Notification

The “Linked accounts” page has been upgraded. To link product accounts and connect to data sources, view the new “Data manager” page in Google Ads. Learn more About the Data manager page.

Confidential matching

Learn how confidential matching keeps your information safe.

Confidential matching is a feature of Google Ads Data Manager that allows marketers to use their first-party data for matching using confidential computing. This article explains the purpose of confidential matching and how to use the feature.

About confidential matching

Confidential matching is a feature of Google Ads Data Manager that enables customers to match offline first-party data with Google data using confidential computing technology. This feature is designed to bring added transparency for advertisers into the underlying infrastructure Google uses to collect and process data.

Google always collects, processes and stores data in accordance with our terms of service. Confidential matching helps advertisers understand the properties of Google’s data handling.

How confidential matching works

Confidential matching is a data processing feature that identifies the overlap between an audience list you create and upload, and Google’s data using a trusted execution environment (TEE). Confidential matching removes unused identifiers from audience lists uploaded to Google’s measurement and audience solutions. It is enabled by default, and at no cost to advertisers. As an advertiser, you don’t need to do anything to use it. If you use your data with Customer Match via a “Direct connection” in Google Ads Data Manager or Audience manager, your data will be processed using confidential matching automatically.

Data is matched using the same process for Customer Match generally: the input is a customer list data file you create using contact information your customers have given you, and the output of confidential matching is a list of matched Google users in the form of an audience list in your Google Ads account. You may apply this list to campaigns as you wish for use-cases such as to reach, re-engage or find new customers like them across Search, Shopping, Gmail, YouTube, and Display.

Optional encryption support

Confidential matching provides verifiable technical assurances for data restriction while information is being processed. You also have the option to encrypt your data for additional assurances over access control and processing. By encrypting your data, you can specify the conditions for access to the data, including a technical assurance that only confidential matching can be used to process the data. Encryption is not required to use confidential matching. If your organization requires encryption, refer to the encryption setup guide to learn how to prepare your environment and encrypt your data.

Frequently asked questions

Where in Google Ads can I use confidential matching?

Confidential matching is currently available for Customer Match when you use the “direct connection” option to connect a data source.

Which Google Ads Data Manager Data Sources support confidential matching?

All data sources supported by Ads Data Manager for Customer Match support confidential matching. To see a complete list, visit the Supported data sources page.

How can I tell whether confidential matching is being used?

When you see the confidential matching badge, it means that your data will be processed using confidential computing. If you do not see the badge, confidential matching may not be available for the use case you have selected.

When you see this badge, it means that your data will be  processed using confidential matching.

Where is confidential matching data stored?

Information about the locations of Google data centers is available here. Read more: Safeguards on international data transfers and Google Ads data processing terms.

How can I delete my customers’ data?

Advertisers control what user data is uploaded and can delete/remove user data at any time. Advertisers may also decide and choose which campaign types Customer Match lists will be applied to in their Google Ads account. Advertisers may remove and/or replace an existing Customer Match audience by uploading a new audience. Google Ads Data Manager supports scheduling audience refreshes on a regular basis (including daily, weekly, and ad hoc).

Google users can manage their personalized ads settings in ’My Ad Center’. If you have consent for a specific user’s data but Google does not have consent from that specific user, that user will not be eligible for Customer Match. Google will not include them in audience lists.

Customer Match policies require that advertisers obtain consent from their users for sharing their personal information with Google, where that is legally required. This is consistent with their obligations under existing law in the EU. For more information on deletion in Customer Match, please see About the customer matching process - Google Ads Help

What technical assurances are provided by confidential matching?

Confidential matching follows the same data processing terms as Customer Match. Confidential matching processes data in a Trusted Execution Environment (TEE) that limits how data can be used and who can access it, while enabling additional transparency to the process through cryptographic attestation. Your organization can choose to optionally encrypt and share data. If you choose to do so, you’ll receive attestation that guaranteeing that only confidential matching logic was used for matching. To learn more before making a determination, reach out to your account manager.

Flow of data into TEE and out into an audience list in Google Ads.

What is a trusted execution environment (TEE)?

A trusted execution environment is a special configuration of computer hardware and software that uses a hardware root-of-trust to provide confidentiality of data processing and prevent observation or tampering. TEEs allow external parties to verify that the software does exactly what the software developer claims it does—nothing more or less. At their core, TEEs are infrastructure, like a virtualized server, that provide an isolated environment to process data like personal information.  

Confidential matching is built using Google Cloud’s Confidential Space product, a TEE. You can read the independent security review of Confidential Space by NCC group here, and you can read in-depth about how the underlying technologies work in the Cloud documentation.

Which Google Ads Data Manager Data Sources support encryption?

The confidential matching with encryption article provides an overview of how to encrypt data using a comma-separated value (CSV) file.

Confidential matching will accept data from any data source supported by Data Manager, however you must be able to store encrypted data in the source you’d like to use. Some data sources may not allow you to upload custom fields needed to store encrypted data in the relevant records. In other words, it may be complex or infeasible to use encryption if your preferred data source is not an object store. Google Cloud Storage is one example of an object store that supports storage of encrypted data.

What is attestation?

Attestation is a confidential computing feature that allows a TEE to prove it's running particular software by producing a cryptographic signature. In the case of confidential matching, customers may encrypt their data and require attestation from a TEE running confidential matching before allowing their data to be decrypted and processed.

To learn more about attestation, see Confidential Space security overview.

How can I review the code to verify how data is processed in the TEE?

To review the code that performs data processing for confidential matching, please ask your Google account representative to participate in the confidential matching code review program.

Was this helpful?

How can we improve it?
Search
Clear search
Close search
Google apps
Main menu
11756756638506883833
true
Search Help Center
true
true
true
false
false