Google’s Publisher Policy Team, based out of Mountainview, have been busy emailing out their sincerest apologies to publishers to recently received erroneous communications about breaches to the AdSense PII policy. Whilst the original emails were sent in error, they’ve been an eye opener to many publishers who were not previously aware of the policies around PII.
What happened?
A large number of publishers received an email saying that a policy issue relating to PII had now been resolved despite never having received notification or an issue (and it not appearing in their AdSense dashboards). Realising their error, the Google Publisher Policy Team sent out an email apologising for the wrongly sent emails. Crucially though this was sent to large numbers of publishers who didn’t receive the original erroneous email. Despite all the confusion this is an issue that publishers should be aware of.
PII – Personally Identifiable Information
Google’s AdSense Programme policies page defines personally identifiable information as information that “Google could use or recognise as personally-identifiable information” or “permanently identifies a particular device”. That can mean anything from names to email addresses, phone numbers or the serial numbers of a mobile device.
You shall not pass!
When it comes to passing information to AdSense, DFP or AdX there are limited ways that this can be done. The most common is through the URL that is requesting the ad impression. If you put PII into URLs this isn’t a good thing for a number of reasons that go way beyond Ad Serving. It will though pass that PII into the ad system.
Other ways this can happen would usually be more deliberate such as using custom targeting criteria in DFP to pass the values.
Why is this an issue?
Google loves to build up information on its users, but it does so within the bounds of its privacy policy. Information passed into the ad system through the means described above would become available to advertisers and those operating on the buy-side of the ad system. Once in the wild it would not be protected by the privacy policies in place at Google.
False positives and confusion
The recent erroneous warning will not help with a topic that already causes confusion. If a warning appears in your dashboard or you receive a policy warning about PII this should not be ignored as it is considered a serious issue by Google.
Publishers who have genuine warnings around this issue are often surprised and confused at how they might be passing personally identifiable information. Below are some ways we have seen publishers get caught out with this issue.
- Member profile pages that use PII in URLs
- Passing emails as custom targeting criteria in order to target users through DFP
- Not sanitising URLs on user generated content, such as forum posts
- Passing form variables using the GET method
There are some more examples in this policy video from Google:
If you are confused by Google AdSense programme policies and could benefit from a more supportive kind or support, why not talk to OKO? We work with publishers to help them grow their business is safe, sustainable ways.
