DPIA Google G Suite Enterprise for SLM Rijk | 9 July 2020, with update 12 February 2021
Google does not yet publish information about the retention periods of Diagnostic Data consisting of telemetry and website data, but has announced it will be more transparent in a future Enterprise Privacy Notice. After completion of this report, on 12 November 2020 Google published a Google Cloud Privacy Notice.299 This notice does not describe any specific retention periods. Google explained it is not possible for administrators to delete individual historical Diagnostic Data. Administrators can only achieve this by deleting the Google Account on the customer domain. In case of active deletion of personal data in Customer Data, the same retention period of 180 days applies. The GDPR requires that personal data may only be stored as long as necessary for the purposes for which they were collected. The chance that a privacy risk occurs is per definition higher with a long retention period, due to an increased risk of unlawful processing, data becoming inaccurate/outdated and data breaches. If Google provides contractual guarantees that it will not process data for which an active deletion request is made, for any other purpose, and it will not anonymise these data for reuse in statistics, the impact of this risk for data subjects can be low. Therefore, the data protection risks for the employees are low.
16.3
Summary of risks These circumstances and considerations as explained above lead to the following 10 high and 3 low data protection risks for data subjects: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11.
12. 13.
Lack of purpose limitation Customer Data: loss of confidentiality, loss of control, risk of reidentification Lack of purpose limitation Diagnostic Data: Loss of control , unlawful processing Lack of transparency Customer Data: loss of control Lack of transparency Diagnostic Data: loss of control and risk of reidentification No legal ground for Google and government organisations: Loss of control, unlawful processing Missing privacy controls for admins and end users: Loss of control and loss of confidentiality Privacy unfriendly default settings: Loss of control and loss of confidentiality One Google Account: loss of control, loss of confidentiality Lack of control over subprocessors: loss of control, loss of confidentiality Inability to exercise data subjects rights Cloud provider: unlawful access to content and metadata: loss of control, loss of confidentiality, reidentification of pseudonymised data and unlawful (further) processing Employee monitoring system: chilling effects to exercise (related) rights Impossibility to remove historical Diagnostic Data: increased risk of reidentification of pseudonymised data and unlawful (further) processing
Google, Google Cloud Privacy Notice, 7 December 2020, URL: https://cloud.google.com/terms/cloud-privacy-notice 299
p. 147/162
