
Google specifically requires you to follow EU cookie consent rules. This applies to your own cookies and those created by third parties as a result of you using Google Ads. The rules cover users in the European Economic Area (European Union countries plus Iceland, Liechtenstein and Norway).
The rules say you must:
- Tell users how you use their data for cookies
- Tell users how to revoke this consent
Curiscope has an overview of cookies, though it could add more detail about revoking consent to have a more thorough clause here:
General Data Protection Regulation (GDPR)
The GDPR applies if you or the user are in a European Union country, or if the data is processed in a European Union country. The most relevant rule for Remarketing and Similar Audiences ads is that you must tell users which of six "lawful bases" you are using to justify collecting personal data.
In the context of advertising, it's highly likely the only basis that's most relevant is that of consent. This means you'll need active, meaningful consent to use somebody's personal data for Google Remarketing ads. Simply making them aware you collect and use the data isn't enough.
Nivea explains its use of marketing cookies and how the company complies with GDPR in this example. It notes its legal bases at the end by referring to the specific Article of the GDPR:
Let's recap what you need to know about Privacy Policies with Remarketing and Similar Audiences ads.
- Remarketing and Similar Audiences are two tools available to Google Ads customers
- Describe what and why you are doing with the tool
- Explain that your ads may appear on sites you don't control
- Explain the various ways users can opt out of these cookies
- If you don't comply, your ads could be blocked and your account suspended