Ads Data Hub privacy checks help prevent the transmission of data about end users or small groups of users. Here’s an overview of these checks and requirements:
- Static checks examine the statements in your queries to look for obvious and immediate privacy concerns, such as exporting user identifiers, or any function of user identifiers, or using blocked functions over fields that contain user-level data.
- Data access budgets limit the total number of times that you can access a given piece of data.
- Aggregation checks ensure that every row contains a large enough number of users to protect end-user privacy.
- Difference checks compare results from the job that you’re running to your previous results, as well as rows from the same result set. This is designed to help prevent you from gathering information about individual users by comparing data from multiple sets of users that meet our aggregation requirements. Difference check violations can be triggered by changes to your underlying data between two jobs.
- Noise injection is an alternative to difference checks. Adding random noise to an aggregating
SELECTclause of a query protects user privacy while providing reasonably accurate results, eliminating the need for difference checks, and reducing the required aggregation threshold for output.
When a result doesn’t pass privacy checks, Ads Data Hub will display or return a privacy message informing you that a row was filtered. This can be any row that was deemed risky, or an entire results set. Use a filtered row summary to capture the dropped rows, unless prevented by privacy restrictions, such as when the users in a filtered row summary don’t meet aggregation requirements.
Learn more about the types of privacy checks.