Last week, Google emailed its Google Ads and Google Analytics users with a heads-up about new privacy laws coming to some states in the United States. This involves topics around restricted data processing control and universal opt-out mechanisms.
The email explained that in 2024 Florida, Texas, Oregon, Montana, and Colorado have privacy law provisions coming into effect. In addition, the Colorado Privacy Act (CPA) will begin enforcement of its Universal Opt-Out Mechanism (UOOM) provisions. Google added that for US State laws, Google continues to offer compliance tools to help our partners make their own compliance decisions. For Colorado’s UOOM provision, we will be taking direct action by receiving Global Privacy Controls directly from Users and turning off Ads Targeting.
Here is what is changing according to Google:
Google said it will supplement the existing Google Ads Data Processing Terms, Google Ads Controller-Controller Data Protection Terms, Google Measurement Controller-Controller Data Protection Terms, and U.S. State Privacy Laws Addendum fo these states. Google said there is “no additional action is required to accept these terms if you’ve already agreed to the online data protection terms.”
Google also said it will act as your service provider or processor with respect to data processed while Restricted Data Processing (RDP) is enabled for the states outlined above. If you’ve enabled RDP via a product control in Google Ads, then RDP functionality will expand to the other states as they come into effect. google said you can refer to this article for more information on RDP and to determine whether RDP meets your compliance needs and to this article for more information on our commitment to data protection law compliance.
Then for those operating in Colorado, the Colorado Privacy Act Universal Opt-Out Mechanism provisions require that Global Privacy Control signals opt the user out of Ad Targeting. When customers receive or create a GPC, they can send Google a relevant Privacy Parameter like RDP in order to turn off Ad Targeting, Sale, or Share of data. Google added, “Customers should also note that Google can receive Global Privacy Control signals directly from users and will engage RDP mode on their behalf.”
As a result of these changes, advertisers might view less personalized ads inventory for bidding resulting in changes to targeting efficiency. Additionally, Customer Match, Audiences API, and Floodlight Remarketing lists may see degraded functionality due to increased user opt-outs via the Global Privacy Control. For users who have opted out of Ad Targeting via Global Privacy Controls, Google will disable personalized ad serving based on Customer Match, Audiences API, Floodlight, and Remarketing lists for those users, Google explained.
A lot of you already received this email,I received a few, but here is a copy from Gagan Ghotra on X:
