Yes, Google Ads requires a privacy policy. Google's advertising policies mandate that all advertisers have a privacy policy on their landing pages that discloses data collection practices, cookie usage for remarketing and conversion tracking, and how user data is shared with third parties. Without a compliant policy, your ads will be disapproved and your account may face suspension.
Google Ads is the largest digital advertising platform in the world, used by millions of businesses to drive traffic, leads, and sales. Whether you are running Search campaigns, Display ads, Shopping listings, YouTube video ads, or Performance Max campaigns, Google requires you to comply with its advertising policies. One of the most fundamental requirements is having a privacy policy on your landing pages.
This is not a recommendation. Google explicitly states in its advertising policies that landing pages must include a privacy policy when you collect personal information or use tracking technologies like remarketing pixels and conversion tags. Failing to comply can result in ad disapprovals, limited ad serving, or full account suspension.
This guide covers exactly what Google Ads requires in your privacy policy, how different features like remarketing, conversion tracking, Customer Match, and Performance Max each add specific requirements, and how to create a fully compliant policy in minutes. We also cover the additional legal requirements from GDPR and CCPA that apply to most advertisers.
The Short Answer: Yes, You Need a Privacy Policy
Google Ads requires a privacy policy on your landing pages whenever you collect personal information from users or use tracking technologies. Since virtually every Google Ads advertiser uses at least conversion tracking, this requirement applies to nearly everyone running ads on the platform.
Google's advertising policies page states: "If you collect, use, or disclose personal information through your site or app, you must disclose how you do so." This means any landing page that collects form submissions, tracks conversions, uses remarketing pixels, or employs Customer Match audiences must have a visible privacy policy.
The requirement applies regardless of business size. A local plumber running a $500/month Search campaign faces the same policy requirements as an enterprise brand spending millions per month. Google does not differentiate based on ad spend or company size.
What Happens Without a Privacy Policy
Google reviews landing pages for policy compliance both automatically and through manual reviews. If your landing page lacks a privacy policy, several things can happen. Your individual ads may be disapproved with a policy violation notice. Your remarketing lists may be disabled. Your Customer Match audiences may be rejected. In severe cases, your entire Google Ads account can be suspended for repeated policy violations.
The ad disapproval process can be frustrating because it halts your campaigns while you fix the issue and wait for Google to re-review your landing page. Advertisers who set up a compliant privacy policy before launching their first campaign avoid this disruption entirely.
Q: Do I need a privacy policy even if I only run Search ads?
Yes. Even basic Search campaigns typically use conversion tracking, which places cookies on your landing page visitors. Google requires disclosure of this tracking in a privacy policy. Additionally, if your landing page collects any form data (contact forms, email sign-ups), a privacy policy is mandatory.
Q: Does the privacy policy need to be on the landing page itself?
The privacy policy does not need to be displayed in full on the landing page, but there must be a visible link to it. Most advertisers place a privacy policy link in the footer of their landing page. Google expects the link to be accessible without requiring users to scroll excessively or navigate away from the page.
Google Ads Policy Requirements for Privacy
Google Ads has several overlapping policies that require privacy disclosures. Understanding each one helps you build a policy that covers all scenarios. Here are the key policy areas that affect your privacy requirements.
1. Data Collection and Use Policy
Google requires that advertisers who collect personal information through their landing pages disclose what data is collected, how it is used, and who it is shared with. This applies to form submissions, email sign-ups, purchase data, and any other personally identifiable information gathered from ad clicks.
2. Personalized Advertising Policy
If you use any form of personalized advertising (which includes remarketing, similar audiences, and Customer Match), Google requires additional disclosures. Your privacy policy must explain that you use cookies and tracking technologies for personalized ad delivery, that third-party vendors including Google serve ads based on past website visits, and that users can opt out of personalized ads through Google Ad Settings.
Did you know?
Google Ads processes over 8.5 billion searches per day, and remarketing reaches over 90% of internet users through the Google Display Network. Every remarketing impression requires that the original landing page had a compliant privacy policy disclosing the use of tracking cookies. A single missing privacy policy can affect the compliance of millions of ad impressions.
3. Consent Requirements
Google requires advertisers to obtain appropriate consent from users before collecting their data, particularly in regions with strict privacy laws. In the European Economic Area and the UK, Google requires the use of a Google-certified Consent Management Platform (CMP) to obtain consent for advertising cookies. Without proper consent mechanisms, Google may limit your ad serving in those regions.
