Table of contents

GDPR

The General Data Protection Regulation (GDPR) went into effect on May 25, 2018, replacing the 1995 EU Data Protection Directive. The GDPR lays out specific requirements for businesses and organizations who are established in Europe or who serve users in Europe. It regulates how businesses can collect, use, and store personal data.

Terms & contractual protections

Where we act as a processor of personal data, we make available data processing terms, reflecting the controller-processor relationship, where required. Products where Google acts as a processor include:

  • Ads Data Hub
  • Google Ads Customer Match
  • Google Ads Store sales (direct upload)
  • Android Enterprise
  • Google Marketing Platform (including Display & Video 360, Campaign Manager, Search Ads 360, Google Analytics, Tag Manager, Optimize, Data Studio, and Google Analytics for Firebase)
  • Google Cloud Platform
  • G Suite

The data processing terms that we offer for the Ads products listed above are available here. More information about the types of personal data in scope for those terms for each Ads product can be found here. Information about Google Cloud Platform and G Suite commitments to the GDPR, including data processing terms, can be found here.

Additionally, for products where Google and the customer each act as independent controllers of personal data, we have updated our agreements or made available terms that reflect that status. These Google products include:

  • Google AdMob
  • Google AdSense
  • Google Ads (including Shopping and Hotel Ads, but not Google Ads features where we act as a processor of personal data - see above)
  • Google Ad Manager
  • Google Customer Reviews
  • Google Maps APIs
  • Waze Audio SDK

The controller-controller terms that we offer for the Ads products listed above are available here. We have published additional information on our Help Center to address common questions: Ad Manager, AdSense, and AdMob.

We also offer European Model Contract Clauses to address EU data-transfer requirements for Google Cloud Platform and G Suite. We previously obtained Common Opinions from EU Data Protection Authorities confirming the alignment of our Model Contract Clauses with the Standard Contractual Clauses published by the European Commission.

Publishers and advertisers who use our advertising and measurement products globally must comply with our EU User Consent Policy, and are required to collect consent from EEA users for personalized ads and use of cookies/local storage on their sites and apps. So if you're a publisher or advertiser using Google advertising and measurement services, you'll need to take steps to make sure users' preferences are respected to meet the requirements of Policy.

International transfers

The GDPR requires companies to meet certain conditions before transferring personal data outside the EEA, CH and UK. To comply with this requirement, Google relies on Standard Contractual Clauses for relevant data transfers in our Ads and measurement products. Standard Contractual Clauses are also offered as a transfer mechanism by Google Cloud.

If your existing contract does not incorporate our Ads data protection terms, please review the product-specific Help Center articles under "Useful links" for more information.

In June 2021, the European Commission (EC) published new Standard Contractual Clauses (SCCs, also known as Model Contractual Clauses) to help safeguard European personal data. Following a transition period, these new SCCs will replace the SCCs previously adopted by the EC. Google plans to incorporate the new SCCs into our contracts to help protect our customers’ and users’ data and meet the requirements of European privacy laws.

Like the previous SCCs, these clauses can be used to facilitate lawful transfers of personal data outside the European Economic Area under the GDPR, subject to certain conditions.