AdWords Policy Update: Collecting Personal or Financial Details

Posted 06/05/2011

AdWords Policy Update: Personal and Financial InformationAdWords is releasing an important update to their advertising policy on 17 May 2011. If you don’t want to get caught out, make sure that you review your website now.

From this date onwards advertisers who collect personal or financial details from their visitors will need to be more secure and transparent or face suspension.

When collecting payments and certain personal information advertisers must use Secure Sockets Layer (SSL) to encrypt sensitive information. This is to ensure safety for all customers who visit your website via a Google AdWords advert.

If you collect any of the following details, you will need to transmit them over an SSL connection:

  • Credit and debit card numbers
  • Bank and investment account numbers
  • Checking account numbers
  • Wire transfer numbers
  • National identity, pension, social security, tax ID, health care, or driver’s license number

As you will already know there are strict data protection laws in the EU regarding the collection of other personal information.  This is not the case around the world and so Google has also introduced the following stipulations:

  • Have an easily accessible privacy policy explaining clearly and simply how the data will be used.
  • The privacy policy must tell visitors how to opt out or stop receiving communications from you.

If your website is fully compliant with all existing legal requirements you will already have an appropriate privacy policy in place.

However, the requirement to use SSL when collecting payments and certain personal details is brand new. So, you should review your site immediately to see if action is required – and if it is, take steps now so that you are using SSL before 17 May.

Read the announcement on the AdWords Blog.

Recommended Reading

Google AdWords UK: Trademark Policy Update

How Does the AdWords Auction Work?

Company Website Statutory Requirements

Comments
  1. It seems to me that there is a bad match as to what data Google considers “sensitive” and what our EU Data Protection Act stipulates. Legally the same security measures should apply to any sensitive personal data: racial or ethnic information, political opinions, religious belief, etc

    Susan

Leave a comment