4. Restricted Data Processing
For users in California and other US states with privacy laws, Google offers restricted data processing mode. When enabled, Google limits how it uses data from those users. Your privacy policy should explain how you handle data from users in these jurisdictions and disclose your use of restricted data processing where applicable.
5. Enhanced Conversions
If you use enhanced conversions, you are sending hashed first-party data (like email addresses or phone numbers) to Google to improve conversion measurement accuracy. Your privacy policy must disclose this data sharing. Google requires that you have a legal basis for sharing this data and that users are informed about it in your privacy policy.
| Google Ads Feature | Privacy Policy Requirement | Risk If Missing |
|---|---|---|
| Conversion Tracking | Disclose cookie use for measuring ad performance | Ad disapproval |
| Remarketing | Disclose remarketing cookies and opt-out options | Lists disabled, ads disapproved |
| Customer Match | Disclose data sharing with Google for targeting | Audiences rejected |
| Enhanced Conversions | Disclose hashed data sharing for conversion tracking | Feature disabled |
| Performance Max | All of the above, plus cross-channel tracking disclosure | Campaign limited or suspended |
Landing Page Privacy Policy Requirements
Google reviews your landing pages as part of its ad approval process. A landing page that does not meet Google's policy requirements will result in ad disapprovals. Here is what Google looks for on your landing pages regarding privacy.
First, Google expects a visible link to your privacy policy on the landing page. This is typically placed in the footer. The link must lead to a page that loads correctly and contains your actual privacy policy, not a placeholder or an error page.
Second, if your landing page includes a form that collects personal information (name, email, phone number, address), you must have a privacy policy that explains how that data will be used. Google considers this a hard requirement for any lead generation landing page.
Third, the privacy policy must be hosted on the same domain as your landing page. If your ads point to example.com/offer, your privacy policy should be at example.com/privacy-policy, not on a completely different domain.
Did you know?
Google's landing page review process is increasingly automated. Google uses machine learning to scan landing pages for policy compliance, including checking for the presence of a privacy policy link. Pages that lack a visible privacy policy link are flagged automatically, which means you can receive ad disapprovals within hours of launching a campaign rather than waiting for a manual review.
Beyond these basics, Google also checks that your landing page is functional, loads quickly, and provides a good user experience. A broken privacy policy link or a page that takes too long to load can trigger the same disapproval as having no policy at all. Make sure your privacy policy page is fast, mobile-friendly, and accessible.
Conversion Tracking and Privacy Requirements
Google Ads conversion tracking is one of the most widely used features on the platform. It works by placing a cookie on a user's device when they click your ad. When that user later completes a conversion action (like making a purchase or filling out a form), the cookie allows Google to attribute that conversion to your ad click.
Because conversion tracking involves placing cookies and collecting data about user behavior on your website, your privacy policy must disclose this practice. Specifically, you need to explain that you use Google Ads conversion tracking, that a cookie is set when a user clicks on an ad and visits your site, that this cookie is used to track whether the user completes a specific action, and that conversion data is shared with Google to measure ad performance.
If you use the Google tag (gtag.js) or Google Tag Manager to implement conversion tracking, your privacy policy should mention these technologies as well. Users should understand that JavaScript tags on your pages collect data about their interactions and send it to Google for reporting purposes.
Remarketing Privacy Policy Requirements
Remarketing (also called retargeting) is one of the most powerful Google Ads features. It lets you show ads to people who have previously visited your website or interacted with your app. However, remarketing has some of the strictest privacy policy requirements in the Google Ads ecosystem.
Google's personalized advertising policies require that your privacy policy clearly disclose that you use remarketing to advertise across the internet, that third-party vendors including Google use cookies to serve ads based on past visits to your website, that users can opt out of Google's use of cookies by visiting Google Ad Settings, and that users can opt out of third-party vendor cookies through the Network Advertising Initiative opt-out page.
These are not optional recommendations. If you enable remarketing in your Google Ads account and your landing pages do not have a privacy policy with these disclosures, Google can disable your remarketing lists and disapprove your remarketing campaigns. Some advertisers have had their remarketing capabilities permanently revoked for repeated violations.
Did you know?
Google requires that remarketing lists used for sensitive categories (health, finance, relationships) meet even stricter privacy requirements. If your website relates to sensitive topics, Google may restrict your ability to use remarketing entirely unless your privacy practices meet heightened standards. These restrictions exist to protect user privacy in areas where ad targeting could reveal sensitive personal information.
Customer Match Privacy Requirements
Customer Match allows you to upload customer data (email addresses, phone numbers, or mailing addresses) to Google Ads to create targeted audience segments. This feature has some of the most specific privacy policy requirements because it involves sharing personally identifiable information with Google.
