DPIA Google G Suite Enterprise for SLM Rijk | 9 July 2020, with update 12 February 2021
to the purposes of the processing. Subsidiarity means that the purposes of the processing cannot reasonably be achieved with other, less invasive means. If so, these alternatives have to be used. Proportionality demands a balancing act between the interests of the data subject and the data controller. Proportionate data processing means that the amount of data processed is not excessive in relation to the purpose of the processing. If the purpose can be achieved by processing fewer personal data, then the data controller needs to limit the processing to personal data that are necessary. Therefore data controllers may only process personal data that are necessary to achieve legitimate purpose. The application of the principle of proportionality is thus closely related to the principles of data protection from Article 5 GDPR.
14.2
Assessment of the proportionality The key questions are: are the interests properly balanced? And, does the processing not go further than what is necessary? To assess whether the processing is proportionate to the interests pursued by the data controller(s), the processing must first meet the principles of Article 5 of the GDPR. As legal conditions they have to be complied with in order to make the data protection legitimate. Data must be ‘processed lawfully, fairly and in a transparent manner in relation to the data subject’ (Article 5 (1) (a) GDPR). This means that data subjects must be informed about the processing of their data, that all the legal conditions for data processing are adhered to, and that the principle of proportionality is respected. As analysed in Sections 11.1 and 11.2 of this report, Google nor the government organisations currently have a legal ground for any of the processing through G Suite Enterprise. This means the personal data are not processed lawfully. Google does not process the data in a transparent manner either. Google does publish extensive documentation for administrators about the 19 different audit log files they can access to monitor end user behaviour. However, at the time of completion of this DPIA Google did not publish documentation about other Diagnostic Data it collects through its own system-generated log files. The logs that can be accessed by admins do not contain any information about the website data Google collects, nor information about the use of Features, Additional Services, the Technical Support Services or the Other related services, or an exhaustive overview of all activities performed with a Google Account. Google equally fails to provide any public explanation to its Enterprise customers in the EU about the other kinds of Diagnostic Data it collects through the use of the G Suite Enterprise services, such as the telemetry data. Administrators and end users cannot inspect the contents of these telemetry data either, nor does Google provide access thereto in response to a formal Data Subject Access request, as laid down in Article 15 of the GDPR. The lack of transparency makes the data processing inherently unfair. The lack of transparency also makes it impossible to assess the proportionality of the processing. The principles of data minimisation and privacy by design require that the processing of personal data be limited to what is necessary: the data must be 'adequate, relevant and limited to what is necessary for the purposes for which they are processed' (Article 5(1)(c) of the GDPR).’ This means that the controller may not collect and store data which are not directly related to a legitimate purpose.
p. 123/162
