YouTube Ads updated its Google Privacy Policy on May 27, 2026, clarifying and expanding descriptions of how data is collected and used. The policy now explicitly states that Google collects data not associated with user accounts (previously only implied), adds media files to the list of collected activity types, and refines language describing how activity data is saved to user histories. The policy also introduces examples of which Google services store activity to specific history categories (Search Services History, Web & App Activity). These changes primarily clarify existing practices rather than introducing fundamentally new data collection or usage, though they make explicit what was previously described in general terms.
The updated policy clarifies how Google collects and stores activity data. The policy now explicitly states that Google collects data from unsigned-out browser sessions using device identifiers, and adds media files (images, files, audio, video) to the list of activity information it collects. The policy also provides more granular detail about how activity is stored to different history categories depending on the service (Search, Maps, Shopping, or Web & App Activity). These changes make prior practices more explicit but do not authorize new collection types beyond what was previously disclosed. You can continue to adjust privacy settings and history controls through your Google Account to manage whether data is saved.
The updated policy makes explicit what data types Google collects (media files, unsigned-out browser data) and how activity is organized into service-specific history categories. This clarifies the scope of data Google discloses it collects and processes, which is operationally important for users managing their privacy settings and for organizations ensuring their disclosures align with Google's stated practices. The changes do not expand collection authority but rather make existing practices more transparent through detailed examples and explicit categorization.
→ Review your Google Account privacy settings to understand which history types are enabled and adjust according to your preferences
→ Visit myactivity.google.com to review the types of data Google has stored across Search Services History, Web & App Activity, and other service-based history categories
→ The terms will apply as written, and Google will continue to collect activity data from unsigned-out browser sessions using device identifiers and store media files as part of activity history
→ Activity from different Google services will be organized and stored in service-specific history categories (Search Services History, Web & App Activity, etc.) as described in the updated policy
Policy now explicitly states Google collects and stores data from unsigned-out users with device identifiers; previously implied but not directly stated.
Policy adds 'media (images, files, audio, video)' to the list of collected activity types, replacing previous language that did not explicitly enumerate media.
Policy adds examples clarifying that activity from different services (Search, Maps, Shopping, Web & App) is stored to specific history categories rather than a single activity log.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
This is a clarification update to the Google Privacy Policy effective May 26, 2026. The changes make explicit what data types are collected (media files, unsigned-out browser data) and detail how activity is categorized and stored to specific history types. No fundamentally new data processing authority is asserted. Organizations using Google Ads or Google services should review the updated language to ensure their privacy notices and data processing agreements accurately reflect these clarified collection and storage practices, though no material regulatory exposure appears to be created by the wording changes themselves.
GDPR (lawful basis for processing unsigned-out user data, transparency), CCPA (collection and use disclosures), FTC Act Section 5 (unfair or deceptive privacy practices), ePrivacy Directive (consent for non-essential tracking of unsigned-out users).
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Monitor: regulatory citations + obligations. Compliance: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-002372.
This new provision explicitly clarifies that Google collects information from third parties and categorizes collection methods, making data sourcing more transparent but also emphasizing the breadth of collection.
This new provision explicitly discloses collection of sensitive financial data including payment card numbers, which was not previously detailed and represents a significant privacy consideration for users engaging in transactions.
The removal of Location History as a named feature and user control mechanism represents a less transparent approach to location data collection, though the content was effectively merged into a more technical 'Location Data Collection' provision.
The removal of the explicit 'good-faith belief' standard and detailed legal process language represents a less specific commitment regarding government data requests and law enforcement disclosures.
The removal of explicit data retention policy details (varying retention periods, automatic deletion, and immediate deletion upon user request) represents less transparency about how long Google retains different types of user data.
Severity downgraded from high to medium, language simplified to remove specific examples (voice purchase, security features) and emphasis added on 'process' alongside collection.
Severity downgraded from high to medium, focus shifted from user controls and Location History settings to technical collection methods (IP address, GPS, sensors), making the provision less user-control oriented and more technical.
Severity downgraded from medium to low, the second sentence regarding affiliates and trusted businesses processing was removed entirely, significantly shortening and simplifying the disclosure.
Severity downgraded from high to medium, language changed from permissive ('don't knowingly collect') to affirmative prohibition, and explicit parental consent requirement added with commitment to rapid deletion if violation occurs.
Severity downgraded from high to medium, the provision was narrowed to focus only on ads (removing broader service customization), and vague 'other factors' language added while removing the cross-site behavioral tracking example.
This provision was substantially restructured and renamed to 'User Data Access, Export, and Deletion Rights' with severity downgraded to low, focusing narrowly on export and deletion rights while removing the comprehensive list of privacy controls and settings options.
Cross-platform context
See how other platforms handle similar provisions across the ConductAtlas archive.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — MonitorYouTube Ads updated its Terms of Service on May 5, 2026, making several clarifications and corrections. The most notable change …
YouTube Ads updated its Terms of Service on April 26, 2026 with minor language edits. The company standardized language references …
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.