Brands need to do things differently now to grow sustainably. Privacy regulations, business requirements from important partners, and savvy customers all demand respect for data and privacy. Privacy-Led Marketing is built on informed consent, legal compliance, and welcoming users’ preferences. Shape your digital strategy, protect your business, and make your customers happier. Read on to learn how.
Resources / Guides / Privacy-Led Marketing
Published by Usercentrics
6 mins to read
Sep 1, 2024

CCPA compliance for Google Ads: What you need to know

The California Consumer Privacy Act (CCPA) is a landmark law that significantly altered how companies collect, manage, and share personal data. For California businesses that use advertising platforms like Google Ads, compliance with the CCPA is not just a legal requirement, but also crucial to maintaining consumer trust.

So, let’s talk about how the CCPA impacts Google Ads and what marketers can do to comply while maintaining their advertising campaigns.

Illustration showing a screen with icons related to CCPA compliance

A brief overview of the California Consumer Privacy Act (CCPA)

The California Consumer Privacy Act (CCPA), which took effect on January 1, 2020, provides California residents with privacy rights and greater control over how their personal information is collected and used by businesses.

The CCPA, which has been amended and updated by the California Privacy Rights Act (CPRA), applies to companies that collect data from California residents and that meet specific criteria, such as generating an annual revenue of over USD 25 million or handling the personal information of 100,000 or more consumers annually.

California residents have the right to:

  • know what personal information is being collected about them
  • request the correction or deletion of personal data held by businesses
  • opt out of the sale, sharing, or use of their personal data for automated decision-making
  • have access to their personal information in a portable format

Learn more about the CCPA, key details, and how your business can use a Consent Management Platform to comply with it.

The CCPA’s impact on Google Ads

As one of the most popular digital advertising platforms globally, Google Ads plays a key role in how advertisers collect and analyze consumer data. However, under the CCPA, businesses using Google Ads need to be aware of how they collect, process, and potentially share personal data.

The CCPA broadly defines “selling” data to include any exchange of personal information for value. Therefore, marketers need to understand how their Google Ads campaigns could fall under this definition. If you’re using Google Ads to target California residents, you may need to update your settings and data practices to ensure compliance.

Key areas where the CCPA affects Google Ads include:

  • Providing an opt-out option to California users who do not want their data sold or shared.
  • Obtaining prior consent before collecting or using personal data from minors.
  • Adjusting the use of data from third-party tracking pixels, remarketing lists, and similar tools.
  • Updating terms and conditions with Google to reflect the role of data processing.

And the stakes are high. Noncompliance with the CCPA can result in penalties of up to USD 7,500 per violation, and Google can shut down advertisers’ accounts that fail to comply with their policies. So it’s vital to ensure your advertising activities remain within legal boundaries.

Google’s approach to CCPA compliance

Google has implemented certain measures to help advertisers comply with the CCPA. By modifying its data collection and processing practices, Google aims to protect consumer privacy while remaining an effective advertising platform.

Restricted data processing

Google introduced restricted data processing (RDP) to help advertisers comply with the CCPA. This feature limits how personal information collected from California residents can be used for certain advertising purposes, such as personalized ads.

Restricted Data Processing automatically applies to data collected through Google Ads services when it detects that an individual is based in California. It includes remarketing, conversion tracking, and audience targeting. With RDP enabled, Google Ads will still serve non-personalized ads to users, but these ads will not be based on specific user behavior or browsing history.

This approach helps protect user privacy while still enabling advertisers to reach a broad audience in California.

Don’t let restricted data processing stop your Google Ads efforts. Learn how to implement consent for Google Ads personalization.

Updates to Google Ads Terms and Conditions

In response to the CCPA, Google has also updated its Terms and Conditions for advertisers. Under the CCPA, Google now acts as a service provider when it comes to personal data processing. This means that Google is required to follow strict rules on how it can use data collected through its advertising services. It cannot use this data for any purpose other than performing services for advertisers.

This shift to service provider status has significant implications for advertisers. Google’s obligations as a service provider help protect personal data from being sold or shared for purposes other than delivering ads.

Best practices to be CCPA-compliant using Google Ads

Navigating CCPA compliance while running effective Google Ads campaigns can be challenging. However, by following the best practices below, you can keep your advertising efforts within legal guidelines while still delivering results.

Enable restricted data processing

Implement restricted data processing for all ads targeting California residents. While not a mandatory practice, doing so helps achieve CCPA compliance for Google Ads by limiting how data is processed and preventing the use of personal information for personalized advertising.

There are two ways marketers can enable Google’s restricted data processing:

  1. You can enable restricted data processing only for individual users who have chosen to opt-out. To do this, you need to add a few lines of code to your website to include the “restricted_data_processing” parameter in your global site tag.
  2. An alternative is to restrict data processing for all users with a California-based IP address. This approach is the easiest way to maintain CCPA compliance while using Google Ads, as it only requires checking a box in the Google Ads Audience Manager tool.

Update your privacy policy

Make sure your privacy policy clearly outlines what types of personal data are being collected through Google Ads. For example, IP addresses, browsing behavior, and purchase history. Explain how you share this data with third-party vendors, including Google, for ad targeting and measurement.

In addition, be sure to include information on how individuals can contact you to exercise their CCPA rights. And consider providing a direct form for requests to opt-out, correct, or delete personal data.

Learn everything you need to know about creating a privacy policy for Google Ads to be CCPA-compliant while running your ad campaigns.

Provide clear opt-out options 

Make it easy for California residents to opt out of the sale or sharing of their personal data. This can be achieved by incorporating a “Do Not Sell Or Share My Personal Information” link on your website (the phrase“Or Share” was added when the CPRA came into effect). Doing so gives users the option to exclude their data from being used for personalized ads. 

Make sure this option is easily accessible and clearly labeled on all relevant pages, including your homepage and your cookie banner. Also ensure that your company has processes in place to respond to requests promptly, which is also required by the CCPA.

Lastly, offer detailed explanations of what opting out entails, such as limited personalized ad targeting, so your website visitors understand the consequences of opting out.

Audit your data collection practices

Conduct an audit of the third-party scripts, cookies, and tracking technologies used in your Google Ads campaigns. Identify whether tools like pixels and remarketing lists are collecting data in a way that could be considered a “sale” under the CCPA. If so, adjust your settings by disabling personalized ads or limiting data retention to avoid potential violations.

If you use cookies or other tracking technologies for retargeting or personalized ads, consider implementing CCPA compliance software to obtain and manage user consent in California. This kind of software can help you manage consent for personalized versus non-personalized ads, and honor user requests to opt-out or modify their consent.

Also, verify that any partners or third-party tools used in conjunction with Google Ads honor consent choices to further avoid noncompliance violations.

Ensure your Google Ads are CCPA-compliant

Navigating CCPA compliance while running effective Google Ads campaigns is essential for businesses operating in California.

Marketers can avoid hefty penalties while protecting consumer privacy by understanding how the CCPA affects data collection and adjusting advertising practices accordingly. CCPA compliance isn’t just a legal necessity, it’s key to developing a sustainable digital marketing strategy that maintains both consumer trust and your ad revenue.