Jump to Content
Security & Identity

Google Cloud: Supporting our customers with the California Consumer Privacy Act (CCPA)

December 20, 2019
Suzanne Frey

VP, Engineering, Trust, Google Cloud

The California Consumer Privacy Act (CCPA) is a data privacy law that imposes new requirements on businesses and gives consumers in California the right to access, delete, and opt-out of the “sale” of their personal information. Businesses that collect California residents’ personal information and meet certain thresholds (for example, revenue) will need to comply with these obligations. 

You can count on the fact that Google Cloud is committed to supporting CCPA compliance across G Suite and Google Cloud products when it takes effect on January 1, 2020. Google Cloud will support you in meeting your CCPA obligations by offering convenient tools alongside the robust data privacy and security protections in our services and contracts. 

How does Google Cloud support CCPA compliance?
The security and privacy of customer data is our highest priority, and we’re committed to supporting your efforts to comply with the CCPA by: 

Providing tools and support to enable you to comply with CCPA requirements around your consumers’ rights. You can use G Suite and Google Cloud’s administrative consoles and services to help access, export, or delete data that you and your users put into our systems. This functionality will help you fulfill your obligations to respond to requests from consumers who exercise their rights under CCPA.

Offering security products and features that will help you to protect personal data. Google operates global infrastructure engineered for security from the start. You can rest assured knowing that we have designed for the secure deployment of services and data storage. We’ve implemented end-user privacy safeguards, secure communications between services, secure and private communication with customers over the Internet, and granular operational controls by administrators. Google Cloud runs on this infrastructure, and our products and features provide capabilities for data governance, access control, export, encryption, and security management that can help organizations with their CCPA readiness.

Providing documentation and resources to assist you in your privacy assessment of our services. We want to ensure that Google Cloud customers can confidently use our services in light of the CCPA. When you use Google Cloud, we support your efforts by providing detailed documentation and resources, such as our new Google Cloud and the CCPA whitepaper

Continuing to monitor the regulatory landscape, and evolving as needed. Our cross-functional teams of privacy advocates, user experience researchers, public policy, and privacy legal experts regularly engage with customers, industry stakeholders, and supervisory authorities to shape our Google Cloud services in order to help customers meet their compliance needs. As the regulatory landscape shifts, we evolve to support our customers’ changing compliance needs. 

Offering a team dedicated to addressing Google Cloud customers’ data protection-related inquiries. For more information, refer to Google’s Businesses and Data website or visit our support pages for Google Cloud and G Suite

Where do you stand?
As a current or future customer of Google Cloud, there are many ways to begin preparing for the CCPA. Consider these tips:

  • Familiarize yourself with the text of the CCPA and its regulations. 

  • Create a data inventory that describes how your business collects, uses, and shares personal information. We have tools such as Cloud Data Loss Prevention and Data Catalog that can help identify and classify data.

  • Review the current controls, policies, and processes that govern your use of personal information to assess whether they meet CCPA requirements, and build a plan to address any gaps.

  • Consider the best process for your business to accept and verify a California consumer request.

  • Review our Google Cloud third-party audit and certification materials, as well as our guidance documents and mappings, to see how they may help with this exercise. 

  • Consider how you can leverage existing data protection features on Google Cloud to support your CCPA compliance.

  • Monitor the latest regulatory guidance as it becomes available, and consult a lawyer to obtain legal advice tailored to your business’s circumstances.   

What’s next?
We’re carefully monitoring developments around this new legislation, and constructively engaging with our customers and partners throughout this process. We've also created this CCPA Compliance page on our Compliance resource center to assist with your efforts as you prepare for CCPA.

For information on Google Cloud privacy practices, please visit our Google Cloud Trust Principles

This blog post is intended to be for informational purposes only. You should seek independent legal advice relating to your status and obligations under the CCPA, as only a lawyer can provide you with tailored legal advice for your situation. Nothing in this blog post is intended to provide you with or should be used as a substitute for legal advice.

Posted in