New Delhi: Following the scandal of data theft from Facebook, where it allowed a dubious third party, Cambridge Analytica, breach the privacy of its data in the US to influence that country’s presidential election, Google has issued a letter of assurance to all its users via an email.
The content of the email is reproduced as under.
Over the past year, we’ve shared how we are preparing to meet the requirements of the GDPR, the new data protection law coming into force on 25 May 2018. The GDPR affects European and non-European businesses using online advertising and measurement solutions when their sites and apps are accessed by users in the European Economic Area (EEA).
Today we are sharing more about our preparations for the GDPR, including our updated EU User Consent Policy, changes to our contract terms, and changes to our products, to help both you and Google meet the new requirements.
Google’s EU User Consent Policy is being updated to reflect the new legal requirements of the GDPR. It sets out your responsibilities for making disclosures to and obtaining consents from, end users of your sites and apps in the EEA. The policy is incorporated into the contracts for most Google ads and measurement products globally.
We have been rolling out updates to our contractual terms for many products since last August, reflecting Google’s status as either data processor or data controller under the new law (see the full classification of our Ads products). The new GDPR terms will supplement your current contract with Google and will come into force on 25 May 2018.
In the cases of DoubleClick for Publishers (DFP), DoubleClick Ad Exchange (AdX), AdMob, and AdSense, Google and its customers operate as independent controllers of personal data that is handled in these services. These new terms provide clarity over our respective responsibilities when handling that data and give both you and Google protections around that controller status. We are committing through these terms to comply with our obligations under GDPR when we use any personal data in connection with these services, and the terms require you to make the same commitment.
Shortly, we will introduce controller-controller terms for DFP and AdX for customers who have online terms. By 25 May 2018, we will also introduce new terms for AdSense and AdMob for customers who have online terms.
If you use Google Analytics (GA), Attribution, Optimize, Tag Manager or Data Studio, whether the free or paid versions, Google operates as a processor of personal data that is handled in the service. Data processing terms for these products are already available for your acceptance (Admin → Account Settings pages). If you are an EEA client of Google Analytics, data processing will be included in your terms shortly. GA customers based outside the EEA and all GA 360 customers may accept the terms from within GA.
Launching a solution to support publishers that want to show only non-personalized ads.
Launching new controls for DFP/AdX programmatic transactions, AdSense for Content, AdSense for Games, and AdMob to allow you to control which third parties measure and serve ads for EEA users on your sites and apps. We’ll send you more information about these tools in the coming weeks.
Taking steps to limit the processing of personal information for children under the GDPR Age of Consent in individual member states.
Launching new controls for Google Analytics customers to manage the retention and deletion of their data.
Exploring consent solutions for publishers, including working with industry groups like IAB Europe.
You can refer to privacy.google.com/businesses to learn more about Google’s data privacy policies and approach, as well as view our data processing terms and data controller terms.
If you have any questions about this update, please don’t hesitate to reach out to your account team or contact us through the Help Center. We will continue to share further information on our plans in the coming weeks.
The Google Team