Introducing new commitments on the processing of service data for our cloud customers
Director and Global Head of Privacy, Google Cloud
At Google, we engage regularly with customers, regulators, policymakers, and other stakeholders to provide transparency into our operations, policies, and practices and to further strengthen our commitment to privacy compliance. One such engagement is our ongoing work with the Dutch government regarding its Data Protection Impact Assessment (DPIA) of Google Workspace and Workspace for Education.
As a result of that engagement, today Google is announcing our intention to offer new contractual privacy commitments for service data1 that align with the commitments we offer for customer data.2 Once those new commitments become generally available, we will process service data as a processor under customers’ instructions, with the exception of limited processing3 that we will continue to undertake as a controller. We will provide further details as we implement these updates - planned for Google Workspace, Google Workspace for Education and Google Cloud4 services - beginning in 2023 and in successive phases through 2024.
In parallel, Google is working to develop a version of Chrome OS (including Chrome browser running on managed Chrome OS devices) for which Google will offer similar processor commitments. In line with our goal of giving customers greater transparency and control over their data, we’re aiming to provide this updated version of Chrome OS, once it’s complete, to our enterprise and education customers around the world.
We recognise that privacy compliance plays a crucial role in earning and maintaining your trust, and we will continue to work diligently to help make compliance easier for your business as you use our cloud services. To learn more about our approach to privacy compliance, please visit our Privacy Resource Center.
1. Service Data is defined in the Google Cloud Privacy Notice as the personal information Google collects or generates during the provision and administration of the Cloud Services, excluding any Customer Data and Partner Data.
2. Customer Data means data submitted, stored, sent or received via the services by customer or end users, as further described in the applicable data processing terms.
3. For example, billing and account management, capacity planning and forecast modeling, detecting, preventing and responding to security risks and technical issues.
4. Formerly known as Google Cloud Platform.
An update on Google Cloud’s commitments to E.U. businesses in light of the new E.U.-U.S. data transfer framework
Google Cloud welcomes the new data transfer framework deal agreed by the E.U./U.S. and explains how we support customers to further protect their data.
By Marc Crandall • 4-minute read