VIA Business & IT Consulting

Latest News & Views

Google Accounts/Apps T&Cs

Posted by Diarmuid Keane on 24-Sep-2009 - Filed under: Cost Reduction , also relevant to: Data Liberation Front, Data Lock-in, Data Protection, EU Data Protection Directive, Google Accounts, Google Apps, Safe Harbor Principles, T&Cs - 1 Comment

Following up on the Google Accounts/Apps T&Cs question recently posted here as it affects data protection I did get to chat with Marc Wiseler of Google Apps. He said that he did not believe that Google Premier Apps was subject to the ‘vanilla’ Google Accounts T&Cs and kindly sent me the T&Cs of the former from which I gleaned the following:

Google privacy policies apply. Here’s a more digestible version. The first thing to notice in the privacy policy is that a Google account must be created to use Google Apps and so it looks like we are back to square one with regard to Google having free reign over user data . However the Apps T&Cs note that wherever there is a conflict with this and the terms at any other URL then the Apps T&Cs take preference . This seems to bear out Marc’s assertion above.
Google make a statement of intent to implement appropriate measures to protect data from alteration or disclosure. Though the EU Data Protection Directive is alluded to in this paragraph it falls short of saying that the directive will be adhered to.
Marc mentioned that Google is an adherent to the Safe Harbour principles which enables entities operating in the EU to offshore data to a non EU country and not find themselves breaking the EU DP Directive. The ethos of the Safe Harbour principles is self regulatory . US companies who which to declare themselves adherent to the principles ’self-certify’ with the US Department of Commerce. This contrasts to the approach of the EU directive which required that all member states enact their own Data Protection Legislation.
Serving Ads is optional and may be toggled by the user via the control panel. No revenues are earned by the user for showing google ads.
Confidential Information is defined in the glossary of the agreement as (I’m paraphrasing) all information disclosed by either party under the agreement which is explicitly deemed confidential or which may reasonably assumed to be such. This would seem to give cover to all user emails and documents as this content may well arguably be “reasonably assumed to be confidential”. It would be recommendable therefore if when taking out this agreement the user was to make explicit to Google that their emails and documents were to be marked as ‘confidential information’ as this term is understood in the agreement .
The T&Cs goes on to say that information marked confidential in this way may be disclosed to group employees and/or professional advisors who have agreed in writing to maintain its confidentiality. Also , professional advisors who are ‘otherwise bound’ to maintain data confidentiality may also have access. Now I’m afraid the meaning of ‘otherwise bound’ isn’t clear. It could refer to an overarching NDA that a consulting company would sign with Google that would cover all their consultants’ onsite at Google. But that’s just a guess on my part.
On termination of the agreement the parties agree to destroy confidential information held by each on request of the other.
Intellectual property rights of customer data are not transferred to Google.
You agree to have your name published in a list of Google Apps customers.
The agreement then goes in to some detail is given on what would happen in the event of breaches or 3rd party intellectual property claims against either Google brands or technologies or user-supplied content/features. Then, finally limitations to liability are discussed.

On the question of ‘data lock-in’ issue Marc mentioned that Google would provide tools to allow users to get their data back from Google Apps in an efficient manner should you decide to end the service? Interestingly I recently came across the data liberation front created by Brian Fitzpatrick who is a Chicago based Google Engineer. So it does look like some Googlers are burning up their “20% time” to making cloud-bound data more efficiently accessible. However, despite the encouraging aspiration expressed in the site’s main page to make it easier to move data in and out of Google, I see that Google Docs still only allows you to download (export) your docs one by one.

I’m no lawyer as I said before but if my reading is any way on track then under the terms of the Google Apps Premier agreement there does appear to be a protection of sorts given to customer data confidentiality. A prospective client, once appraised of the nature of this protection will need to make a judgement based on the nature of their business on whether or not Google Apps is for them.

What did you think? We'd love if you would leave your opinion in a comment below, or contact Via directly.

One Response to “Google Accounts/Apps T&Cs”

Hey , Google , get off o’ my cloud . » Via Consulting
commented on 28, Sep, 2009 at 7:11 pm

[...] Read the follow up to this post >> [...]

Subscribe in a reader

Curious? Let’s have coffee.

We can discuss your business over coffee, no strings attached, and take it from there.

Let’s have coffee

Testimonial

Our organisation had a need to reduce the administration overhead with our existing eLearning IT solutions and replace the solution with an integrated, better automated single solution. Joe Hussey of Via familiarized himself with our line of business and with what was out there in terms of solutions. He designed a comprehensive set of requirements, shortlisted vendors and together we chose a supplier who ticks all the boxes for us and we saved costs and administration overheads in the process.
Joe Aherne - Managing DirectorLeading Edge Group

More testimonials