Final week, the European Fee and U.S. Authorities agreed on a brand new E.U.-U.S. knowledge switch framework. Earlier at the moment, Google shared that it welcomes these efforts by the U.S. authorities to boost privateness protections for E.U. knowledge and facilitate trusted transatlantic knowledge flows. For our Google Cloud prospects, we intend to make the protections supplied by this new framework out there as soon as it’s applied.
Final yr, we reaffirmed our dedication to E.U. companies after the European Knowledge Safety Board (EDPB) issued its Suggestions on Supplementary Measures, following Europe’s prime court docket ruling invalidating the E.U.-U.S. Privateness Protect Framework and upholding the E.U. Commonplace Contractual Clauses (SCCs).
Since then, we have continued to assist our prospects meet stringent knowledge safety necessities by providing industry-leading technical controls, contractual commitments, and danger evaluation assets. We have additionally continued our advocacy to create extra authorized certainty round transatlantic knowledge flows.
As we speak, we wish to present an replace to our prospects on this work.
A customer-controlled cloud
Google Cloud1 continues to be a number one supplier of technical and safety controls to assist meet prospects’ knowledge safety necessities, in addition to their growing knowledge sovereignty expectations.
We’re dedicated to constructing our Cloud on Europe’s phrases, together with by providing customer-managed encryption and knowledge localization for a rising checklist of key merchandise and collaborating with native companions to offer the best ranges of sovereignty, all whereas enabling the following wave of development and transformation for Europe’s companies and organizations.
Google Cloud Platform
We not too long ago introduced the overall availability of Assured Workloads for the E.U. This product helps Google Cloud Platform (GCP) prospects defend their knowledge by permitting them to:
Retailer their knowledge of their selection of E.U. Google Cloud area(s)
Make sure that solely E.U. individuals – positioned within the E.U. – have entry to the information and supply buyer assist
Deploy cryptographic management for knowledge entry, together with customer-managed encryption keys
Cloud Exterior Key Supervisor (EKM) allows prospects to encrypt knowledge in a wide range of providers with keys which might be saved and managed in a third-party key administration system deployed outdoors of Google’s infrastructure. Google Cloud continues to be the one cloud supplier to allow prospects to retailer and handle encryption keys for cloud-resident knowledge outdoors the supplier’s infrastructure with buyer’s management over decryption based mostly on particular justifications, together with authorities entry requests.
Key Entry Justifications enormously advances the management that GCP prospects have over their knowledge by giving prospects a justification each time their externally hosted keys have for use to decrypt knowledge. Signed Entry Approval (SAA) provides a layer of additional assurance that requires specific buyer consent for any administrative entry to buyer knowledge or configurations.
Google Cloud’s Confidential Computing portfolio is a breakthrough know-how that enables prospects to encrypt their most delicate knowledge within the cloud whereas in-use. Ubiquitous Knowledge Encryption additional extends knowledge safety by offering cryptographic safety for this knowledge at-rest, in-transit, and in-use. The keys used to encrypt buyer knowledge outdoors of GCP utilizing Cloud EKM are securely shared with purposes working inside Confidential environments.
Our Google Workspace (together with Workspace for Schooling) prospects can select to retailer their lined knowledge in Europe. Moreover, with Consumer-Aspect Encryption, we provide prospects direct management of encryption keys and the id service they select to entry these keys. With Consumer-Aspect Encryption, buyer knowledge is indecipherable to Google, whereas customers can proceed to benefit from Google’s native web-based collaboration, entry content material on cell units, and share encrypted recordsdata externally. Consumer-Aspect Encryption is at the moment out there in Public Beta for Google Drive, Docs, Sheets, and Slides, and we plan to increase it to Gmail, Calendar and Meet. Moreover, prospects may also profit by selecting third get together options that provide related encryption capabilities with choose Google Workspace providers.
Authorized Foundation for Worldwide Knowledge Transfers
We up to date our knowledge processing phrases for GCP and Google Workspace and Cloud Identification to replicate varied modules of the brand new E.U. Commonplace Contractual Clauses (SCCs) authorized by the European Fee on June four, 2021, in addition to separate U.Okay. SCCs.
Google Cloud plans to undertake the brand new E.U.-U.S. knowledge switch framework and provide it as a switch answer to our cloud prospects, as additional detailed in our knowledge processing phrases.
Advocacy and Further Useful Sources
We now have adopted the Trusted Cloud Rules with industry friends to display our commitments to guard the rights of our Google Cloud prospects. We’ll proceed to assist the continued work of the Organisation for Financial Co-operation and Growth on authorities entry to knowledge and the negotiation of CLOUD Act Agreements — together with between the U.S. and E.U. — as autos for surveillance reform.
We’ll proceed to publish further supplies on our Cloud Privateness Useful resource Heart, resembling our whitepaper on safeguards for worldwide knowledge transfers with Google Cloud.
Tens of millions of organizations with customers in Europe depend on our cloud providers to run their companies every single day, and we stay steadfastly dedicated to serving to them meet their regulatory necessities by sustaining a various set of compliance instruments.
1. Google Cloud: Google Workspace (together with Google Workspace for Schooling) and Google Cloud Platform (GCP)