This guide is intended to provide answers to commonly asked questions and share the framework of Authorized Buyers policy enforcement. The information presented here does not, in any way, change the actual policies, which are available here. You can also access the Authorized Buyers policies from the Program Guidelines link located in the footer of the application.
Automated creative review
Authorized Buyers reserves the right to conduct automated creative reviews in order to maintain the quality of ads on the exchange. While this does not change the Authorized Buyers guidelines, creatives that don't meet our policies will be paused until corrected. The most common issues are: destination URL not working, flash cookies, raw IP addresses, missing or broken click macros, invalid 4th party calls, undeclared or incorrect landing page, customer creative ID misuse, non certified vendors, and creative download sizes.
Authorized Buyers reserves the right to disapprove ads in breach of the content and creative policies outlined in the Google Ads Advertising Policies and to suspend entire accounts for certain violations. If you have any questions about the violations, please contact your account team.
Examples:
- Animation length
- Ads must remain static after 30 seconds
- Creatives:
- May not exceed a 150K initial load. For video creatives, this refers to when nearly 15-20% of the total weight for the first frame is served by the ad server. For display creatives, this refers to when the image or banner is displayed until all the creative assets load on the web page.
- Total download cannot exceed 5MB. Total download is referring to when the complete web page or all of the creative assets have been loaded and displayed.
- Maximum frame rate
- All creatives must open in new windows. The target window for the click-through URL must be set to
"_blank"
so the click-through will open in a new window. Do not leave the target statement undeclared - Trafficking errors, e.g. the destination URL matching where the user is sent, http://gooooogle.com, and leads to a parked domain
- Blank ads - each trafficked ad must contain a creative; rendering blank creatives is not acceptable
- Click-to-call ads - currently not supported
Please refer to the full content guidelines outlined in the Google Ads Advertising Policies, as well as the Requirements for third-party ad serving.
If a client’s ad is disapproved under these circumstances, they will be required to make the necessary compliance changes and resubmit their ads for review.
In addition to the above policies, Authorized Buyers has the following policy on family safe status:
Google assigns a family status to all ads to make sure that ads are shown to an appropriate audience. Products that are considered to have "non-family safe" status cannot currently be run on Authorized Buyers.
We continue to review this status and reserve the right to change this policy for Authorized Buyers.
Data and third-party ad serving includes the following topics.
- Redirects or server-to-server callouts.
- Redirects or callouts to any technology, including ad servers, rich-media servers, tracking technologies, or verification technologies.
Unless:
- The technology is issued by a single buyer on Authorized Buyers solely for their own use and is not licensed to any third parties
- The technology is an approved technology vendor
No fifth-party calls are allowed. You cannot have an ad on Authorized Buyers that calls a third-party ad server that calls another third-party ad server (fourth-party call) that calls another third-party ad server (fifth-party call).
Policy for third and fourth-party calls
Refer to the requirements for third-party ad serving, under third-party ad serving for a complete list of policy requirements.
Data collection
You may use a cookie, web beacon, or other tracking mechanism to collect anonymous traffic data for purposes of aggregated reach, frequency, and/or conversion reporting, provided you use a certified third-party vendor for this purpose. Collecting impression-level data via cookies or other mechanisms for purposes of subsequent re-targeting, interest category categorization or personalization, or syndication to other parties on Google Display Network inventory is prohibited unless publisher provides permission. This restriction does not apply to click- or conversion-level data.
You may not associate cookies, web beacons, or other tracking mechanisms with personally-identifiable information (PII) for any purpose or with precise user location for behavior targeting unless the user has knowingly and expressly opted in. For purposes of this document, PII and precise user location does not include IP addresses.
You will not, and will not assist or knowingly permit any third party, to set a cookie, or alter or delete a cookie set, on any Google owned and operated domains, including, without limitation, on a DoubleClick domain.
You must display a prominent privacy policy with an option for users to persistently opt out of any cookie, web beacon, or other tracking mechanism set by you for data collection.
You can see a list of approved technology vendors who perform data collection, by searching for a research vendor type.
Example
An ad served by a buyer for an advertiser contains a tracking URL, collecting user data to be used with subsequent campaigns. For example, using the pixel below, the vendor "collectuserdata.net", needs to be declared in the ad:
http://collectuserdata.net?name=barry&time=1200&bannerseen=12345
If the vendor is not available on the list of declarable vendors, it is either allowed on the approved technology vendors list or not allowed under any circumstances.
Flash cookies and other locally shared object (LSO) technologies are not allowed on Authorized Buyers.
Flash cookies & local storage
Flash cookies are defined as any locally shared object (LSO) technologies (including, but not limited to, flash cookies, browser helper objects, or HTML5 localStorage) for behavioral advertising, ad delivery, reporting, and/or multi-site advertising.
Example
A flash banner is served that sets a .lso file; the banner writes data about the page the user was on, the products displayed in the banner, and makes a backup of the user’s web cookie data. Users cannot easily or transparently block LSO objects, and it is against Google policies to gather ad serving data from an ad impression.
Please refer to the Requirements for third-party ad serving, under third-party ad serving.
Malware is not accepted or tolerated within any Google product including Authorized Buyers. Google verifies any creatives directly uploaded into Authorized Buyers, or follows the third-party redirect for malware or viruses through proprietary systems.
Malware violations are not accepted or tolerated within any Google product, including Authorized Buyers. Google reviews creatives or the third-party redirect uploaded in the service. Learn more about What Google does to prevent malware.
Given Authorized Buyers's relationship with third-parties, however, there is the possibility that a buyer on Authorized Buyers, either in their system or through a call-out from their system, may have a policy violation or introduce malware or viruses to Authorized Buyers. Any buyer that intentionally violates policy or actively uploads malware or viruses directly into Authorized Buyers will be immediately and permanently terminated. For those using external calls, Google will attempt to detect any such activity and suspend the associated creative or call-out. Should a violation be detected, Google's policy toward the buyer is as follows in the Enforcement section.
Buyers that serve ads from a third-party are required to use a Google click macro in their tags. This allows clicks to be reported back to Google, which can then share them with publishers. Click macros are also used to protect inventory by detecting invalid clicks and impressions. All certified vendors and tags have been tested to support the Google click macro.
Learn more about the different macros and their implementation.
Helping partners comply with U.S. states privacy laws
Google has a long history of taking a user-first approach in everything we do. As a part of our commitment to users, we never sell personal information. We give users transparency and control over their ad experiences via My Ad Center, My Account and several other features to help you manage your account. Per our Personalized advertising policy, we never use sensitive information like health, race, religion, or sexual orientation to personalize ads. We also invest in initiatives such as the Coalition for Better Ads, the Google News Initiative, and ads.txt to support a healthy and sustainable ads ecosystem.
Google welcomes privacy laws that protect consumers. In May 2018, we launched several updates to help advertisers and publishers comply with the General Data Protection Regulation (GDPR) in the EEA and the UK.
In 2019, Google began offering restricted data processing (RDP) to help advertisers, publishers, and partners manage their compliance with the California Consumer Privacy Act (CCPA). In January 2023, we expanded the operation of restricted data processing to help customers and partners manage their compliance with the new U.S. state privacy laws.
Restricted Data Processing
The Authorized Buyers and Open Bidding services always operate under Restricted Data Processing for queries. Buyers/bidders do not need to make any changes for this behavior to be applied.
For customers on our online contracts and updated platform contracts, the restricted data processing terms will be incorporated into our existing platform contracts via the controller-controller terms and will come into force on Jan 1, 2020. There is no action required on your part to add this restricted data processing language into your contract.