If your website or mobile app allows users to log in or create an account by using their Google accounts, there are a few things you'll need to do.
Google has specific requirements when it comes to implementing a Google sign-in button.
This article will look at what Google requires, and show you examples of how you can comply when you add a Google Sign-In button to your site or app.
Google's policies also require you to comply with the "EU User Consent" Policy if the Google sign in button is used.
Padlet obtains consent by requiring users to click Allow to show they consent.
Here are a few additional examples of websites and mobile apps that are using the Google Sign In feature and how they're doing it.
Users are informed that Slides will collect an email address and basic profile info when they click to log in with Google. A user must click Allow to complete the login-with-Google process:
Khan Academy places the Google Sign-In button at the top of its login page.
This sub-section lets users know that if a user registers through one of these services (Facebook or Google), Khan may collect personal information that the user had already given to the other service:
Basecamp uses a colorful Google button for signing up through a Google account.
Basecamp's information on its legal agreements is listed and linked at the bottom of the page in the website footer:
While a user can assume that this is the information that Basecamp collects from the user's Google account, Basecamp would benefit from being more specific and mentioning the Google sign-in functionality, and so would your website or mobile app policy.
If a user is signing-up for an account, Basecamp informs the user that certain information will be collected through Google, including who the user is on Google, an email address, and basic profile info:
A few paragraphs down in its agreement, Wave lets users know that some functionality of the website is highly dependent upon APIs from third parties, such as Google, and that personal information may be collected from these third parties to the extent that the user authorizes Wave to collect that information.
"We may collect Personal Data from you, such as your first and last name, gender, e-mail and mailing address, professional title, company name and password when you create an account."
There's no direct mention of taking this information from Google.
"When buying a PowToon subscription or signing up for a free account, we request information such as your name, email address, home address, credit card information (should you purchase an account) and profession. Of course, you may also visit our site anonymously."
It looks like this:
Dailymotion's sign-in page has an option where users can choose whether they want to create a Dailymotion account, or if they already have an account. Both of these options provide the ability to sign in with Google.
Dailymotion mentions personal information collected during registration for an account in its Data Collected section which states:
"We collect and subsequently process the Data that you voluntarily provide on the registration form on the Website including your user ID, a valid email address, and your date of birth."
There's no mention of data that isn't provided on the registration form on the website, such as data that would be provided if a user chose to sign up through Google.
If you choose to allow your users to sign into your website or mobile app via a Google sign in button, you may need to do each of the following to be fully compliant: