Google beefs up data protection for European Apps customers

Google has announced that it will offer model clauses contracts for businesses using its Google Apps services in order to achieve closer compliance with European Commission (EC) data protection legislation.

Writing in a blog post the firm’s senior manager of global compliance for Google Enterprise, Marc Crandall, said that with firms increasingly using cloud hosted services it was important to offer additional protection for data.

“Over four million businesses use Google Apps for enterprise needs, and as this number grows, we want to offer our customers a diverse range of compliance options to help them meet their regulatory requirements,” he said.

“We’re pleased to announce that Google will soon offer model contract clauses as an additional means of meeting the adequacy and security requirements of the European Commission’s Data Protection Directive for our customers who operate within Europe.”

The model clauses framework allows cloud service providers to ensure certain levels of security for data held on behalf of European customers, even if this is stored in datacentres outside Europe.

Essentially, by incorporating certain provisions into a contract, personal data can move from areas subject to the European Data Protection Directive to providers outside the EU.

Data protection expert and partner at law firm Field Fisher Waterhouse, Stewart Room, told V3 Google’s move would help more businesses consider the use of its services and appease possible security concerns.

“Google’s incorporation of EU data protection model clauses within its Enterprise Apps services is a shrewd move, and one that should give customers additional reassurance about legal compliance in the field of international transfers,” he said.

“As more and more organisations adopt these Apps, it is near inevitable that questions, including from regulators, will arise about the legal legitimacy of their use. By tackling this issue head-on, Google will draw out some of the sting in what is a complex compliance issue.

“More subtly, Google is sending out a message to the wider community that it is serious about privacy issues, which have quickly moved to centre-stage for big internet businesses. It is a constructive approach to legal compliance and that must be a good thing.”

Google also recently announced it had achieved compliance with the ISO 27001 standard for information security governance that certifies a provider’s system protects its information and that of its customers.

Late last year Google’s key rival Microsoft said its Office 365 cloud productivity tools were also in compliance with the Model Clauses framework.