Google Ads · Google Ads Advertising Policies Overview · View original document ↗

Prohibited Practices: Data Collection and Use Violations

High severity High confidence Explicitdocumentlanguage Unique · 0 of 343 platforms
Share 𝕏 Share in Share 🔒 PDF
Monitor governance changes for Google Ads Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

The policy prohibits ads that collect user data through deceptive means, without appropriate security measures, or without user disclosure. This covers collection of financial identifiers, government identifiers, and other personal data through ad interactions.

This analysis describes what Google Ads's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

This provision establishes data collection conduct standards that apply at the ad interaction level, complementing Google's broader privacy policies and creating a platform-level enforcement mechanism for deceptive data collection practices independent of applicable privacy law.

Consumer impact (what this means for users)

The agreement prohibits advertisers from using Google Ads to collect personal data including credit card numbers and Social Security numbers through deceptive ad interactions or without user disclosure. This provision is enforced through ad disapproval and account action.

How other platforms handle this

Ledger Medium

At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.

Strava Medium

If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.

eBay Medium

We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.

See all platforms with this clause type →

Monitoring

Google Ads has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Get Monitor Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
Data collection and use: We want to ensure that ads we serve are not collecting data from users in an unauthorized or deceptive way. Examples of prohibited practices: running ads that collect user data (such as credit card numbers, social security numbers) without appropriate security measures; collecting user data through ad interactions without user knowledge; using misleading or deceptive tactics that collect user data without proper disclosure.

— Excerpt from Google Ads's Google Ads Advertising Policies Overview

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

1) REGULATORY LANDSCAPE: This provision directly engages GDPR in the EU and EEA, which requires lawful basis and transparency for personal data collection, and CCPA and CPRA in California, which require disclosure and opt-out rights for personal information collection. The FTC Act section 5 prohibits unfair or deceptive data collection practices. State data breach notification laws may also be implicated where financial or government identifiers are collected. 2) GOVERNANCE EXPOSURE: High. The provision's reference to collection of credit card numbers and Social Security numbers through ads implicates financial data security standards including PCI-DSS for payment card data and state identity protection statutes. Advertisers using lead generation ads that capture financial or government identifiers should review their data handling infrastructure against these requirements. 3) JURISDICTION FLAGS: GDPR applies to all EU and EEA users regardless of advertiser location. CCPA and CPRA create opt-out and transparency obligations for California residents. Illinois, New York, and other states with comprehensive privacy laws create additional jurisdiction-specific exposure. Advertisers outside the US and EU should assess applicable local data protection laws. 4) COMPLIANCE CONSIDERATIONS: Legal teams should audit lead generation ad formats and landing page data collection mechanisms to confirm that disclosures are present and that data security measures meet applicable standards. Consent mechanisms for remarketing and audience data should be reviewed against GDPR and CCPA requirements. 5) CONTRACT AND VENDOR IMPLICATIONS: Third-party data processors used in conjunction with Google Ads campaigns, including CRM vendors and marketing automation platforms, should be assessed under applicable data processing agreement requirements. GDPR requires formal data processing agreements with processors handling EU personal data.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 3 platforms — free Get Monitor

Free: track 3 platforms + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

  • FTC
    The FTC has enforcement authority over deceptive and unfair data collection practices under section 5 of the FTC Act, directly relevant to unauthorized or deceptive data collection through ads
    File a complaint →
  • State AG
    State attorneys general have enforcement authority over state privacy laws including CCPA, CPRA, and state identity protection statutes relevant to collection of Social Security numbers and financial identifiers
    File a complaint →

Provision details

Document information
Document
Google Ads Advertising Policies Overview
Entity
Google Ads
Document last updated
May 20, 2026
Tracking information
First tracked
May 20, 2026
Last verified
May 20, 2026
Record ID
CA-P-012080
Document ID
CA-D-00854
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
aee6c500561f886a7b9232b86df81734605d45749a2ee8107920b4a3229fd479
Analysis generated
May 20, 2026 12:36 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: Google Ads
Document: Google Ads Advertising Policies Overview
Record ID: CA-P-012080
Captured: 2026-05-20 12:36:54 UTC
SHA-256: aee6c500561f886a…
URL: https://conductatlas.com/platform/google-ads/google-ads-advertising-policies-overview/prohibited-practices-data-collection-and-use-violations/
Accessed: July 4, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
High
Categories

Other risks in this policy

Related Analysis

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Get Compliance

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Google Ads's Prohibited Practices: Data Collection and Use Violations clause do?

This provision establishes data collection conduct standards that apply at the ad interaction level, complementing Google's broader privacy policies and creating a platform-level enforcement mechanism for deceptive data collection practices independent of applicable privacy law.

How does this clause affect you?

The agreement prohibits advertisers from using Google Ads to collect personal data including credit card numbers and Social Security numbers through deceptive ad interactions or without user disclosure. This provision is enforced through ad disapproval and account action.

Is ConductAtlas affiliated with Google Ads?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Google Ads.