Categories: Tips

AdSense and Adx PII warnings : Who are you sharing your user data with?

Policies Privacy Policy Information Principle Strategy Rules Computing Computer Laptop with screen on table Silhouette and filter sun

Over the last thirty days we have seen an increasing number of long standing AdSense and Ad Exchange publishers receiving PII warnings regarding the passing of PII (Personally Identifiable Information).  These policy notices include a warning that failure to act within 14 days can result in payments being suspended, so can be alarming to receive.  However, swift action and an understanding of the issue usually means that problems can be quickly resolved.

What do the PII warnings look like?

The warnings we have seen come by email to the main contact address on the account. They have the subject line “Google Ads Policy” and are sent from publisher-policy-no-reply@google.com . The emails also have a text file attached containing details of the violation.

The text of the email reads:

Publisher ID: ca-pub-{your publisher id}

Dear Publisher,

It has come to our attention that you are passing personally identifiable information (PII) to Google through your use of one or more of Google’s advertising products – AdSense, DoubleClick for Publishers and/or DoubleClick Ad Exchange.

Our systems have detected information, including email addresses and/or passwords, being passed from the ad requests attached to this email.

Our contracts and policies prohibit information being passed to us that we could recognise as PII. By sending us such information you are in breach of those terms. We take this issue very seriously and ask that you give it your immediate attention. We require you to fix the issue within 30 days.

We ask you to take the following steps to correct the problem:

  • Submit this form to update us on your progress. If you don’t submit the form within the next 14 days, we will place a payment hold on your monetisation account (AdSense and AdX). Make sure that you enter your publisher ID exactly as it is shown at the top of this notification.
  • Review the example ad requests in the attached file. Use this information to start your investigation.
  • Refer to our help centre for additional guidance.

Please be advised that all future communications regarding this issue will occur via email; no notifications will appear inside any ad serving products.


The Google Publisher Policy Team

What does the PII warning mean?

These warnings are sent out when “personally identifiable information” is seen being passed into Google’s platform. Although there are a lot of ways this could happen the most common method seems to be that email addresses are used in the URLs of pages running AdSense, Ad Exchange or DFP code.  This could look something like this:  www.example.com/login?user=redacted@example.com

Because the whole URL is passed into the system and personal information (such as an email address) in that URL is also passed into the system. From there it exists in the system without being controlled as PII and could be shared with third parties such as advertisers or other exchanges.

Why are there suddenly more warnings? Has the policy changed?

It isn’t unusual for policy warnings to come in waves like this. This type of enforcement is probably triggered by an automatic process, so it is easy to imagine that an update to those automated systems would be followed by a flurry of notices being issued.  Policy around PII has been in place for a long time.

What should you do if you get a PII warning?

Most importantly don’t ignore it.  If you don’t respond to the warning in 14 days your account could be suspended.  That doesn’t mean that you have to resolve the whole issue in that timescale, but you do need to acknowledge it. The email you receive includes a link to update Google about the issue. Simply copy your publisher ID into the form and at the very least acknowledge that you are working on it.

With the time pressures reduced you can now investigate the problem more thoroughly.

The text file attached to the warning email includes examples of the URLs where problems were seen.  To solve the problem you have two choices:

  1. Ensure that email addresses never appear in URLs
  2. Don’t run Google ads on those pages

Ensuring that PII never appears in URLs

This is the best solution, but often the more difficult of the two options.  Having forms use “POST” submission types rather than “GET” is a good start, and will often be enough to remove the issue. Switching unsubscribe links to user IDs rather than email addresses would fix another swathe of common PII issues. In practice though removing PII from URLs means having your developer look closely at each example, changing the approach and potentially redirecting old problematic URLs.

This is often more work than disabling ads on problem pages, but solves a wider issue.  If you are passing PII in URLs then there are a number of ways that this data could “leak” off the page. Fixing the core issue rather than just preventing the data passing to Google is therefore a more responsible approach.

Don’t run ads on those URLs when PII is in the URL

Many of the examples that we see are either URLs that 404, form result pages (“thank you pages”) and search results. If you are only using AdSense for content /AdX then these are non-content pages that aren’t eligible for display ads anyway. The easiest approach might simply be to remove the code from those pages.

Depending on how your site is created simply removing the code from certain pages or templates will work. Or it might mean wrapping some logic around the code to prevent it firing.

Need more help?

At OKO partner with publishers to remove the worries of ad serving and help them to earn more.  If you are bored of having to read blog posts like this or would just like to increase your ad revenue why not speak to one of our team and see how we can help?



Mat Bennett :