Table of contents
The General Data Protection Regulation (EU GDPR) went into effect on May 25, 2018, replacing the 1995 EU Data Protection Directive. On January 1, 2021, the retained EU law version of the EU GDPR went into effect in the UK (UK GDPR). The EU GDPR and the UK GDPR (together, the GDPR) lay out specific requirements for businesses and organizations who under the EU GDPR are established in Europe or who serve users in Europe and who under the UK GDPR are established in the UK or who serve users in the UK. The GDPR regulates how businesses can collect, use, and store personal data.
Terms & contractual protections
Where we act as a processor of personal data, we make available data processing terms, reflecting the controller-processor relationship, where required. Products where Google may act as a processor include:
- Ads Data Hub
- Google Ads Customer Match
- Google Ads Store sales (direct upload)
- Google Marketing Platform (including Display & Video 360, Campaign Manager, Search Ads 360, Google Analytics, Tag Manager, Optimize, Data Studio, and Google Analytics for Firebase)
- Google Cloud Platform services
- Google Workspace offerings
The data processing terms that we offer for the Ads products listed above are available here. More information about the types of personal data in scope for those terms for each Ads product can be found here. Information about Google Cloud Platform and Google Workspace commitments to the GDPR, including data processing terms, can be found here.
Additionally, for products where Google and the customer each act as independent controllers of personal data, we have updated our agreements or made available terms that reflect that status. These Google products include:
- Google AdMob
- Google AdSense
- Google Ads (including Shopping and Hotel Ads, but not Google Ads features where we act as a processor of personal data - see above)
- Google Ad Manager
- Google Customer Reviews
- Google Maps APIs
- Waze Audio SDK
The controller-controller terms that we offer for the Ads products listed above are available here. We have published additional information on our Help Center to address common questions: Ad Manager, AdSense, and AdMob.
We also offer the modernized Standard Contractual Clauses (SCCs) to address EU and UK data-transfer requirements for Google Cloud Platform and Google Workspace.
The EU GDPR requires companies to meet certain conditions before transferring personal data outside the EEA and CH, and the UK GDPR requires the same before transferring personal data outside the UK. To comply with this requirement, Google relies on Standard Contractual Clauses for relevant data transfers in our Ads and measurement products. Standard Contractual Clauses are also offered as a transfer mechanism by Google Cloud.
If your existing contract does not incorporate our Ads data protection terms, please review the product-specific Help Center articles under "Useful links" for more information.
In June 2021, the European Commission (EC) published new Standard Contractual Clauses (SCCs, also known as Model Contractual Clauses) to help safeguard European personal data. Google has incorporated the new SCCs into our contracts which will help protect our customers’ and users’ data and meet the requirements of European privacy laws.
Like the previous SCCs, these clauses can be used to facilitate lawful transfers of personal data outside the European Economic Area under the EU GDPR, subject to certain conditions.
In March 2022, the ICO (the UK’s data protection authority) issued an addendum to the new SCCs to help safeguard UK personal data. Google will update the new SCCs incorporated into our contracts to include this addendum on September 21, 2022.
Terms & policies:
Tools to help publishers comply with the GDPR:
Tools to help advertisers comply with the GDPR: