Our shared responsibility for privacy compliance.
While direct responsibilities change based on the services you use, privacy controls are always in your hands and Google is always responsible for protecting our infrastructure. We strive to operate in a shared-fate model for privacy and security management. We believe in actively partnering to help you deploy workloads and operate in a privacy-compliant manner, providing you with products and solutions. This also shifts a portion of the cost of privacy and compliance onto Google Cloud and away from customers.
Under many common privacy regulations, the extent of responsibility is determined by whether the entity is acting as a data controller versus a data processor. The exact definition varies by regulation but broadly speaking, the controller role determines the purpose and means of processing, while the processor performs processing according to controller's instructions.
This page describes some of the common privacy principles applicable to customers (typically, acting as data controllers) and Google Cloud (most commonly, as a data processor).
The following privacy principles are relevant to conduct of data controllers that place their data into the cloud, and apply to many jurisdictions around the world. These principles are grounded in globally recognized standards and frameworks (such as OECD Privacy Principles, Fair Information Privacy Principles, ISO/IEC 27001, etc.) and major regional regulations (such as LGPD, GDPR, CPRA, etc).
To learn more about how Google Cloud can help you meet your obligations with these principles, visit our relevant products page.
Personal data should be relevant, and limited to what is necessary in relation to the purposes for which data is collected.
Personal data should be kept in a form which permits identification of data subjects for no longer than is necessary.
Personal data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
Personal data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
Our data processing agreement for Google Workspace and Google Cloud clearly articulates our privacy commitment to customers. We have evolved these terms over the years based on feedback from our customers and regulators. Any data that a customer and its users put into our systems will only be processed in accordance with the customer’s instructions.
Personnel confidentiality commitments
All Google employees are required to sign a confidentiality agreement and complete mandatory confidentiality and privacy trainings, as well as our Code of Conduct training. Google’s Code of Conduct specifically addresses responsibilities and expected behavior with respect to the protection of information.
For full terms see: Google Cloud and Google Workspace - Cloud Data Processing Addendum (CDPA)
Google Group companies directly conduct the majority of data processing activities required to provide the Google Workspace and Google Cloud services. However, we do engage some third-party vendors to assist in supporting these services. Each vendor goes through a rigorous selection process to ensure it has the required technical expertise and can deliver the appropriate level of security and privacy.
We make information available about Google group subprocessors supporting Google Workspace and Google Cloud services, as well as third-party subprocessors involved in those services.
For a full list of relevant contract terms see:
Google operates a global infrastructure designed to provide state-of-the-art security through the entire information processing lifecycle. This infrastructure is built to provide secure deployment of services, secure storage of data with end-user privacy safeguards, secure communications between services, secure and private communication with customers over the Internet, and safe operation by administrators. Google Workspace and Google Cloud run on this infrastructure.
We designed the security of our infrastructure in layers that build upon one another, from the physical security of data centers, to the security protections of our hardware and software, to the processes we use to support operational security. This layered protection creates a strong security foundation for everything we do. A detailed discussion of our Infrastructure Security can be found in our Google infrastructure security design overview whitepaper.
Availability, Integrity and Resilience
Google designs the components of our platform to be highly redundant. Google’s data centers are geographically distributed to minimize the effects of regional disruptions on global products such as natural disasters and local outages. In the event of hardware, software, or network failure, services are automatically and instantly shifted from one facility to another so that operations can continue without interruption. Our highly redundant infrastructure helps customers protect themselves from data loss.
Equipment Testing and Security
Google utilizes barcodes and asset tags to track the status and location of data center equipment from acquisition to installation, retirement, and destruction. If a component fails to pass a performance test at any point during its lifecycle, it is removed from inventory and retired. Google hard drives leverage technologies, such as Full Disk Encryption (FDE) and drive locking, to protect data at rest.
Disaster Recovery Testing
Google conducts disaster recovery testing on an annual basis to provide a coordinated venue for infrastructure and application teams to test communication plans, fail-over scenarios, operational transition, and other emergency responses. All teams that participate in the disaster recovery exercise develop testing plans and post mortems which document the results and lessons learned from the tests.
Encryption
Google uses encryption to protect data in transit and at rest. Google Workspace data in transit between regions is protected using HTTPS, which is activated by default for all users. Google Workspace and Google Cloud services encrypt customer content stored at rest, without any action required from customers, using one or more encryption mechanisms.
Access Controls
For Google employees, access rights and levels are based on job function and role, using the concepts of least-privilege and need-to-know to match access privileges to defined responsibilities. Requests for additional access follow a formal process that involves a request and an approval from a data or system owner, manager, or other executives, as dictated by Google’s security policies. Data centers that house Google Cloud systems and infrastructure components are subject to physical access restrictions and equipped with 24 x 7 on-site security personnel, security guards, access badges, biometric identification mechanisms, physical locks and video cameras to monitor the interior and exterior of the facility.
