Google Core Apps in Compliance with Cloud Privacy Standards

posted Sep 30, 2015, 6:55 AM by Jennifer Mruk   [ updated Sep 30, 2015, 7:01 AM ]

Google is furthering its commitment to protecting cloud data by adopting the ISO 27018 privacy standard for Google Apps for Education. The privacy standard applies to Google Core Services only; it does not apply to the additional, Non-Core services. See List of Services and the Sensitive Data Guide for more information on Core and Non-Core services.

ISO 27018 provides guidance for cloud providers on protecting the personally identifiable information of their customers and their customer's users. To ensure that Google Apps for Education is in compliance with ISO 27018, Google engaged with an outside vendor who verified their privacy practices and contractual commitments.

Some examples of how Google Core Services comply with ISO/IEC 27018:2014:

  • Google does not use any user data for advertising
  • Data that users have in Google Apps stays with the user
  • Google provides users with tools to delete and export data
  • Google protects users information from third-party requests
  • Google is transparent about where user data is stored. 

For more detailed information regarding Google's compliance with ISO 27018, please see Google Apps for Work adopts ISO 27018 cloud privacy standard and check out the Google Apps video User Trust & Security.