What are the institutional and regulatory implications of this document?

1. REGULATORY EXPOSURE: This policy directly engages GDPR Arts. 5, 6, 9, 13, 14, 17, 20 (lawful basis, sensitive data, erasure, portability) enforced by EU Data Protection Authorities including Ireland's DPC as lead supervisory authority; CCPA/CPRA §§1798.100–1798.199 enforced by California Privacy Protection Agency (CPPA) and California AG; COPPA 16 CFR Part 312 enforced by FTC regarding data collection from users under 13; EU-U.S. Data Privacy Framework governing transatlantic data transfers;…

How does Google's Google Privacy Policy affect users?

Google's privacy policy means that virtually every interaction you have with Google products — from searches and emails to map directions and YouTube videos — is logged and used to build a detailed personal profile for advertising purposes. This profiling extends across services you may not realise are connected, including third-party websites and apps that use Google's advertising infrastructure. You can review, pause, or delete your activity data by visiting myaccount.google.com/data-and-priv…

How often is Google's Google Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Google updates this document?

Yes. Watcher subscribers ($9.99/month) can add Google to their watchlist and receive same-day email alerts whenever this document or any other Google document changes.

Google Privacy Policy — Google

8 Total

5 High severity

3 Medium severity

0 Low severity

Summary

This is Google's privacy policy, which explains how Google collects and uses your personal information across all of its products — including Search, Gmail, YouTube, Maps, and Google Ads — covering data like your location, search history, voice recordings, and browsing activity. The most important thing to know is that Google combines your data across all its services to build a detailed profile used to target you with personalized ads, even when you are not signed in to a Google account. You can review and delete your activity data, manage ad personalization settings, and download your data at myaccount.google.com.

Technical Summary

This document is Google's global Privacy Policy, governing the collection, use, retention, and sharing of personal data across all Google services (Search, Gmail, Maps, YouTube, advertising products, etc.), with legal basis grounded in consent, legitimate interest, and contractual necessity under applicable frameworks including GDPR and CCPA. The most significant obligations include Google's collection of a broad range of user data — including search queries, location history, voice and audio activity, browsing history, app usage, device identifiers, and inferred demographic and interest profiles — and its use of this data to personalize advertising across Google and third-party surfaces. Notably, Google retains the right to combine data across all its services and signed-out user data, creating a comprehensive cross-service profiling capability that exceeds the data practices of most single-purpose platforms; the policy also discloses sharing personal data with 'partners' and advertisers in ways that may not be immediately apparent to average users. The policy engages GDPR (Articles 6, 9, 17, 20), CCPA/CPRA (§1798.100 et seq.), COPPA (16 CFR Part 312), and the EU-U.S. Data Privacy Framework, with the FTC serving as primary U.S. enforcement authority; material compliance considerations include the breadth of sensitive data categories processed, the adequacy of consent mechanisms for minors, and the sufficiency of data transfer safeguards for EU/EEA users.

Evidence Provenance

Captured April 19, 2026 06:03 UTC

Document ID CA-D-000015

Version ID CA-V-000627

Source URL https://policies.google.com/privacy

Wayback Machine View archived versions →

SHA-256 c218a556b60a30e05b8cb088bb0e79633b2f12d03691d7541d3f8d5cdafcb5a2

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Cryptographically signed

Institutional Analysis

🔒 Institutional analysis locked

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Upgrade to Professional — $149/mo

Change Timeline

April 19, 2026 — Document updated medium

Google updated its Privacy Policy on April 19, 2026 to add a new section specifically addressing U.S. state privacy law requirements, clarifying how it collects, uses, and shares personal information for residents of states with such laws. The update explicitly states that Google does not sell personal information and does not 'share' it as defined under California's CCPA. This matters because it gives U.S. consumers — especially Californians — clearer disclosures about their data rights and confirms that Google is not engaged in certain data-sharing practices regulated by state law.

65 added · 1 modified
View diff → View full record →
c218a556…
April 18, 2026 — Document updated medium

Google updated its Privacy Policy on April 18, 2026, changing how it describes data collection and sharing related to Google Analytics and ad services. Key changes include broadening language around cross-site tracking (from Google Analytics specifically to 'ad or analytics services' generally), clarifying that third-party sites 'still' share data with Google even in Incognito mode (removing the word 'may'), and updating the policy's effective date to April 2, 2026. These changes expand the described scope of data sharing and remove some limiting language that previously softened how data flows were described.

