Privacy Policy

If you choose to use AdSense on your website, you need to update your Privacy Policy to meet Google’s requirements.

This article will break down Google’s requirements and show you what practical steps you can take to make sure your Privacy Policy meets them. It will also address the issue of cookies and how you should go about obtaining consent.

Privacy Policy Requirements from Google AdSense

When you sign up to use AdSense, you must agree to Google AdSense’s Terms of Service.

Section 10 of the AdSense’s agreement requires that a Privacy Policy must be provided to your users and that this Privacy Policy includes clear and comprehensive information about your practices:

These can include but are not limited to cookies placement, location information, and specific device information. Options for how users can manage cookies should be included (especially to comply with EU Cookies Directive), but you can do this through a Cookies Policy as well.

Section 10 also dictates that you use “commercially reasonable efforts” to ensure that you obtain consent to place and access cookies on a user’s device when this is required by law.

Here’s the full text of what Google says:

Our privacy policy explains how we treat your personal data and protect your privacy when you use our Services. By using our Services, you agree that Google can use such data in accordance with our privacy policy. you and Google also agree to the Google Ads Controller-Controller Data Protection Terms.

You will ensure that at all times you use the Services, the Properties have a clearly labeled and easily accessible privacy policy that provides end users with clear and comprehensive information about cookies, device-specific information, location information and other information stored on, accessed on, or collected from end users’ devices in connection with the Services, including, as applicable, information about end users’ options for cookie management. You will use commercially reasonable efforts to ensure that an end user gives consent to the storing and accessing of cookies, device-specific information, location information or other information on the end user’s device in connection with the Services where such consent is required by law.

You can find the Google Ads Controller Terms agreement linked in the first part of Section 10 above at this link.

Note that even if Google didn’t require this, privacy laws such as the GDPR and CCPA require a Privacy Policy when personal information is collected or used, which AdSense does.

Advertising Cookies

Google AdSense uses advertising cookies. An advertising cookie is a cookie that gets placed on a user’s device when the user clicks on an ad on a partner’s website.

Google requires all websites and mobile apps that use AdSense to inform visitors and users of Google’s advertising cookie usage.

Google has a section in its AdSense Help that addresses exactly what advertising cookies are and how you, as a website or mobile app operator, can update your Privacy Policy in an appropriate way to include this information:

Google AdSense Help: Advertising Cookies and Privacy Policy page

According to Google, if you use AdSense, your Privacy Policy should include the following information and let users know that:

  • Third party vendors, including Google, use cookies to serve ads based on a user’s prior visits to your website
  • Google’s use of the advertising cookie enables it and its partners to serve ads to your users based on their visit to your sites and/or other sites on the internet
  • Users may opt out of the use of the advertising cookie for interest-based advertising by visiting Ad Settings. (Alternatively, you can direct users to opt out of a third-party vendor’s use of cookies for interest-based advertising by visiting aboutads.info)

Google doesn’t give specific guidelines beyond the above points because laws vary, but so long as the above points are made, your legal agreement should be adequate to satisfy Google’s requirements at least.

Sample Disclosure for Google AdSense

You do not need a separate Privacy Policy for the Advertising Cookies disclosure. You can simply update your current agreement to include this kind of disclosure.

Privacy Policy Requirements for EU Businesses

While all of the above applies to businesses everywhere that use AdSense, there are specific requirements for businesses located in the EU. These requirements include the following:

  • Users must be informed of cookies usage on a website before any cookies are placed on that user’s device
  • Consent for cookies placement must be obtained

Requirement 1: Inform users

When a user first visits your website, you must immediately inform them that cookies are in use on your site and link them to a page where the following information is included:

  • Your site uses cookies
  • What types of cookies your site uses
  • What, if any, types of cookies third parties are using on your site
  • Technical details about the cookies in use on your site, such as how they’re placed and what purposes they serve

You can give notice to visitors by using a pop-up message or banner ad that clearly and concisely lets them know that cookies are in use and that more information is available about this elsewhere on the website.

See an example below of a very conspicuous and basic cookies notice that’s a great way to let visitors know that cookies are in use, and provides a link to the its Cookie Policy from XE Mobile:

XE mobile cookie notice

Below is an example from Facebook’s Cookie Policy that tells users about how cookies are used on the site. A page like this should be linked to from the notice that is given to visitors immediately upon visiting your site.

Facebook Cookies Policy: Cookies and Other Storage Technologies clause

You can obtain consent to place cookies either actively or passively, but passive consent is quickly becoming obsolete as privacy laws increase requirements. Because of this, active consent is a best practice and the thing to do to ensure compliance.

Active consent is obtained when you require a user to click something such as a check mark box showing they give consent for cookies to be used, or a Continue button that must be clicked to close the window, such as in the example below from EY:

EY Cookie consent notice

Here’s how Bain and Company would inform users that cookies are being used, and how, while also obtaining consent. Users could access the Cookie Policy, Privacy Policy, detailed information about cookies, and then choose to either accept all, accept only strictly necessary cookies or learn more before making a decision:

Bain and Company cookie consent notice

While it isn’t recommended, passive consent can be obtained by letting a user know that if they continue to browse your website, it will be assumed that consent has been given.

