The number one piece of misinformation is that people confuse Google's consumer services (the ones that Google offers for free) with the services they offer to companies, businesses, schools, and nonprofits.
They're completely different offerings. Just to be clear, for that free Gmail account that you sign up for, yes, they're using that data for advertising. Yes, there's profiling. Yes, there's scanning.
But for all the products that they offer to businesses, schools, nonprofits, that's not the case. In that case, in the original case, you guys own the data. Google is simply considered the data processor.
Google can only use the data in the way in which you've instructed them. Let me go into a bit more detail here... This has three big components, like three legs in a stool, really.
What transparency means is that they're going to tell you what they're doing with your data. And it's about being transparent before you're a customer, without having to sign some sort of magical, special agreement.
So I mean sharing things like where their data centers are located, Google's security reports, their SOC 3 reports, their ISO reports. All of their contracts are public. Their data processing, who their subprocessors are, all these components, their commitments on data deletion, what data can be used for, this is all publicly available.
You can look it up now. It's on the web.
And what it comes down to is what can Google use the data for?
We can use the data for absolutely nothing but what you instruct us to do. -Google
So just to be clear, Google cannot use your data for advertising. They cannot mine your data for any purpose whatsoever, even to improve their own product. They're not allowed to do so. And this is part of their business contract with companies.
The intellectual property of the data is yours. You get the idea: Google literally has zero rights on your data. They own the rights to their service.
So as long as you don't try to reverse-engineer Gmail, you're going to be OK.
They're also extremely portable.
You could literally take your entire organization's data and shift it into Google over the weekend. And you could change your mind next week, and move everything out Google. You can do that too.
There's no penalty. It comes out in usable file formats. It works so well, Google's competitors have built tools around it to quickly expedite the movement of data in and out of their platform.
2. Strong Contracts
All of Google's contracts are written in a way that's European-centric language. It's not because they're a European company. It's just that the standards there are very, very specific when it comes to data.
This one is publicly available and they update this all the time. Because they're constantly getting feedback from data protection authorities in the US, in Europe, in Asia and our position is that they will only strengthen their commitments, not weaken them. So one of the more recent ones is they put an SLA on data deletion. Google made ongoing commitments to maintain compliance with their security audits and data privacy audits, which I'll talk to you about here in a moment.
These sorts of things, this is all available, which is very useful for a business.
So if you're a parent, and you want to know what's happening to your children's data, you can just go and read it. There's no advertising. There's no scanning. It's not some secret contract that each company has their own thing agreed upon.
But they build on it. Google tells you what they're going to do, they're transparent. They legally commit.
But how do you really know what they're doing? Google's perspective is that you should trust them, but verify yourself.
The problem in the past is that all of Google's audits had been very, very focused on security. They start with security. Security's strong. So they have all the ones you'd expect-- ISO 27001, SOC 2, SOC 3, SSAE in 16, ISAE 3402.
Again, these are all independent security audits. But again, we get past that security conversation pretty quickly. It goes into data usage. People don't argue about security. They know what good security is.
They argue about data usage, and how data should be protected.