Leading towards more trustworthy compliance through EU Codes of Conduct
Director and Global Head of Privacy, Google Cloud, Google Cloud
Google is committed to be the best possible place for sustainable digital transformation for European organizations. Our Cloud on Europe’s terms initiative works to meet regional requirements for security, privacy, and digital sovereignty, without compromising on functionality or innovation.
In support of this initiative, we are making our annual declaration of adherence to two important EU codes of conduct for cloud service providers: the SWIPO Code of Conduct and the EU Cloud Code of Conduct. We believe that codes of conduct are effective collaboration instruments among service providers and data protection authorities, where state-of-the-art industry practices can be tailored to meet robust European data protection requirements.
The SWIPO Codes of Conduct
Google believes in an open cloud that gives organizations the ability to build, move, and use their applications across multiple environments. Portability and interoperability are key building blocks of that vision. SWIPO (Switching Cloud Providers and Porting Data) is a multi-stakeholder group facilitated by the European Commission, in order to develop voluntary Codes of Conduct for the proper application of Article 6 "Porting of Data" of the EU Free Flow of Non-Personal Data Regulation. To help demonstrate our commitment, Google adheres to the SWIPO Codes of Conduct for Switching and Porting for our main services across Google Cloud and Workspace.
SWIPO is a European standard, but we apply it across these services globally to support customers worldwide. We see adherence to SWIPO as another opportunity to confirm our commitment to enhancing customer choice.
This is an ongoing effort. We continue to work to improve our data export capabilities and adapt to the changing regulatory landscape. The upcoming EU Data Act aims to reduce vendor lock-in and make the cloud sector more dynamic. The proposal enhances the work done through SWIPO by introducing a mandate for providers to remove obstacles to switching cloud services. We believe the Data Act can help set the right objectives on cloud switching, and also can help address some of the challenges organizations face as they move to the cloud and engage in their own cloud transformations. Google is committed to supporting Europe’s ambition to build a fair and innovative cloud sector.
The EU Cloud Code of Conduct
We are always looking for ways to increase our accountability and compliance support for our customers. To this end, we adhere to the EU Cloud Code of Conduct, a set of requirements that enable cloud service providers to demonstrate their commitment to rigorous data protection standards that align to the GDPR. Google was one of the first cloud providers to support and adhere to the provisions of the code, following meaningful collaboration between the cloud computing community, the European Commission, and data protection authorities.
We’ll continue to listen to our customers and key stakeholders across Europe who are setting policy and helping shape requirements for data security, privacy, and sovereignty. Our goal is to make Google the best possible place for sustainable, digital transformation for European organizations on their terms—and there is much more to come. To learn more about how we support customers’ compliance efforts, visit our Compliance Resource Center.