• Marketing
  • Regulations

Three Things Marketers Need to Know with Google’s Updated Privacy Terms of Service


Justin Antonipillai Founder and CEO

Starting July 1, 2023, Google has announced that certain services can no longer operate using restricted data processing.  California will require all companies doing business in the state to allow consumers to opt-out of data sharing for marketing purposes.

The new California law (CPRA) states that “cross-context behavioral advertising” is “targeted advertising to a consumer based on the consumer’s personal information obtained from the consumer’s activity across” the internet, and prohibits service providers from offering services that involve “sharing” personal information for purposes of “cross-context behavioral advertising.”

So, here’s the big question: if you are sharing data with Google, do you have to stop when a consumer “opts-out”?

1. You must stop sharing data for the following Google services if a consumer opts-out of data sharing:

  • Customer Match: Uploading customer data for purposes of matching with Google or other data for personalized advertising
  • Audience Partner API: Targeting user lists obtained from a third-party
  • Audience Building & Expansion: Creating, adding to, or updating user lists using first-party customer data (e.g., floodlight tags and audience-expansion features in DV360)

2. For Google Analytics:

If you disable sharing with other Google products and services, then you can continue to share data with Google Analytics even if the consumer opts-out.

3. For Real-Time Bidding:

Google services, such as Authorized Buyers and Display & Video 360 enable advertisers to respond to bids in real-time for ad inventory across the web. Companies can continue to share data for Real-Time Bidding even if a consumer opts-out, but must be very careful about the settings and also conduct a similar review on third parties who assist with bidding.

Background on the California Law:

Since 2020, under California law, a company could share data with a “service provider” if that service provider was not permitted to use personal information other than for the specific service.  This law made sense because service providers with the right restrictions are basically part of the company that collected the information in the first place.

To support this, Google started offering “restricted data processing” in 2019 on a number of services.  When configured properly, Google was ensuring that it would abide by the restrictions in the 2020 California law.   For example, Google would not resell personal information processed on behalf of a business or to use the information to build profiles about individual consumers for its own commercial benefit.  In other words, when restricted data processing is properly enabled, Google will use personal information for business purposes such as ad delivery, reporting and measurement, security and fraud detection, debugging, and to improve and develop product features, but not other purposes.

For more information about Google’s announcement, check HERE.

Check Out Our Ultimate Guide on
Preference and Consent Management, and the Global Privacy Control!

Download Now
Founder and CEO of WireWheel, Justin is recognized as one of the leading experts on privacy and data protection. Before WireWheel, Justin served as Acting Under Secretary for Economic Affairs at the U.S. Department of…