Today, Google announced that EU data protection authorities, upon examination of Google’s contractual commitments for their Google Cloud and G Suite services, are in full legal compliance with applicable laws. Such as the EU Data Protection Directive 95/46/EC which essentially mandates that any sort of personal user data being transmitted internationally from the EU must be transmitted under certain protections, and that such data is allowed to move freely around the world, so long as applicable protections are followed. This finding by the EU means that Google’s Cloud and G Suite services will have less trouble and far less possible legal recourse involved in moving that data about. As a knock-on effect, that also means that Google themselves are no longer open to legal recourse as a result of others’ handling of data on their services, at least when it comes to international data in and out of the EU that would fall under the aforementioned law.
One of the ways that Google brought their ways of doing business into compliance with the law was through Model Contract Clauses, a set of predefined clauses concerning the handling of data that EU authorities specifically crafted to be in compliance with their laws. Rather than adopting the clauses directly, Google has written their own contract clauses based on these models to be fully compliant with them, while allowing business flexibility. After Google drafted up the clauses, the Irish Data Protection Authority reviewed the entire contracts for compliance, alongside authorities from Spain and Germany.
The clauses written to bring Google’s services into compliance with applicable EU laws are written as a rider of sorts to the current contracts. This means that current customers will not automatically be entered into these clauses, nor do they apply retroactively, though data that is still in circulation must be brought into compliance. Google Cloud and G Suite customers who make use of international data that goes in and out of the EU and deals with personal information should head over to Google’s blog post about the new clauses, where they have included a link for customers to sign up for the new clauses.