LinkBack URL
About LinkBacks
Google are included in the Safe Harbor agreement in the USA, meaning it is acceptable to use Google Apps. The ICO have an article on their site somewhere, but I can't find it right now.
I have been asked to look at the possibility of using Google Apps as our curriculum email system. I was wondering how people managed to get around the bit in the terms of service that statesbearing in mind that the data protection act says that data should not be held or processed outside the EU.As part of providing the Services, Google may transfer, store and process Customer Data in the United States or any other country in which Google or its agents maintain facilities.
I was also wondering how people found the experience of switching over to Google Apps and also if there are any hidden charges for ‘extra features’.
Thanks,
JT-Online
Google are included in the Safe Harbor agreement in the USA, meaning it is acceptable to use Google Apps. The ICO have an article on their site somewhere, but I can't find it right now.
Thank you for that have looked that up and found it quite useful. However this only covers the states from my understanding of it the data could be in any Google data center in the world. So surely it would therefore come under the relevant local laws for the country the data center is in.
So if the data was stored in the Taiwan data centre it would be accessible under any Taiwanese laws that allows the authorities to access it. (A possibly unlikely occurrence but as we don't know where the data will actually be stored, one that we have to look into)
But your relationship is with Google, the company, and it is the company that is a part of the SafeHarbor agreement, and therefore covered under our DPA. Or at least, that's my reading of it, and the reading I've seen everywhere.Originally Posted by JT-Online
Calling @GrumbleDook
He's the expert on this!
@localzuk is correct. The exact location of the data center is not important when it comes to DP compliance under Safe Habor; what is important is that the company is a US company and is registered under the scheme.
Safe Harbor allows for data export outside the EEA by multinational companies if they commit to enforcing data protection to at least the EU levels of protection, regardless of local laws. It doesn't restrict storage just to the US, it is just restricted it to companies based in the US.
The relevant section on the ICO site is Can I Send Personal Data Overseas? - ICO and the Assessing Adequacy document is essential reading.
I would also go through and search for previous discussions on a similar theme (the article on Dropbox as an example) to help understand how people manage risk.
Local laws can be used to gain data but you have to judge the risk of this, and there are similar laws across the globe dealing with this issue anyway (Patriot Act and associated laws, Section 28 of DPA, etc)
Thanks for your help I will have a look at that link and do some more research!
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
