Official Google Enterprise Blog: Google Apps to offer additional compliance options for EU data protectionPosted by Marc Crandall, Senior Manager of Global Compliance, Google Enterprise
Over four million businesses use Google Apps for enterprise needs, and as this number grows, we want to offer our customers a diverse range of compliance options to help them meet their regulatory requirements.
Today we’re pleased to announce that Google will soon offer model contract clauses as an additional means of meeting the adequacy and security requirements of the European Commission’s Data Protection Directive for our customers who operate within Europe. The Directive is an important piece of privacy legislation passed by the European Union (EU) in 1995. It restricts the movement of data from the EU to non-EU countries that do not meet the EU 'adequacy' standard for privacy protection.
In 2000, to help address these requirements with respect to the United States, the US Department of Commerce in consultation with the European Commission developed the US-EU Safe Harbor Framework as a means by which US companies could achieve compliance with the adequacy standards. Google, as well as 2,500 other US companies that offer services in Europe, is a participant in the US-EU Safe Harbor Framework.
In 2010, the European Commission approved model contract clauses as a means of compliance with the requirements of the Directive. The effect of this decision is that by incorporating certain provisions into a contract, personal data can flow from those subject to the Directive to providers outside the EU or the European Economic Area. By adopting model contract clauses, we’re offering customers an additional option for compliance with the Directive.
Google’s adoption of model contract clauses, along with our continued participation in the US-EU Safe Harbor Framework and our recent ISO 27001 certification, will provide our customers with an even wider palette of EU regulatory compliance options.