Mervinskiy 516

Page 87

DPIA Google G Suite Enterprise for SLM Rijk | 9 July 2020, with update 12 February 2021

• • • • • • • •

Sending limited anonymous information about web forms to improve Autofill; Process payment information and share with Google Pay; Customize your language based on the languages of sites you visit; Send usage statistics and crash reports to Google; Share aggregated, non-personally identifiable information publicly and with partners – like publishers, advertisers or web developers; Send a unique Adobe Flash identifier to content partners and websites that use Adobe Flash Access; Provide access to Additional Services such as Google Translate Install three kinds of unique identifiers and use these for: Installation tracking; Tracking of promotional campaigns; Field trials.

The Chrome privacy notice contains specific explanations about the processing of Diagnostic Data; for the purposes of Usage Statics and crash reports and Server Log Privacy Information. Google explains that Chrome OS and the Chrome browser usage statistics contain information such as preferences, button clicks, performance statistics, and memory usage. Usage data may also include web page URLs or personal data, if the setting is enabled: "Make searches and browsing better / Sends URLs of pages you visit to Google."188 As shown in Figure 25, this option is disabled by default in the tested Chrome browser. Additionally, Google explains: “If Google Play apps are enabled on your Chromebook and Chrome usage statistics are enabled, then Android diagnostic and usage data is also sent to Google.”189 As shown in Figure 25 the sending of usage statistics is enabled by default.

5.

Processor or (joint) controller This section assesses the data protection role of Google and government organisations in the context of the G Suite Enterprise services.

5.1

Definitions The GDPR contains definitions of the different roles of parties involved in processing data: (joint) controller, processor and subprocessor. Article 4(7) of the GDPR defines the (joint) controller as: "the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.” Article 26 of the GDPR stipulates that where two or more data controllers jointly determine the purposes and means of a processing, they are joint controllers. Joint controllers must determine their respective responsibilities for compliance with obligations under the GDPR in a transparent manner, especially towards data subjects, in an arrangement between them. Google Chrome help, Start or stop automatically reporting errors and crashes, https://support.google.com/chrome/answer/96817 On desktops, this option can be found in the Chrome settings You and Google, ‘Sync and Google Services’. 189 Google Chrome Privacy Notice, Section Usage statistics and crash reports. 188

p. 79/162


Turn static files into dynamic content formats.

Create a flipbook

Articles inside

Conclusions

2min
page 170

17.4 Google measures 12 February 2021

19min
pages 161-169

16.3 Summary of risks

2min
pages 155-156

16.2 Assessment of Risks

36min
pages 142-154

15.7 Right to file a complaint

0
page 139

15.3 Right to access

5min
pages 136-137

14.3 Assessment of the subsidiarity

2min
page 134

14.1 The principle of proportionality

2min
page 130

14.2 Assessment of the proportionality

8min
pages 131-133

12.1 Transfer of special, sensitive, secret and confidential data to the USA

5min
pages 128-129

11.3 Google’s own legitimate business purposes

5min
pages 126-127

all Diagnostic Data

5min
pages 124-125

Services

22min
pages 116-123

Part B. Lawfulness of the data processing

2min
page 115

8.1 Anonymisation

15min
pages 106-111

6.3 Joint interests

11min
pages 101-105

6.2 Interests of Google

2min
page 100

6.1 Interests of the Dutch government organisations

2min
page 99

5.2 Data processor

5min
pages 88-89

5.3 Data controller

18min
pages 90-96

5.4 Joint controllers

5min
pages 97-98

4.4 Specific purposes Chrome OS and the Chrome browser

2min
page 86

5.1 Definitions

2min
page 87

4.3 Purposes Additional Services and Google Account, when not used in a Core Service

8min
pages 83-85

4.2 Purposes Google

13min
pages 77-82

4.1 Purposes government organisations

2min
page 76

2.5 Types of personal data and data subjects

7min
pages 60-62

3.2 Privacy controls administrators

7min
pages 70-75

3.1 Privacy controls G Suite account for end users

9min
pages 63-69

2.3 Outgoing traffic analysis

8min
pages 52-55

2.4 Results access requests

10min
pages 56-59

2.2 Diagnostic Data

7min
pages 47-51

Related services that may send Customer Data to Google, such as the Feedback form and the Enhanced Spellchecker in the Chrome browser.

4min
pages 13-15

2.1 Definitions of different types of personal data

7min
pages 44-46

Part A. Description of the data processing

0
page 25

The enrolment framework for G Suite Enterprise

2min
pages 42-43

G Suite Core Services, Google Account, Support Services, Additional Services, and Other related services

23min
pages 28-41

Functional Data

2min
page 27

Introduction

7min
pages 16-18

1 Legal framework and contractual arrangements between government organisations and

4min
pages 23-24
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.