Information Harvesting Policy Change: Think You're Immune? Think Again
I hadn’t intended to post about AdWords Policy again today. Nope, my full intention was to move along to a different topic entirely. This was before I’d done my due diligence, however, and checked the Policy Change Log. I know, I know, I harp on this a lot. But to be fair, there’s really a lot of good stuff in there. Like this gem: “The AdWords policy on information harvesting will be changing on May 17, 2011.”
A lot of curious advertisers visiting the change log would probably skip right past the expandable header titled ‘Information Harvesting.’ If they clicked for more info, they might even stop after that first line I quoted above. It’s really easy to assume that you’re not affected, since ‘information harvesting’ sounds incredibly sinister. There’s no way that you could possibly be guilty of such a thing, right? Well, do you have any forms or fields on your website that ask for a user’s full name? Perhaps their birth date? What about their email address, phone number, national identity, or mailing address? Then you should probably pay attention.
Starting on May 17th, AdWords began requiring any advertiser whose website requests any of the above information (as well as other pieces of information not listed above) to “provide a clear, accessible explanation of how the information might be used, as well as a simple, effective way to opt out of future direct communications.” If you don’t do this, you’ll be in violation of the policy and in danger of interruption to your advertising.
Additionally, if you accept any sensitive financial or personal information, such as credit or debit card numbers, bank account numbers, wire transfer numbers, or even a driver’s license number, you’ll need to ensure that it’s “transmitted securely over an SSL (https:) connection.”
So while you may not be the next black hat hacker extraordinaire, if your website collects even the most innocuous of personal information from users you’ll need to include usage information, opt-out information, and possibly an SSL connection. While the internet user in me is grateful for the protection, I have to wonder how this will affect the many websites that contain fairly benign forms. Sure, this will be great when it comes to the shady guys, operating forms purely to sell your information and fill your inbox with spam (or something worse). But I’m sure there are lots of legitimate forms out there, too. I’m not saying they’ll be hurt by this, since anyone on the up-and-up shouldn’t be worried about including usage information, but it will be interesting to see what kind of effect this has on various different types of websites that collect information.
I’m also curious as to the enforcement of this policy. Is it reactive-only, meaning they’ll be accepting complaints about offending sites and taking action then? Or does Google have the resources to proactively seek out these sites and take action? Depending on which tactic is chosen, one could either see very slow forward movement in the changes, or a lot of false positives. In the end I think it’s a good thing, for now I’m just interested in some of the finer details that you won’t necessarily find in the official policy description.
Check out the Information Harvesting policy for more details.