Incident Management
Google has a dedicated security team responsible for security and privacy of customer data and managing security 24 hours a day and 7 days a week worldwide. Individuals from this team receive incident-related notifications and are responsible for helping resolve emergencies 24 x 7. Incident response policies are in place and procedures for resolving critical incidents are documented. Information from these events is used to help prevent future incidents and can be used as examples for information security training. Google incident management processes and response workflows are documented. Google’s incident management processes are tested on a regular basis as part of our ISO/IEC 27017, ISO/IEC 27018, ISO/IEC 27001, PCI-DSS, SOC 2 and FedRAMP programs to provide our customers and regulators with independent verification of our security, privacy, and compliance controls. More information on our incident response process can be found in our Data incident response process whitepaper.
Vulnerability Management
We scan for software vulnerabilities using a combination of commercially available and purpose-built in-house tools, intensive automated and manual penetration testing, quality assurance processes, software security reviews, and external audits. We also rely on the broader security research community and greatly value their help identifying any vulnerabilities in Google Workspace, Google Cloud, and other Google products. Our Vulnerability Reward Program encourages researchers to report design and implementation issues that may put customer data at risk.
Product security - Google Workspace: To learn more, please visit https://workspace.google.com/security
Product security - Google Cloud: To learn more, please visit https://cloud.google.com/security/
For full terms, see:
Data Subject's Rights
Data controllers can use the Google Workspace and Google Cloud administrative consoles and services functionality to help access, rectify, restrict the processing of, or delete any data that they and their users put into our systems. This functionality will help them fulfill their obligations to respond to requests from data subjects to exercise their rights under the GDPR.
Data Protection Team
Google has designated a DPO for Google LLC and its subsidiaries, to cover data processing subject to the GDPR, including as part of our Cloud products and services. Kristie Chon Flynn is Google's Data Protection Officer. Kristie Chon Flynn is based in Sunnyvale in the U.S.
Where required, Google Cloud products have designated teams to address customer inquiries in relation to data protection. The way to contact these teams is described in the relevant agreement. For Google Workspace the Cloud Data Protection Team can be contacted by Customer’s administrators at https://support.google.com/a/contact/googlecloud_dpr (while administrators are signed in to their admin account) and/or directly by providing a notice to Google as described in the applicable agreement. For Google Cloud, that team can be contacted at https://support.google.com/cloud/contact/dpo.
Incident Notifications
Google Workspace and Google Cloud have provided contractual commitments around incident notification for many years. We will continue to promptly inform you of incidents involving your customer data in line with the data incident terms in our current agreements.
For full terms, see:
Administrators can export customer data, via the functionality of the Google Workspace or Google Cloud services (consult Google Cloud documentation for further information), at any time during the term of the agreement. We have included data export commitments in our data processing terms for several years, and will continue to work to enhance our data export capabilities, making it even easier for you to download a copy of your customer data from Google Workspace and Google Cloud services.
You can also delete customer data, using the functionality of the Google Workspace or Google Cloud services, at any time. When Google receives a complete deletion instruction from you (such as when an email you have deleted can no longer be recovered from your “trash”), Google will delete the relevant customer data from all of its systems within a maximum period of 180 days unless retention obligations apply.
For full terms, see:
Google Cloud and Google Workspace - Cloud Data Processing Addendum (CDPA)
Data Security | Section 7.4
In addition to agreement terms, our customers and regulators expect independent verification of security, privacy, and compliance controls. Google Workspace and Google Cloud undergo several independent third-party audits on a regular basis to provide this assurance.
ISO/IEC 27001 (Information Security Management):
ISO/IEC 27001 is one of the most widely recognized, internationally accepted independent security standards. Google has earned ISO/IEC 27001 certification for the systems, applications, people, technology, processes, and data centers that make up our shared Common Infrastructure as well as for Google Workspace and Google Cloud products. You can access these certificates with Compliance reports manager.
ISO/IEC 27017 (Cloud Security):
ISO/IEC 27017 is an international standard of practice for information security controls based on ISO/IEC 27002, specifically for Cloud Services. Google has been certified compliant with ISO/IEC 27017 for Google Workspace and Google Cloud. You can access these certificates with Compliance reports manager.
ISO/IEC 27018 (Cloud Privacy):
ISO/IEC 27018 is an international standard of practice for protection of personally identifiable information (PII) in Public Cloud Services. Google has been certified compliant with ISO/IEC 27018 for Google Workspace and Google Cloud. You can access these certificates with Compliance reports manager.
ISO/IEC 27701 (Privacy Information Management):
ISO/IEC 27701 is a global privacy standard that focuses on the collection and processing of personally identifiable information (PII). This standard extends the requirements of ISO/IEC 27001 and ISO/IEC 27002 to include data privacy. We have received accredited ISO/IEC 27701 certification as a PII processor for both Google Workspace and Google Cloud. You can access these certificates with Compliance reports manager.
SSAE18/ISAE 3402 (SOC 2/3):
The American Institute of Certified Public Accountants (AICPA) SOC 2 (Service Organization Controls) and SOC 3 audit framework defines Trust Principles and criteria for security, availability, processing integrity, and confidentiality. Google has both SOC 2 and SOC 3 reports for Google Workspace and Google Cloud. You can access these certificates with Compliance reports manager.
Start your next project, explore interactive tutorials, and manage your account.