To use Customer Match, your privacy policy must disclose that you collect customer data and may share it with third-party advertising platforms for targeted advertising purposes. You must also confirm that the data was collected directly from customers (not purchased from third parties) and that customers consented to receiving marketing communications from you.
Google also requires that you have a compliant privacy policy and a good account history before it will grant access to Customer Match. Accounts with a history of policy violations or accounts that are too new may not qualify. Your privacy policy is one of the qualification criteria Google evaluates.
| Data Type | Customer Match Use | Privacy Policy Must Disclose | Consent Required |
|---|---|---|---|
| Email addresses | Match to Google accounts for ad targeting | Data sharing with Google for advertising | Yes, marketing consent |
| Phone numbers | Match to Google accounts for ad targeting | Data sharing with Google for advertising | Yes, marketing consent |
| Mailing addresses | Match to Google accounts for ad targeting | Data sharing with Google for advertising | Yes, marketing consent |
Performance Max and Privacy Considerations
Performance Max campaigns combine all Google Ads channels (Search, Display, YouTube, Discover, Gmail, and Maps) into a single campaign. Because Performance Max uses machine learning to optimize across all channels, it combines data from multiple tracking sources, which creates broader privacy disclosure requirements.
When running Performance Max, your privacy policy needs to cover the combined data practices of all channels. This includes search query tracking, display remarketing cookies, YouTube video view tracking, Gmail interaction data, and location-based targeting through Maps. Your policy should explain that your advertising may appear across multiple Google properties and that data is collected across these channels to optimize ad delivery.
Performance Max also heavily relies on first-party data signals, including audience signals you provide to Google. If you upload customer lists or provide website visitor data as audience signals, your privacy policy must disclose this data sharing just as it would for Customer Match or remarketing independently.
Common Myths About Google Ads and Privacy Policies
Here are the five most common myths advertisers believe about privacy policies and Google Ads, and why each one puts your campaigns and your account at risk.
Myth: "I only run Search ads, so I don't need a privacy policy."
Reality: Search campaigns still use conversion tracking cookies, which requires privacy disclosure. If your landing page collects any personal information through forms, Google requires a privacy policy regardless of campaign type. Even basic Search ads with no remarketing still need a policy if you track conversions or collect lead data.
Myth: "Google only cares about big advertisers."
Reality: Google applies the same advertising policies to every account regardless of spend level. Small advertisers spending $10/day face the same privacy policy requirements as enterprise advertisers spending $10,000/day. In fact, smaller accounts are sometimes more vulnerable to suspensions because they have less account history to offset policy violations.
Myth: "My website's existing privacy policy covers Google Ads."
Reality: Most generic website privacy policies do not include the specific disclosures Google Ads requires. They may mention "cookies" in general terms but fail to disclose remarketing, conversion tracking, Customer Match data sharing, or opt-out mechanisms for personalized advertising. Your policy must specifically address the Google Ads features you use.
Myth: "Google will warn me before taking action."
Reality: Google may disapprove individual ads without advance warning. While Google typically sends email notifications for ad disapprovals, you may not notice them immediately. Repeated policy violations can escalate to account-level warnings and ultimately suspension. By the time you realize there is a problem, your campaigns may have been paused for days or weeks.
Myth: "A privacy policy is only needed for remarketing."
Reality: While remarketing has the most explicit privacy policy requirements, the requirement extends to all Google Ads features that collect or process user data. Conversion tracking, Customer Match, enhanced conversions, and even basic form submissions on landing pages all trigger the privacy policy requirement. Remarketing is just the most commonly cited example.
How to Create a Google Ads-Compliant Privacy Policy (5 Steps)
Follow these steps to create a privacy policy that will satisfy Google's advertising policy requirements and comply with GDPR and CCPA at the same time.
Audit your advertising data collection
Document every type of data your Google Ads campaigns collect. This includes conversion tracking data from clicks and form submissions, remarketing cookies that track site visitors, Customer Match data from email lists, enhanced conversions data, and any audience signals you provide to Performance Max campaigns. Also list other advertising platforms (Facebook Ads, Microsoft Ads) and analytics tools (Google Analytics) you use alongside Google Ads.
Add Google Ads tracking disclosures
Include a dedicated section about advertising tracking. State that you use Google Ads conversion tracking and remarketing cookies. Explain that third-party vendors, including Google, use cookies to serve ads based on past website visits. Disclose that advertising cookies enable personalized ad delivery across the Google Display Network, YouTube, and other Google properties.
