Now that I have been been working in the PPC space for almost a year and a half now I've seen my fair share of good and bad landing pages. Here at SEER, when we analyze potential landing pages for our clients one of the main things we look for (and won't go live without) is that there is a link to the client's privacy policy on the page. The reason being is because it is one of the AdWords policies that could cause your ads to be disapproved.
One day this fall I learned the hard way another addition of this rule I had never heard of. I went into AdWords to do my usual checks on one of my clients' accounts. I had seen volume drop down since the previous week and wanted to figure out what was going on. After digging I saw a lot of my ads were "suspended" due to landing page violations. The status notice pointed me to this link.
Once I looked around a bit more I realized our violation was specifically for "information harvesting" (See the AdWords help article here). Basically, this policy prohibits “websites that don’t have a clear privacy policy and solicit personal information from users in circumstances where it’s unclear how the information will be used.”
Well that was nothing new... Except I didn't see how this applied to my ads. I was running ads that sent users to landing pages and had a link to the privacy policy at the bottom of the page. I was also sending traffic to the advertiser's actual domain, but the pages on the domain where users were sent didn't have a form or collect any personal information.
After a few calls to AdWords General Support, it turns out if you are sending traffic to a website's main domain (i.e., not a landing page), anywhere on that domain that asks for personal information needs to have a link to a privacy policy. Not just anywhere on the page either (there was a privacy policy in the footer when I was suspended), but it needs to be connected to the form in some way. Or, in Google's words, "easily accessible and prominent on the site before users enter their details." While my landing pages did have a privacy policy; just like the pages on the main domain, the link to the privacy policy was in the footer. Below is the landing page I was using and where the privacy policy was when we got suspended.
I should point out it isn't just the link on the headline that is reviewed for privacy policy compliance. When Google's team reviews your ads they will follow every link in an ad for possible pages a user could end up at, this includes pages that sitelinks direct to. So even if your headline is sending traffic to a landing page that has a privacy policy in the correct place, if your sitelinks are sending traffic to the main domain that collects personal information, without a privacy policy in the right place you could be at risk.
To fix this (and be sure it didn't happen again) I did an audit of the entire domain to be sure anywhere we collected personal data- even just a simple email address- there was a privacy policy next to the form. Once everything was updated with a simply call to AdWords General Support I was submitted for re-review within a day of submitting my ads my ads were up and running again.
None of us on the PPC team had ever heard about how far this "information harvesting" rule could potentially be taken and result in negative (and not easy to fix) consequences. We have all checked our clients' domains and landing pages to make sure we are proactive with this policy moving forward. Has anyone ever run into any issues with AdWords privacy policies they weren't aware of? What were the results?