· 1 removed · 9 modified
View diff → View full record →
09c45d85…
March 6, 2026 — Initial capture

Initial snapshot — monitoring begins

f243f397…

View full version history (0 captures) →

Analyzed Changes

2 changes analyzed since monitoring began.

Updated April 19, 2026

medium

What changed Google updated their Google Privacy Policy on April 19, 2026. Change detected: 65 sentence(s) added, 1 sentence(s) modified. Document contained 362 sentences after update.

Consumer impact Google's updated policy now explicitly tells U.S. consumers — especially California residents — that it does not sell their personal information and does not 'share' it as defined under the CCPA, providing stronger transparency about data practices. The new section also maps out exactly where in the policy to find information about data collection, use, disclosure, and retention, making it easier for consumers to understand their rights. You can submit a request to Google to learn what personal information it has collected, used, or disclosed about you, as guaranteed under applicable U.S. state privacy laws.

Why it matters This change gives California and other U.S. state residents explicit, policy-level confirmation that Google does not sell or share their personal data under state privacy law definitions, reducing ambiguity about their data rights. It also makes it easier for consumers to find and exercise their rights by mapping the policy's key sections.

Updated April 18, 2026

medium

What changed Google updated their Google Privacy Policy on April 18, 2026. Change detected: 1 sentence(s) removed, 9 sentence(s) modified. Document contained 297 sentences after update.

Consumer impact Google has updated its policy to state more definitively that third-party sites and apps share your data with Google even when you use Incognito mode — previously the policy said they 'may' share, now it says they 'still' share. The scope of cross-site tracking has also been broadened from 'Google Analytics' specifically to any 'ad or analytics services,' meaning more of Google's tools are now explicitly covered by these data-linking practices. You can visit your Google Account's Privacy Checkup and review your Web & App Activity controls to limit how this data is saved and used.

Why it matters Google has formally broadened the described scope of its cross-site tracking and confirmed — not just suggested — that Incognito mode does not protect users from data sharing with Google. This means users have less technical and policy-based protection from cross-site tracking than the prior language implied.

Recent Clause-Level Changes Apr 19, 2026

8 provisions unchanged.

View full change record →

High Severity — 5 provisions

Cross-Service Data Combination for Advertising

Google takes data from everything you do across all its products — Search, Gmail, YouTube, Maps — and combines it to build a profile about you, which it uses to show you targeted ads across the internet.

Added April 28, 2026
Location Data Collection and Retention

Google tracks your physical location using GPS, Wi-Fi, cell towers, and IP address across its services, stores it as a 'Location History' timeline, and does not automatically delete past location data even if you turn off future tracking.

Added April 28, 2026
Children and Minors Data Protections

Google does not allow children under 13 to create accounts without parental approval via Family Link, and does not serve them personalized ads — but older minors (13-17) may still have their data collected and used for certain purposes.

Added April 28, 2026
International Data Transfers

If you're in Europe, your personal data is transferred to Google's servers in the United States, protected by Standard Contractual Clauses approved by the EU — a legal mechanism that has faced ongoing legal challenges.

Added April 28, 2026
Voice and Audio Data Collection

When you use Google's voice features (like 'Hey Google' or voice search), Google records and may store your audio — including the content of what you said — depending on your account settings.

Added April 28, 2026

Medium Severity — 3 provisions

Data Sharing with Third-Party Partners and Advertisers

Google shares your personal data with its affiliates and 'trusted business partners' who process data on Google's behalf, as well as disclosing it when legally required — though the category of 'trusted businesses' is broad and not exhaustively defined.

Added April 28, 2026
Data Retention Policy

Google keeps different types of your data for different lengths of time — some is deleted automatically, some you can delete yourself, and some is kept indefinitely for 'legitimate business or legal purposes' without a specified end date.

Added April 28, 2026
User Rights: Access, Deletion, Portability, and Correction

Google gives you the right to see, correct, delete, and download your personal data, and to opt out of personalized ads — all manageable through your Google Account settings at myaccount.google.com.

Added April 28, 2026