Page 19 - google-cloud-security-and-compliance-whitepaper
P. 19

EU Data Protection Directive


        The Article 29 Working Party is an independent European advisory body focused on data
        protection and privacy. They have provided guidance on how to meet European data privacy
        requirements when engaging with cloud computing providers. Google provides capabilities and
        contractual commitments created to meet data protection recommendations provided by the
        Article 29 Working Party.


            EU model contract clauses


            In 2010, the European Commission approved model contract clauses as a means of
            compliance with the requirements of the Directive. The effect of this decision is that by
            incorporating certain provisions into a contract, personal data can flow from those subject
            to the Directive to providers outside the EU or the European Economic Area. Google has
            a broad customer base in Europe. By adopting EU model contract clauses, we’re offering
            customers an additional option for compliance with the Directive.



        U.S. Health Insurance Portability and

        Accountability Act (HIPAA)

        G Suite supports our customers’ compliance with the U.S. Health Insurance Portability and
        Accountability Act (HIPAA), which governs the confidentiality and privacy of protected health
        information (PHI). Customers who are subject to HIPAA and wish to use G Suite with PHI must
        sign a business associate agreement (BAA) with Google. The BAA covers Gmail, Google Calendar,
        Google Drive, Google Sites and Google Vault. Additional information can be found in our HIPAA
        Implementation Guide.



        U.S. Family Educational Rights and Privacy Act (FERPA)

        More than 30 million students rely on G Suite for Education. G Suite for Education services comply
        with FERPA (Family Educational Rights and Privacy Act) and our commitment to do so is included in
        our agreements.


        Children’s Online Privacy Protection Act of 1998 (COPPA)

        Protecting children online is important to us. We contractually require G Suite for Education schools
        to obtain parental consent that COPPA calls for to use our services, and our services can be used in
        compliance with COPPA.


















                                                             15
   14   15   16   17   18   19   20   21   22   23   24