Here’s an example of how passive consent can be obtained by use of a banner ad in the header of a website:

Economist notification for cookies

How to Enable GDPR and Add a Privacy Policy URL to Google AdSense

Loading...

  1. Log in to your Google AdSense account.
  2. Go to Privacy & messaging:
  3. TermsFeed Google AdSense: Dashboard with Privacy and messaging selected

  4. Click the GDPR card:
  5. TermsFeed Google AdSense:Privacy and messaging - GDPR card highlighted

  6. Click the Go to Ads to publish message button:
  7. TermsFeed Google AdSense:Privacy and messaging - GDPR card opened - Go to Ads to publish message button highlighted

  8. Click the Edit icon for your website:
  9. TermsFeed Google AdSense: Privacy and messaging - Edit option of the website highlighted

  10. When the Ad Settings Preview page opens, click on Privacy messages tab (on the top right):
  11. TermsFeed Google AdSense:Privacy and messaging - Ad Settings Preview - Privacy messages tab highlighted

  12. Enable the GDPR Consent message:
  13. TermsFeed Google AdSense: Privacy and messaging - GDPR - Disabled highlighted

  14. Click the Edit icon under Privacy Policy URL section:
  15. TermsFeed Google AdSense: Privacy and messaging - GDPR - Enabled - Privacy Policy URL edit option highlighted

  16. Add the link to your Privacy Policy.

    TermsFeed Google AdSense: Privacy and messaging - GDPR - Enabled - Edit site’s Privacy Policy URL modal empty highlighted

    If you do not have a Privacy Policy, you can use our Privacy Policy Generator and create it within minutes. TermsFeed will host your Privacy Policy URL for free.

    Once you have the Privacy Policy created by TermsFeed, click Copy from the Link to your Privacy Policy section to copy the URL:

  17. TermsFeed Generators App: Privacy Policy Download Page - Link to hosted Privacy Policy URL copy option highlighted

  18. Paste the Privacy Policy URL in the field:
  19. TermsFeed Google AdSense: Privacy and messaging - GDPR - Enabled - Edit site’s Privacy Policy URL modal paste option highlighted

  20. Click Confirm:
  21. TermsFeed Google AdSense:Privacy and messaging - GDPR - Enabled - Edit site's Privacy Policy URL modal with Confirm button highlighted

  22. Choose your Consent options:
  23. TermsFeed Google AdSense: Privacy and messaging - GDPR - Enabled - Consent options highlighted

  24. Click Apply to site:
  25. TermsFeed Google AdSense: Privacy and messaging - GDPR - Enabled - Apply to site button highlighted

  26. You’re done!
  27. TermsFeed Google AdSense: Privacy and messaging - Success message highlighted

How to Enable CCPA & DNSMPI to Google AdSense

Loading...

  1. Log in to your Google AdSense account.
  2. Go to Privacy & messaging:
  3. TermsFeed Google AdSense: Dashboard with Privacy and messaging selected

  4. Click the CCPA card:
  5. TermsFeed Google AdSense: Privacy and messaging - CCPA card highlighted

  6. Click Go to Ads to publish message button:
  7. TermsFeed Google AdSense: Privacy and messaging - CCPA card opened - Go to Ads to publish message button highlighted

  8. Click the Edit icon for your website:
  9. TermsFeed Google AdSense: Privacy and messaging - Edit option of the website highlighted

  10. When the Ad Settings Preview page opens, click on Privacy messages tab (top right):
  11. TermsFeed Google AdSense:Privacy and messaging - Ad Settings Preview - Privacy messages tab highlighted

  12. Enable the CCPA privacy message:
  13. TermsFeed Google AdSense: Privacy and messaging - CCPA - Disabled highlighted

  14. The Do Not Sell My Personal Information message is displayed on the preview:
  15. TermsFeed Google AdSense: Privacy and messaging - CCPA privacy message Enabled with Do Not Sell My Personal Information message in the website footer highlighted

  16. Click Apply to site:
  17. TermsFeed Google AdSense: Privacy and messaging - CCPA privacy message Enabled - Apply to site button highlighted

  18. You’re done!
  19. TermsFeed Google AdSense: Privacy and messaging - Success message highlighted

Summary

Loading...

Google has some specific requirements when it comes to your Privacy Policy. If you use AdSense, you need to be aware of these requirements and comply.

You don’t need to create a separate AdSense Privacy Policy, but rather just update the one you currently have on your website to make sure it includes the required information from Google.

Make sure you let users know that you work with third parties like Google to serve ads via advertising cookies data collected, and that users may opt out of this. You can do this via a clause in your Privacy Policy.

As always, make sure your Privacy Policy is displayed in a way that’s easy for users to locate and free for them to access at any time, such as via a link in your website footer.

Always get consent for the use of these cookies. Active consent is the best practice method.

Make sure you let users know that they can opt out of cookies at any time, even after consent has been given. Let them know how to go about revoking consent, such as via an email link to you, or a settings page on your website.