Google has a long history of taking a user-first approach in everything we do. As a part of our commitment to users, we never sell personal information and give users transparency and control over their ad experiences via tools like My Account, Why this Ad, and Mute this Ad. We also invest in initiatives such as the Coalition for Better Ads, the Digital News Initiative, the Google News Initiative and ads.txt in order to support a healthy, sustainable ads ecosystem and help you, our publishers, grow.
The Lei Geral de Proteção de Dados (LGPD) is a new Brazilian privacy law that is due to go into effect on August 16th, 2020. It applies to the processing of personal data, which can include online identifiers, of users located in Brazil. We are committed to supporting advertisers, publishers, and other partners as they work to comply with the LGPD and will work with them to make this transition as smooth as possible.
The LGPD shares many concepts with the European General Data Protection Regulation (GDPR) and our products already provide features that customers can use to support their LGPD compliance efforts, including the ability to serve non-personalized ads to users and make other choices about data processing based on a user's geographic location.
This article provides additional details about how we can help assist with your LGPD compliance.
Contract updates
We already offer data protection terms for the GDPR and California Consumer Privacy Act. The GDPR terms reflect Google's status as either a processor or a controller. We will be updating those existing data protection terms to add additional, LGPD-specific terms, effective August 16th, 2020. Google’s status under the LGPD as either a controller or processor will be the same as under the GDPR. The LGPD terms will be incorporated into our existing data protection terms, so no action is required to accept the LGPD terms where the existing data protection terms already form part of your contract.
Third-party ad technology changes
For impressions served via Google Ad Manager, AdSense, and AdMob
To assist Ad Manager, AdSense and AdMob publishers with their LGPD compliance, we maintain a list of Ad Technology Providers who have:
- Shared certain information that is required by the LGPD.
- Provided a link explaining their data usage that publishers can share with their users.
- Agreed to comply with our data usage policy.
As of August 13, 2020, serving in Ad Manager, AdSense, or AdMob has been restricted to this set of certified ad technology providers for any ad request with a Brazilian-based IP.
This change means that Google Ads and Display & Video 360 campaigns will only serve an ad impression in Brazil if the Ad Technology Provider used by the advertiser is included in our Ad Technology Providers list for Brazil. Any providers the advertiser is working with can contact Google to seek certification to be included in the Ad Technology Providers list, if they’re not already included.
Learn more about how we use data in Google Ads:
Data collection, deletion, and retention controls
In addition to the updated LGPD terms, we plan to offer product controls to assist our customers with their LGPD compliance. You can refer to the below for more information on relevant product features to assist with your LGPD compliance. If you believe you may be in scope of the LGPD, we recommend that you work with your legal advisors to assess whether any changes are required.
Audience lists in Google Ads
Customer Match Audiences: We don't retain data files advertisers upload for any longer than necessary to create Customer Match audiences and ensure compliance with our policies (see How Google uses Customer Match data). Once those processes are complete, we'll promptly delete the data files uploaded in the user interface or API. For information on how to update or replace an existing Customer Match audience, see Update your customer list.
Remarketing with Google Ads or Floodlight tags: Advertisers control which users are added to remarketing lists and which are not, as well as the duration users stay on a list. If you use the Google Ads or Floodlight tag (in Google Marketing Platform) for remarketing, there are many ways you can ensure that the tag is not active for users who have indicated they do not want to receive personalized ads. We recommend that you consult your webmaster on possible solutions, including Google Tag Manager or the global site tag. If you use the Google Analytics tag for Google Ads remarketing, learn more in the Google Analytics data section below.
Google Analytics data
Google Analytics has long provided features and policies to help you safeguard your data. The following features, in particular, may prove useful as you evaluate the impact of the LGPD for your company's unique situation and Analytics implementation.
- Data retention: Use the Data Retention controls to manage how long your user and event data is held on our servers.
- Users: The User Deletion API lets you manage the deletion of data associated with individual user identifiers (e.g., site visitors) from your Google Analytics and/or Analytics 360 properties.
- Properties and accounts: Google Analytics customers can also delete data for their properties and/or delete data for their accounts.
- Remarketing: Advertisers control which users are added to remarketing lists and which are not. If you use Google Analytics, you can ensure that advertising features are disabled for users who have indicated they do not want to receive personalized ads. To disable advertising features for those users, including remarketing and advertising reporting features, see Disable advertising features in the Display Features guide.