Include opt-out information and links
Provide clear instructions for users who want to opt out of personalized advertising. Link to Google Ad Settings where users can control ad personalization. Also link to the Network Advertising Initiative opt-out page for broader third-party cookie control. Explain what happens when users opt out: they will still see ads, but the ads will not be personalized based on their browsing history.
Add GDPR and CCPA compliance sections
Add sections addressing the rights of EU, UK, and California users. For GDPR, include your legal basis for processing data, data retention periods, user rights (access, rectification, erasure, portability, objection), and consent mechanisms for advertising cookies. For CCPA, disclose the categories of personal information collected, whether you sell data, and how users can exercise their opt-out rights.
Publish on all landing pages and your website
Place a link to your privacy policy in the footer of every landing page used in Google Ads campaigns. Google reviews landing pages for policy compliance, so the link must be visible and the page must load correctly. Also link it from your main website footer, cookie consent banner, and any forms that collect personal data. Ensure the policy is hosted on the same domain as your landing pages.
Shortcut: A privacy policy generator handles all five steps automatically. You answer questions about your advertising setup (including Google Ads features you use), and it generates a complete policy with all required disclosures, cookie information, opt-out links, and legal compliance sections. The whole process takes under five minutes. Generate your Google Ads-compliant policy.
Frequently Asked Questions
Does Google Ads require a privacy policy?
Yes. Google Ads policies require all advertisers to have a privacy policy on their landing pages. This applies whenever you collect personal information, use conversion tracking, run remarketing campaigns, or use Customer Match. Your policy must disclose data collection practices, cookie usage, and opt-out options for personalized advertising.
What privacy policy do I need for remarketing?
For remarketing, your privacy policy must disclose that you use cookies to show ads to past website visitors, that third-party vendors including Google serve ads based on past visits, and that users can opt out through Google Ad Settings and the Network Advertising Initiative. Without these disclosures, Google can disable your remarketing lists.
Do I need a privacy policy for conversion tracking?
Yes. Conversion tracking places cookies on user devices to measure ad performance. Your privacy policy must explain that you use tracking technologies to measure conversions, that a cookie is set when users click your ads, and that conversion data is shared with Google. This applies to all conversion tracking methods including standard tags and enhanced conversions.
What happens if I run Google Ads without a privacy policy?
Your ads may be disapproved, your remarketing lists disabled, your Customer Match audiences rejected, or your account suspended. Google reviews landing pages for policy compliance and a missing privacy policy is a common reason for disapproval. Beyond Google, you also face legal liability under GDPR, CCPA, and other privacy laws.
Does Customer Match require a privacy policy?
Yes. Customer Match involves uploading customer data (emails, phone numbers, addresses) to Google for ad targeting. Your privacy policy must disclose that you share customer data with Google for advertising purposes and that the data was collected with appropriate consent. Google evaluates your privacy policy before granting Customer Match access.
Is a generic privacy policy sufficient for Google Ads?
No. Generic policies lack the specific disclosures Google requires: remarketing cookie mentions, conversion tracking disclosure, Customer Match data sharing, and opt-out links for personalized advertising. Google's automated and manual reviews look for these specific items. Use a generator that supports Google Ads-specific disclosures.
How do I create a privacy policy for Google Ads?
The fastest method is using a privacy policy generator that includes Google Ads-specific disclosures. Indicate which Google Ads features you use (conversion tracking, remarketing, Customer Match), and the generator will produce a policy with required tracking disclosures, opt-out links, and GDPR/CCPA compliance sections. This typically takes under five minutes.
Related Resources
Privacy Policy for Google AdSense
Complete guide for AdSense publishers and bloggers
Privacy Policy for Google Analytics
What to disclose when using Google Analytics tracking
Privacy Policy for Facebook Ads
Meta advertising privacy requirements explained
Privacy Policy for Landing Pages
Why every landing page needs a privacy policy
Privacy Policy for Websites
A comprehensive guide for standard website operators
GDPR Privacy Policy Template
Compliant GDPR template with all required disclosures
What Happens Without a Privacy Policy
The real consequences of operating without one
Privacy Policy Generator
Generate a compliant policy for your Google Ads campaigns
Keep Your Google Ads Running
Do not let a missing privacy policy cost you ad spend and conversions. Generate a Google Ads-compliant privacy policy with all required tracking disclosures, cookie information, and opt-out links in under 60 seconds.
Covers Google Ads, GDPR, CCPA & CalOPPA · Customized to your campaigns · Ready in 60 seconds