EU Approves Google Contract Clauses for International Data Transfers | eWeek

EU Certifies Google Data Transfer Contracts Comply With Privacy Rules

Cloud Data Protection
Feb 7, 2017
3 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

The contractual clauses that Google uses to cover international data transfers for European customers of its G Suite applications and its cloud services have been certified as being compliant with European Union data protection requirements.

EU data protection authorities have confirmed that the language in Google’s contracts for EU business customers align with the European Commission’s so-called “model contract clauses,” the company said Monday.

“This compliance finding will enable our customers in most EU countries to rely on Google Cloud model contract clauses,” said Marc Crandall, head of global compliance at Google, and Matthew O’Connor, head of security and compliance at the company in a blog. It gives EU businesses the legal protections needed for international data transfers without further authorizations, the two executives said.

The compliance certification will also make it easier for Google to get similar certifications in other countries that have data protection requirements similar to those in the EU. “It will also help to facilitate our customers’ data protection risk assessments,” Crandall and O’Connor said.

Model contract clauses or standard contract clauses as they are also called are basically a set of standards that organizations use to show compliance with EU requirements for protecting personal data when transferring it outside the European Economic Area.

Companies that agree to abide by the clauses commit legally to things like collecting personal data only for specific and legitimate purposes, providing individuals with the right to access and correct their data and to provide adequate remedies in case anything goes wrong.

The European Commission’s confirmation means that Google’s contractual clauses will no longer be considered as ‘ad hoc’ clauses that are subject to further inspection by EU data protection authorities.

The distinction is an important one for Google. Like every other company that does business in Europe, Google is required to comply with rules pertaining to the handling of personal data belonging to residents of the EU when transferring it overseas.

For several years, such data transfers were covered under a pact known as the US-EU Safe Harbor Agreement. Safe Harbor gave U.S. organizations a set of principles to use when handling personal data belonging to EU residents. It allowed companies to self-certify their adherence to the principles and was used widely by American companies including the likes of Google, Facebook and Microsoft.

The EU’s Court of Justice invalidated Safe Harbor in October 2015 over fears stemming from former NSA contractor Edward Snowden’s leaks about the U.S. government’s data collection and surveillance practices. The court held that Safe Harbor did little to prevent U.S. cloud companies from handing over personal data belonging to EU residents to the government if ordered to do so.

Last year, a new and far more stringent set of requirements was put in place under a framework known as Privacy Shield.

Google quickly committed to using Privacy Shield and provided certification to the U.S. Department of Commerce to that effect. At the time, the company had said it was working on obtaining compliance certification for its model contract clauses as well.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.