Jump to Content
Compliance

Updated data processing terms to reflect new EU Standard Contractual Clauses

September 24, 2021
https://storage.googleapis.com/gweb-cloudblog-publish/images/security_0417QXA.max-2600x2600.jpg
Marc Crandall

Director and Global Head of Privacy, Google Cloud

Nathaly Rey

Head of EMEA Data Governance, Google Cloud

Try Google Cloud

Start building on Google Cloud with $300 in free credits and 20+ always free products.

Free trial

For years, Google Cloud customers who are subject to European data protection laws1 have relied on our Standard Contractual Clauses (SCCs), as previously approved by regulators, to legitimize overseas transfers of their customer personal data when using our services. 

Today, we are glad to announce an update to our data processing terms for Google Cloud Platform, and Google Workspace (including Workspace for Education) and Cloud Identity, to incorporate various modules of the new EU SCCs approved by the European Commission on June 4, 2021, as well as separate UK SCCs. 

For all Google Cloud customers, this new approach:

  • Offers clear and transparent support for their compliance with applicable European data protection laws;

  • Simplifies the entities involved in contracting by no longer requiring any customer to deal with an additional Google entity only for SCC purposes; and

  • Aligns more closely with potential flows of data within the services.

For customers located in Europe2, Google has further simplified data transfer compliance by assuming all the responsibilities imposed by the new SCCs.

We have also published a new whitepaper that outlines the European legal rules for data transfers and explains our approach to implementing the new EU SCCs - as well as separate UK SCCs - so that our customers can better understand what our updated terms mean for them and their privacy compliance.

We remain committed to helping all customers who rely on our cloud services meet applicable regulatory requirements by protecting any international transfers of their data.


FOOTNOTES

  1. We refer specifically to the EU GDPR, UK GDPR and Swiss Federal Data Protection Act (FDPA)

  2. We refer specifically to customers located in the EEA, UK and Switzerland

Posted in