The European Commission (EC) has recently published new Standard Contractual Clauses (SCCs, also known as Model Contractual Clauses) to help safeguard European personal data. Following the applicable transition period, these new SCCs will replace the SCCs previously adopted by the EC. Google Cloud plans to incorporate the new SCCs into our contracts to help protect our customers’ data and meet the requirements of European privacy legislation.
Like the previous SCCs, these clauses can be used to facilitate lawful transfers of data under certain conditions. By imposing various contractual obligations, SCCs allow personal data subject to the EU’s General Data Protection Regulation (GDPR) to flow to recipients outside the European Economic Area (EEA). The GDPR is an important piece of EU privacy legislation that became applicable in 2018. It requires appropriate safeguards for EEA personal data moving from the EEA to any non-EEA countries that do not meet the EU ‘adequacy’ standard for privacy protection.
Google Cloud’s industry-leading controls, contractual commitments, and accountability tools have helped organizations across Europe meet stringent data protection regulatory requirements for years. We have provided customers with SCCs since 2012. In 2017, EU Data Protection Authorities confirmed that Google Cloud’s contractual commitments met the legal requirements for transfers of data from the EU to the rest of the world under EU Data Protection Directive 95/46/EC. Google Cloud remains committed to protecting the privacy of our customers and their users, and to helping thems address EU regulatory obligations.
To learn more about how Google Cloud can help organizations with their compliance efforts, visit our Cloud Compliance resource center.