+ Post New Thread
Results 1 to 8 of 8
Cloud Services Thread, Google Apps and the Data Protection Act in Technical; I have been asked to look at the possibility of using Google Apps as our curriculum email system. I was ...
  1. #1

    Join Date
    Mar 2011
    Location
    Maidstone
    Posts
    19
    Thank Post
    6
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Google Apps and the Data Protection Act

    I have been asked to look at the possibility of using Google Apps as our curriculum email system. I was wondering how people managed to get around the bit in the terms of service that states
    As part of providing the Services, Google may transfer, store and process Customer Data in the United States or any other country in which Google or its agents maintain facilities.
    bearing in mind that the data protection act says that data should not be held or processed outside the EU.
    I was also wondering how people found the experience of switching over to Google Apps and also if there are any hidden charges for ‘extra features’.
    Thanks,
    JT-Online

  2. #2

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,617
    Thank Post
    514
    Thanked 2,442 Times in 1,890 Posts
    Blog Entries
    24
    Rep Power
    831
    Google are included in the Safe Harbor agreement in the USA, meaning it is acceptable to use Google Apps. The ICO have an article on their site somewhere, but I can't find it right now.

  3. #3

    Join Date
    Mar 2011
    Location
    Maidstone
    Posts
    19
    Thank Post
    6
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Thank you for that have looked that up and found it quite useful. However this only covers the states from my understanding of it the data could be in any Google data center in the world. So surely it would therefore come under the relevant local laws for the country the data center is in.
    So if the data was stored in the Taiwan data centre it would be accessible under any Taiwanese laws that allows the authorities to access it. (A possibly unlikely occurrence but as we don't know where the data will actually be stored, one that we have to look into)

  4. #4

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,617
    Thank Post
    514
    Thanked 2,442 Times in 1,890 Posts
    Blog Entries
    24
    Rep Power
    831
    Quote Originally Posted by JT-Online View Post
    Thank you for that have looked that up and found it quite useful. However this only covers the states from my understanding of it the data could be in any Google data center in the world. So surely it would therefore come under the relevant local laws for the country the data center is in.
    So if the data was stored in the Taiwan data centre it would be accessible under any Taiwanese laws that allows the authorities to access it. (A possibly unlikely occurrence but as we don't know where the data will actually be stored, one that we have to look into)
    But your relationship is with Google, the company, and it is the company that is a part of the SafeHarbor agreement, and therefore covered under our DPA. Or at least, that's my reading of it, and the reading I've seen everywhere.

  5. #5

    elsiegee40's Avatar
    Join Date
    Jan 2007
    Location
    Kent
    Posts
    10,701
    Thank Post
    1,783
    Thanked 2,168 Times in 1,603 Posts
    Rep Power
    769
    Calling @GrumbleDook

    He's the expert on this!

  6. #6

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,730
    Thank Post
    698
    Thanked 1,211 Times in 761 Posts
    Rep Power
    394
    @localzuk is correct. The exact location of the data center is not important when it comes to DP compliance under Safe Habor; what is important is that the company is a US company and is registered under the scheme.

    Safe Harbor allows for data export outside the EEA by multinational companies if they commit to enforcing data protection to at least the EU levels of protection, regardless of local laws. It doesn't restrict storage just to the US, it is just restricted it to companies based in the US.

  7. #7

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,930
    Thank Post
    1,337
    Thanked 1,780 Times in 1,105 Posts
    Blog Entries
    19
    Rep Power
    594
    The relevant section on the ICO site is Can I Send Personal Data Overseas? - ICO and the Assessing Adequacy document is essential reading.

    I would also go through and search for previous discussions on a similar theme (the article on Dropbox as an example) to help understand how people manage risk.

    Local laws can be used to gain data but you have to judge the risk of this, and there are similar laws across the globe dealing with this issue anyway (Patriot Act and associated laws, Section 28 of DPA, etc)

  8. #8

    Join Date
    Mar 2011
    Location
    Maidstone
    Posts
    19
    Thank Post
    6
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Thanks for your help I will have a look at that link and do some more research!

SHARE:
+ Post New Thread

Similar Threads

  1. Alumni Association and Data Protection Act
    By enjay in forum How do you do....it?
    Replies: 8
    Last Post: 29th November 2011, 12:04 PM
  2. Can I run both Google Apps and live@edu under the same domain?
    By edutech4schools in forum Internet Related/Filtering/Firewall
    Replies: 3
    Last Post: 13th December 2010, 11:00 AM
  3. VLE and data protection act
    By tmcd35 in forum General Chat
    Replies: 0
    Last Post: 22nd October 2009, 12:06 PM
  4. Complience with the Data Protection Act on admin networks.
    By Dos_Box in forum School ICT Policies
    Replies: 9
    Last Post: 27th November 2007, 08:29 AM
  5. Data Protection Act And Root/Administrators Passwords.
    By tickmike in forum General Chat
    Replies: 4
    Last Post: 11th September 2006, 03:35 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •