Advertising and analytics products: Information about international data transfers
This website provides information to Google’s clients and partners about international data transfers in connection with their use of Google’s advertising and analytics products (“Ads Services”). This includes, for example, information about Google and/or its affiliates’ adoption of, or certification under, any legal frameworks or solutions that enable the lawful transfer of personal information to a third country in accordance with European data protection legislation for the purposes of the Google Ads Data Processing Terms, Google Ads Controller-Controller Data Protection Terms, and Google Measurement Controller-Controller Data Protection Terms (the “Google Ads Data Protection Terms”).
Google operates data centers globally, and to maximize the speed and reliability of our services, our infrastructure is generally set up to serve traffic from the data center that is the closest to where the traffic originates. Information about the locations of Google data centers is available here.
Google is committed to protecting the data our customers share with us, regardless of where our customers’ information is processed, and Google has robust technical, contractual and organisational safeguards and supplementary measures in place to protect personal information processed when our clients use Google’s Ads Services
Google’s Ads Services also comply with certain legal frameworks relating to the transfer of data, such as the frameworks described below.
The European Commission has determined that certain countries outside of the European Economic Area (EEA) adequately protect personal information, which means that data can be transferred from the EU and Norway, Liechtenstein, and Iceland to those third countries. The United Kingdom (UK) and Switzerland have approved similar adequacy decisions. We rely on the following adequacy mechanisms:
U.S. Data Privacy Frameworks
As described in Google’s Data Privacy Framework certification, we comply with the EU-U.S. and Swiss-U.S. Data Privacy Frameworks (“DPF”) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information from the EEA, Switzerland and the UK, respectively.
Google LLC and its wholly-owned US subsidiaries (unless explicitly excluded), have certified that they adhere to the DPF Principles. To learn more about the DPF, and to view Google’s certification, please visit the DPF website.
As of 1 September 2023, when our clients and partners use Google’s Ads Services, Google relies on the EU - U.S. DPF to transfer personal information that originated in the EEA to the U.S.
We do not currently rely on the Swiss-U.S. DPF and the UK Extension to the EU-U.S. DPF to transfer personal information to the U.S. However, Google intends to adopt both the Swiss-U.S. DPF and the UK Extension to the EU-U.S. DPF to transfer Swiss and UK personal information to the US once those frameworks are recognised as adequate by the Swiss Federal Administration and the United Kingdom, respectively.
Standard Contractual Clauses
Standard contractual clauses (SCCs) are written commitments between parties that can be used as a ground for data transfers from the EEA to third countries by providing appropriate data protection safeguards. SCCs have been approved by the European Commission, and such clauses have also been approved for transfers of data to countries outside Switzerland and the UK. In accordance with the Google Ads Data Processing Terms, Google Ads Controller-Controller Data Protection Terms, and the Google Measurement Controller-Controller Data Protection Terms (as applicable), Google may rely on SCCs for certain data transfers in connection with our advertising and analytics products where it has not adopted, or is no longer adopting, a legal framework (such as the EU - U.S. DPF) that enables the lawful transfer of personal data to a third country in accordance with applicable data protection legislation.