Google Ads GDPR Compliance Guide for EU Campaigns
Google Ads compliance in the EU involves both technical configuration (Consent Mode, restricted data processing) and ad copy compliance. This guide focuses on what your copy must and must not say to meet GDPR obligations.
Updated 25 June 2026
Google Ads in the EU operates under a complex compliance stack: EU User Consent Policy (which requires Google Consent Mode v2 for personalised ads and remarketing), GDPR, and the Unfair Commercial Practices Directive (UCPD). The Consent Mode requirement is a technical obligation. But ad copy compliance is separate and equally important — it governs what your ads can claim about the product, the audience, and the data being used. This guide covers the copy layer.
Google Consent Mode and what it means for copy (Art. 6)
Google Consent Mode v2 is now required for running personalised ads and remarketing in the EU/EEA. It signals consent status to Google's systems and restricts data use when consent is withheld. What it does not do is make your ad copy compliant. Your copy must still accurately reflect the nature of the product, the data being collected, and the targeting basis. Copy that implies consent-based personalisation when Consent Mode is not properly implemented is doubly risky — technically non-compliant AND copy-level misleading.
Remarketing and Customer Match (Art. 13/14)
Customer Match campaigns use email lists or CRM data uploaded to Google. This constitutes a transfer to a third party (Google) and requires a lawful basis under Art. 6 and disclosure under Art. 13/14. Your privacy notice should name Google as a data recipient. Ad copy in Customer Match campaigns must not imply a level of personalisation that goes beyond what was disclosed in the original data collection notice.
Sensitive categories in Google Ads
Google's advertising policies restrict sensitive categories including health, financial services, and political content. GDPR Art. 9 adds an additional layer: copy that implies a health condition about the audience — even without explicit sensitive-category targeting — triggers Art. 9 obligations. A Performance Max campaign for a diabetes-related product, or an RLSA campaign for a rehab facility, must handle copy carefully even if it passes Google's automated policy check.
Ad copy and UCPD (misleading claims)
The Unfair Commercial Practices Directive (UCPD) applies across EU member states and is enforced alongside GDPR. It prohibits misleading claims, omission of material information, and aggressive commercial practices. In Google Ads, this means: headline claims must be substantiated, price extensions must reflect real availability, countdown timers in responsive ads must be accurate, and urgency copy must reflect real scarcity. UCPD violations in ad copy are enforced by national consumer protection authorities, not DPAs — but the risk often accompanies GDPR risk.
Landing page consistency (Art. 5, 13)
GDPR requires that the personal data collected on a landing page is used only for the purposes disclosed. If your Google Ad promises 'personalised advice' and the landing page collects an email to be added to a marketing list, the purpose of collection must be transparently disclosed. Copy in the ad that overstates the benefit or understates the data collection creates a transparency gap between what the ad implies and what the privacy notice discloses.
Common violations to avoid
- Health condition inference in Performance Max — broad ad copy for health products that implies the audience has a medical condition
- Urgency copy without real scarcity — countdown timers and 'Only 3 left' claims that are not accurate
- Customer Match copy implying personalisation not covered by original consent
- Lead form ads with bundled consent — consent to marketing tied to downloading a resource
- Missing landing page transparency — ad promises personalised results but landing page privacy notice does not disclose the data use
- Misleading guarantee claims — 'Guaranteed ROI' or health outcomes that cannot be substantiated
Get the GDPR Ad Copy Checklist
12 pre-launch compliance checks for EU campaigns. Free, instant delivery.
No spam. Unsubscribe any time.
Frequently asked questions
Does Google Consent Mode make my Google Ads GDPR-compliant?
Consent Mode handles the technical signal about user consent to Google's systems. It does not make your ad copy compliant. You still need to ensure your copy does not imply health conditions, make misleading claims, or create transparency gaps between the ad and your privacy notice.
What GDPR articles apply to Google Ads copy?
The main articles relevant to Google Ads copy are Art. 6 (lawful basis for processing linked to ad targeting), Art. 7 (consent requirements for lead generation forms), Art. 9 (special category data triggered by health/condition copy), and Art. 13/14 (transparency obligations when remarketing or using Customer Match lists). The UCPD also applies to misleading claims.
Can I check my Google ad copy for GDPR compliance?
Yes. Paste your ad copy and any associated landing page intro text into Legalify's free GDPR Ad Copy Checker. It returns article-level findings and compliant rewrites in seconds.
Do Responsive Search Ads have different GDPR compliance requirements?
The GDPR obligations are the same regardless of ad format. With Responsive Search Ads (RSAs), be careful about dynamic combinations that Google assembles — a headline that appears compliant alone may create a non-compliant combination when paired with certain descriptions. Review the full range of likely combinations before approval.
Check your Google Ads ad copy now
Paste your ad copy into the free GDPR Ad Copy Checker and get article-level findings in seconds — no login, no card required.