Google addresses customer data protection, security in Workspace

Google has also introduced new Workspace features as we continue to work from home.

Google has outlined how the company handles customer data in response to a Dutch data protection assessment. 

Launched in October, Google Workspace is an enterprise suite for applications including Gmail, Meet, Drive, and Sheets, software that can be useful for businesses currently adopting work from home or hybrid workplace models. 

A Data Protection Impact Assessment (DPIA) was recently published by Dutch data protection authorities outlining comparisons between data handling in Google Workspace. 

The DPIA included ten original 'risk' factors to government agencies adopting Google Workspace, citing issues including a lack of transparency concerning the purposes behind processing both customer and diagnostic data; potential legal gray areas surrounding both the tech giant and government bodies acting as data controllers or processors, "privacy-unfriendly" default settings, and potential spill-overs between 'one-account' users in personal and enterprise settings. 

On Monday, Google Cloud VP of EMEA South, Samuel Bonamigo, said that in response to the DPIA and a separate assessment of and Google Workspace for Education delivered to the Dutch government, Google "welcomes the opportunity to demonstrate our commitment to privacy and security."

Google is in discussion with the Dutch government over the concerns highlighted, but wants to emphasize that Workspace solutions have been designed "to secure and protect the privacy of our customers' data."

"Our cloud is designed to empower European organizations' strict security and privacy requirements and expectations," Google says. "We adhere to regulatory and compliance requirements to protect our customers' data. And we believe that it is deeply important for us to be transparent about our products and our practices."

Google says that user or service data is not used for targeted ads or creating ad profiles, and ads are not shown in Workspace and Workspace for Education Core Services, which are the premium versions of existing tools. Cloud customer data is also only processed based on customer agreements and is kept in the control of the user, the company says. 

Google has also created the Google Cloud Privacy Notice to outline how service data is processed, alongside a new Google Workspace for Education data protection implementation guide (.PDF). 

"Our goal in addressing the DPIA is complete transparency for our customers, regulators, and policymakers on the open issues," Google said. "We will continue to discuss the findings with the Dutch government in the next few months, with the goal of reaching an agreement that will lead to more choice for public sector organizations in the Netherlands and beyond."

In related news, Google has also updated Google Workspace with new features including new security access controls, the "Workspace Frontline" function for key workers that need to use their own devices to access corporate resources, improved endpoint management, and support for Google Assistant in Workspace. 

On Monday, Google warned of an increase in bots targeting businesses, not only to perform Distributed Denial-of-Service (DDoS) assaults, but also the use of bots for content scraping and other forms of attack.

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0