Today Google announced updates to their data processing and protection terms. In this post I will outline what the changes are, why they are being made, and what it all means to you, the advertiser.
What is changing and why?
Up until now Google has used Privacy Shield, a US Government framework that helps companies ensure they are compliant with GDPR. However, a recent ruling by the Court of Justice of the European Union declared that Privacy Shield does not provide sufficient protections on how personal data is used. As a result, Google are changing their terms and conditions to use “Standard Contractual Clauses” (SCCs) instead of the Privacy Shield framework.
What does this mean for me?
In most cases these changes will have little or no impact on advertisers. They are simply a different way of assuring that personal data is used in a way that respects privacy. The new terms will be incorporated into future agreements with Google. They will apply from August 12, 2020.
In the meantime, you can take a look at your own data handling policies. This is good practice whether you are required to comply with GDPR or not. Google suggests the following checklist:
- Review the data you collect about individuals. Do they know you collect it, and what you use it for? Can they access it? Can they ask you to remove it?
- Your regulators and partners may need to know that you are responsible in the way you handle data. How will you demonstrate your compliance? Similarly, you should consider how your partners and vendors handle personal data that you share.
- Do you have the right systems to record use preferences and consents?
These simple checks will help you to ensure that you are being responsible in the way you handle data.