We are committed to complying with applicable data protection laws
We are always working to stay compliant, which helps make compliance easier for your business. We are audited regularly by third parties, maintain certifications, provide industry-standard contractual protections and share tools and information you can use to strengthen your business’ compliance.
Our commitment to user privacy
Keeping users’ information safe, secure and private is among our highest priorities at Google. Over the years, we have worked closely with data protection authorities around the world and have implemented strong privacy protections that reflect their guidance.
Our commitment to data protection laws
Privacy regulation is changing. We know you need to select products that are both compliant with all applicable data protection laws, and use personal data in ways that are compliant. Below is information on how Google is complying with specific privacy laws:
LGPD
The Lei Geral de Proteção de Dados (LGPD) is a new Brazilian privacy law that came into effect on September 18, 2020. While enforcement powers by the Brazilian DPA are postponed to August 1st, 2021, the LGPD can still be enforced by other governmental authorities, such as public prosecutors and consumer protection agencies, who can apply sanctions based on the Civil Code and the Consumer Protection Code.
CCPA
The California Consumer Privacy Act (CCPA) is a new data privacy law which applies to certain businesses that collect personal information from California residents. The law went into effect on January 1, 2020.
GDPR
The General Data Protection Regulation (GDPR) went into effect on May 25, 2018, replacing the 1995 EU Data Protection Directive. The GDPR lays out specific requirements for businesses and organizations who are established in Europe or who serve users in Europe. It regulates how businesses can collect, use, and store personal data.
Client checklist
We encourage you to check on compliance plans within your own organization, and have included the checklist below to highlight some key questions to think about:
- How does your organization ensure user transparency and control around data use? Do you explain to your users the types of data you collect and for what purposes?
- How will you show to regulators and partners that you meet the applicable regulatory requirements and are an accountable organization?
- Does your organization have the right systems to record user preferences and consents?
- Have you assessed each of the partners and vendors you work with to ensure your organization is comfortable with their approach to managing user data and complying with regulation?
Audits and certifications
When you share your business’ data with Google, we want you to know it is protected. Our product security controls are audited regularly against international standards, like ISO standards and SSAE18/ISAE 3402 – so you know your business’ data is handled responsibly. In addition, a U.S.-based, qualified, independent third party reviews the effectiveness of our controls at least every two years.