New: Google Won't Use Spam Reports With Personally Identifying Information

Spam reporting has long been a cornerstone of Google’s effort to keep search results clean, allowing users to flag malicious or deceptive sites. Historically, the reports included the full text of the submission so site owners could understand the context behind a manual action. Earlier this month, Google announced it would forward all report content, including any personal details, to the targeted site—a shift that sparked immediate concern over privacy and potential legal exposure.

In response, Google introduced a new safeguard: any report containing personally identifying information will be automatically rejected. The change reflects heightened scrutiny from regulators such as the EU’s GDPR and California’s CCPA, which impose strict penalties for mishandling personal data. By filtering out PII, Google not only protects users but also reduces the risk of liability for both itself and the site owners receiving the reports. Webmasters now need to ensure that their spam‑reporting workflows strip out names, email addresses, or phone numbers before submission.

The broader implication is a clearer delineation between user privacy and the operational needs of search quality teams. While the filtered reports still provide enough context for manual actions, the policy underscores a trend toward privacy‑first design in core platform tools. Stakeholders should update internal guidelines, train staff on PII detection, and monitor Google’s future communications for any refinements. Maintaining compliance will be essential for preserving the credibility of the spam‑reporting ecosystem and avoiding inadvertent data breaches.