Whether you're using Google's services to publish apps, create relevant ads, or optimize your website's performance, you should understand its legal policy requirements.

This article covers popular Google tools and services that support online business operations and the legal policies you need to have in order to use them.


Google requires users of many of its services to have a Privacy Policy and a Cookies Policy and to utilize just-in-time notices.

Anyone who uses Google's tools and services must comply with its requirements, which include maintaining certain legal policies on their websites and apps.

If you don't comply with its terms, Google may suspend your account or terminate your access to its services.

Google's Terms of Service agreement lets users know that they may lose access to its services or their accounts may be deleted if they breach its terms:

Google Terms of Service: SUspending or terminating access section

Let's take a look at the main features of each of the policies Google requires.

Privacy Policy

A Privacy Policy is a legal document that describes how you handle users' personal information and how users can exercise their privacy rights.

A Privacy Policy typically contains information about:

  • The types of personal information you collect and process (use)
  • Your reasons for collecting and processing personal information
  • Third parties you share personal information with
  • The types of personal information you disclose to third parties
  • How you keep the information you collect secure
  • How users can exercise their rights
  • How long you retain data
  • Your contact information

Many state laws and global privacy laws - such as the California Consumer Privacy Act (CCPA/CPRA) and the General Data Protection Regulation (GDPR) - require that any websites or apps that collect or process consumers' personal information maintain a Privacy Policy on the website or app.

Here's an example of a Privacy Policy table of contents that further shows what information would be included in this legal agreement:

ClickUp Privacy Policy table of contents

Just-In-Time Notice

A just-in-time notice appears in an area of a website where an individual can provide personal information. It explains how the website owner intends to use the information and can be used to obtain consent.

A just-in-time notice can be text within the relevant part of the website or a pop-up box that contains a short explanation of how the information will be used and a link to your full Privacy Policy. To comply with Google's requirements, a just-in-time notice should include a method for obtaining consent from the user and sending the consent to Google.

Cookies Policy

A Cookies Policy is a document that describes how you use cookies and how users can manage cookies. A Cookies Policy can function as a standalone document, or it can be included as a section within your Privacy Policy.

A Cookies Policy includes information about:

  • What cookies are
  • Why you use cookies
  • The types of cookies you use
  • How users can manage cookies
  • How users can revoke their consent

Businesses that use Google's tools and services and cater to residents of the European Economic Area and the United Kingdom (UK) may be required to get consent from end users before engaging in certain data processing activities, such as using cookies or using personal information for targeted advertising purposes.

You can comply with these requirements by using a Cookie Banner in combination with a Cookies Policy.

A Cookie Banner pops up when users visit your website and explains your intended use of cookies and how users can adjust their cookies preferences.

Many businesses include a link to their Cookies Policy within the Cookie Banner so that users can find out more about how cookies are used and how they can withdraw consent.

Here's an example of a cookie consent banner that informs users about the website's use of cookies, includes options to agree or decline the cookies, and links to a Privacy Preferences page where users can manage cookies and find out more information:

TermsFeed Privacy Consent Notice Banner example

You can add a link to your Cookie or Privacy Policy that includes more information, such as seen below from Visit Florida's Cookie Notice:

Visit Florida cookie notice

Google AdSense is a free service that enables publishers to generate money by displaying ads next to their digital content. With Google AdSense, you create a space on your website for third-party advertisers to display ads tailored to your content and users.

Businesses that use Google Adsense must comply with the Google Publisher Policies, the Adsense Online Terms of Service agreement, and the AdSense Program Policies.

These policies require applicable users to maintain a Privacy Policy, provide cookies information, and use just-in-time notices.

Google requires AdSense users to maintain an easily accessible, regularly updated Privacy Policy that includes the following clauses:

  • Cookies information, including options for how end users can manage cookies
  • Device information
  • Location information
  • A description of any information that they store or access on or collect from end users' devices
  • Whether user data is used for personalized advertising purposes
  • An optional link to Google's How Google uses information from sites or apps that use our services page

Google's AdSense Online Terms of Service agreement explains that users must maintain a Privacy Policy that contains information about cookies and what they do with end users' data:

Google AdSense Terms of Service: Privacy clause

Google also requires publishers who collect, process, or share information that identifies or could be used to guess an end user's exact geographic location to use a just-in-time notice to let the user know how their data may be used.

Google's Publisher Policies explain that publishers who use certain device or location information must notify end users via an interstitial or just-in-time notice:

Google Publisher Policies: Use of device and location data clause

Google's AdSense Program Policies page explains that it may disable the ads or accounts of AdSense users who fail to comply with its requirements:

Google AdSense Program Policies excerpt

Radio Garden's Privacy Policy explains that it uses Google AdSense to show ads to its users and includes a link to the "How Google uses information from sites or apps that use our services" page:

Radio Garden Privacy Policy: Advertising and Google AdSense Cookie clause

Google AdMob is a global ad network that helps mobile app developers earn money from their apps through third-party advertising. App developers design a space for ads within their free apps and advertisers pay to promote products or services that are relevant to the apps' users.

As with AdSense, developers who use Google AdMob must maintain a Privacy Policy to comply with the Google Publisher Policies and its AdMob and AdSense Program Policies.

AdMob users should include information about cookies within their Privacy Policy and use just-in-time notices if they process personal information that could be used to identify a user's precise geographic location.

Google's Admob and Adsense Behavioral Policies page explains that AdMob users must comply with AdSense policies, with an exception for specific ad behavior:

Google AdMob and AdSense Behavioral Policies: Exceptions clause

Radio Garden's Privacy Policy explains that it may store and process users' personal information (with their consent) and lists examples of the types of cookies it uses:

Radio Garden Privacy Policy: Tracking and cookies clause

Google Ads enables users to create online advertising campaigns to sell their products or services or drive traffic to their websites.

Google Ads requires applicable users to maintain a Privacy Policy and information about their use of cookies.

Google Ads requires users who engage in remarketing (serving ads to previous website visitors) to maintain a Privacy Policy that includes additional information:

  • How you use data for online advertising
  • How third-party vendors show ads on your websites
  • How third-party vendors use cookies or device identifiers to serve ads based on users' previous visits to your website or use of your app
  • A description of how users can opt out of Google's use of cookies or device identifiers, or
  • An explanation of how users can opt out of third-party cookies by visiting the Network Advertising Initiative's opt-out page, or
  • An explanation of how users can change cookie preferences via their device settings

Google's What to include in your privacy policy for your data segments page explains its requirements for Google Ads users who use visitors' personal information for remarketing purposes:

Google What to include in your privacy policy for data segments page excerpt

The American Society for Microbiology's Privacy Policy explains that it uses the data it collects for targeted advertising purposes and includes information about how users can opt out of Google's use of cookies, as well as a link to the Network Advertising Initiative's opt-out page:

American Society of Microbiology Privacy Policy excerpt

You will also need to add a cookie consent mechanism to your website that gives users the option to accept or decline non-essential cookies.

Here's an example:

TermsFeed Webnode: Published Cookie Consent banner displayed

Google Analytics collects data from your website or app and generates reports to measure your website's performance.

The Google Analytics Terms of Service agreement requires users to have a Privacy Policy that contains information about cookies, mobile device identifiers, and your use of Google Analytics.

You should also include a link to Google's "How Google uses information from sites or apps that use our services" that discloses your use of Google Analytics and explains how it collects and processes data.

The Google Analytics Terms of Service agreement explains that users must post a Privacy Policy that includes information about cookies, device identifiers, and their use of Google Analytics:

Google Analytics Terms of Service excerpt

Baltimore County Employees Federal Credit Union's Online Privacy Policy lets users know that it uses Google Analytics to collect user data and includes a link to Google's "How Google uses information from sites or apps that use our services" page:

Baltimore County Employees Federal Credit Union Privacy Policy: Google Analytics clause

If you use Google Analytics, always include a cookie consent mechanism that will give users the option to opt out of cookies, including those used for analytics purposes.

Here's an example of this, from Simon & Schuster:

Simon and Schuster Cookie Consent Notice

Read more about this in our feature article: Google Consent Mode

The Google Play Store is an online app store where users can access millions of free and paid apps.

Regardless of whether the app collects or processes users' personal information, app developers who want to display their apps on the Google Play Store must maintain a Privacy Policy.

Google requires developers to post a link to their Privacy Policies within Google Play Console (a tool for publishing apps) and either a Privacy Policy link or the full text of the Privacy Policy within the app.

The Privacy Policy must be clearly labeled and should contain the following information:

  • How the app collects, processes, and shares users' data
  • Information about the developer
  • Privacy-specific contact information
  • The types of data that are collected or processed
  • Third parties user data is shared with
  • Retention and deletion policies

Google's User Data page explains that all apps listed in the Google Play Store must maintain a Privacy Policy:

Google User Data page: Privacy Policy section

Zillow's Privacy Portal includes a brief description of the types of information it collects, how it uses and shares that information, and a link to its Privacy Policy:

Zillow Privacy Portal excerpt

Zillow's Privacy Policy covers the types of personal information it collects and uses, who it shares data with, and its contact information, among other clauses:

Zillow Privacy Policy table of contents

Summary

Anyone who uses Google's tools or services should be aware of its legal policy requirements.

Some of the legal policies Google may require a business owner to maintain include:

  • Privacy Policy
  • Cookies Policy
  • Just-in-time notice

A Privacy Policy describes how you treat users' personal information and how they can exercise their rights.

A Cookies Policy explains what cookies are, how you use them, and how users can adjust their cookie preferences.

A just-in-time notice can be used to provide a synopsis of your Privacy Policy and to get consent from users.

Google AdSense and Google AdMob users may be required to have a Privacy Policy, Cookies Policy, and just-in-time notices. The Privacy Policy should contain cookies, device, and location information and should let users know whether their data is used for personalized advertising purposes.

Google Ads users must maintain a Privacy Policy that includes clauses concerning how users' data is used for online advertising, how third parties show ads and use cookies or device identifiers to serve ads based on users' past visits, how users can change their cookie preferences, and how users can opt out of third-party cookies or device identifiers.

Google Analytics users must have a Privacy Policy that contains information about cookies, mobile device identifiers, their use of Google Analytics, and a link to Google's "How Google uses information from sites or apps that use our services" page.

Developers who want to publish their apps on the Google Play Store must have a Privacy Policy that is accessible from within the app and contains a link to or the text of their Privacy Policy.

Privacy Policy Generator
Comprehensive compliance starts with a Privacy Policy.

Comply with the law with our agreements, policies, and consent banners. Everything is included.

Generate Privacy Policy