EU Standard Contractual Clauses
In 2010, the European Commission (EC) approved model contract clauses as a means of complying with the requirements of the EU Data Protection Directive, which in May 2018 was replaced by the General Data Protection Regulation (GDPR). For years, Google Cloud customers who are subject to European data protection laws relied on our 2010 Standard Contractual Clauses (also known as Model Contract Clauses), as previously approved by regulators, to legitimize overseas transfers of their customer personal data when using our services.
On 4 June 2021 the EC published new Standard Contractual Clauses (SCCs) to help safeguard personal data. These new SCCs replaced the SCCs previously adopted by the EC in 2010 and can be used to facilitate lawful transfers of data under certain conditions. By imposing various contractual obligations, SCCs allow personal data subject to the GDPR to flow to recipients outside the European Economic Area (EEA).
We have updated our data processing terms for Google Cloud Platform, and Google Workspace (including Workspace for Education) and Cloud Identity, to incorporate the new SCCs.
For all Google Cloud customers, this new approach:
- offers clear and transparent support for their compliance with applicable European data protection laws;
- simplifies the entities involved in contracting by no longer requiring any customer to deal with an additional Google entity only for SCC purposes; and
- aligns more closely with potential flows of data within the services.
For customers located in Europe (i.e. in the EEA, UK and Switzerland), Google has further simplified data transfer compliance by assuming all the responsibilities imposed by the new SCCs.
Our whitepaper outlines the European legal rules for data transfers and explains our approach to implementing the new EU SCCs - as well as separate UK SCCs - so that our customers can better understand what our updated terms mean for them and their privacy compliance.