2 minute read
16.3 Summary of risks
Google does not yet publish information about the retention periods of Diagnostic Data consisting of telemetry and website data, but has announced it will be more transparent in a future Enterprise Privacy Notice. After completion of this report, on 12 November 2020 Google published a Google Cloud Privacy Notice.299 This notice does not describe any specific retention periods.
Google explained it is not possible for administrators to delete individual historical Diagnostic Data. Administrators can only achieve this by deleting the Google Account on the customer domain. In case of active deletion of personal data in Customer Data, the same retention period of 180 days applies.
Advertisement
The GDPR requires that personal data may only be stored as long as necessary for the purposes for which they were collected. The chance that a privacy risk occurs is per definition higher with a long retention period, due to an increased risk of unlawful processing, data becoming inaccurate/outdated and data breaches.
If Google provides contractual guarantees that it will not process data for which an active deletion request is made, for any other purpose, and it will not anonymise these data for reuse in statistics, the impact of this risk for data subjects can be low. Therefore, the data protection risks for the employees are low.
16.3 Summary of risks
These circumstances and considerations as explained above lead to the following 10 high and 3 low data protection risks for data subjects:
1. Lack of purpose limitation Customer Data: loss of confidentiality, loss of control, risk of reidentification 2. Lack of purpose limitation Diagnostic Data: Loss of control , unlawful processing 3. Lack of transparency Customer Data: loss of control 4. Lack of transparency Diagnostic Data: loss of control and risk of reidentification 5. No legal ground for Google and government organisations: Loss of control, unlawful processing 6. Missing privacy controls for admins and end users: Loss of control and loss of confidentiality 7. Privacy unfriendly default settings: Loss of control and loss of confidentiality 8. One Google Account: loss of control, loss of confidentiality 9. Lack of control over subprocessors: loss of control, loss of confidentiality 10. Inability to exercise data subjects rights 11. Cloud provider: unlawful access to content and metadata: loss of control, loss of confidentiality, reidentification of pseudonymised data and unlawful (further) processing 12. Employee monitoring system: chilling effects to exercise (related) rights 13. Impossibility to remove historical Diagnostic Data: increased risk of reidentification of pseudonymised data and unlawful (further) processing
299 Google, Google Cloud Privacy Notice, 7 December 2020, URL: https://cloud.google.com/terms/cloud-privacy-notice
Based on the ICO model, this results in the following matrix: Serious harm Low risk
11, 12, 13
High risk
8
High risk
1, 2, 3, 4, 5, 6, 7,9, 10
Some impact Low risk Medium risk High risk
Minimal impact Low risk Low risk Low risk
Remote Reasonable possibility More likely than not
