A year after the Dutch data protector said there were too many “legal hurdles” for its officials to use Google Workspace, a reworked agreement will allow the public sector to launch the productivity suite.
A Data Protection Impact Assessment (DPIA) in Google Workspace was launched by the central government of the Netherlands in 2020. The report noted that there were eight high-risk issues, mostly related to the data gathering. He also noted that Google did not provide all the personal data it held when asked to do so under the GDPR provisions for the right to request access.
Google said today: “As a result of this process, the central Dutch government, Dutch education organisations/institutions and Google Cloud have reached an agreement and will continue to work together on the recommendations of the DPIA. “
In short, Dutch public sector organizations will be able to use Chat, Docs, Meet and Sheets.
According to Google: “DPIAs help organizations better understand how companies process and protect personal data and set parameters for GDPR compliance.”
Google Cloud’s General Manager for Benelux, Joris Schoonis, said: “This is an important step in Google Cloud’s relationship with the central government of the Netherlands, as we see the results of the DPIAs coming to fruition. .
“We designed Google Workspace products and solutions, including Google Workspace for Education, to secure and protect the privacy of our customers’ data.”
Exciting stuff, especially since Google’s advertising business is all about collecting as much customer data as legally possible in hopes of better targeting ads. In recent years, the company has recognized that European lawmakers are concerned about privacy, and this month Google trumpeted the arrival of Sovereign Controls for Google Workspace. Microsoft intends to implement its own EU data limit by the end of 2022.
Google said the agreement between Google and the privacy regulator would help facilitate multicloud adoption within the Dutch central government.
The EU is in Google’s crosshairs. It opened a new Google Cloud region in Madrid last week, “enabling Spanish businesses and government entities to meet their availability, data residency, and sustainability needs in Spain while accelerating their digital transformation.”
A Google spokesperson said The register“Users will be able to choose the region based on their needs, based on available services, data residency, latency, etc.,” before referring us to the Sovereign Controls blog post.
We have yet to receive a response from the search giant on the details of what needed to be done to satisfy the Dutch DPIA.
The agreement follows another regarding data protection in Google Workspace for Education, which was signed last year. The Department for Education said at the time that a “timetable” had been agreed for Google to implement the GDPR requirements.
Productivity suite competitor Microsoft has had its own run-ins with the Dutch government over the years. More recently, it was the subject of another DPIA (focusing on Teams, OneDrive, Sharepoint and Azure Active Directory), the results of which could be summarized as “must try harder”. Mitigation measures have been suggested by the DPIA to address concerns about encryption and data leaving the EU.