Google says it’s taking steps to ensure it remains transparent in the ways it handles sensitive data in the cloud, and to afford its cloud services customers greater control over and visibility into when and how that data is used.
In a blog post, Google Cloud CEO Thomas Kurian said that Google will soon begin publishing the number of government requests it receives for Google Cloud Platform and G Suite enterprise data as part of its semi-annual transparency report. (Chief rivals like Amazon Web Services already break out such requests.) Additionally, he says that Google will work with partners and others in the coming months to promote principles that “help inform a more modern approach to enterprise data security policies worldwide.”
The principles in question, of which there are five, lay out a framework for the enactment of “modern” legislation and enforcement around digital data. Not-so-coincidentally, they arrive after the U.S. and U.K. entered into an agreement to make it easier for American and British law enforcement agencies to obtain data from companies based in each country.
Here’s the list:
- Approach Enterprises Directly: Google advocates that governments request data directly from enterprises in the course of legal investigations.
- Promote Transparency. Google says that customers and the public should have a right to know when governments seek disclosure of their information.
- Protect Customer Rights. Governments should provide paths to challenge requests for data, according to Google, and they should notify customers when they seek to compel service providers to disclose that data.
- Support Strong Security. Google asserts that governments should advance regulation promoting technological innovation in privacy and security protection.
- Streamline Government Rules. Governments should “modernize” laws and establish rules governing the handling of data across borders in a manner respecting international norms and sovereignty, Google says.
“Together, these efforts reflect our core belief that customers should have no less control over data stored with a cloud provider than they would if the data were stored in their own data centers,” continued Kurian. “We think that putting these principles into practice will help drive greater transparency surrounding customer control and government requests to disclose enterprise customer data.”
Google’s renewed call for transparency and enhanced data security comes as governments including the U.S., the U.K., Australia, and others rally against the private sector adoption of end-to-end encryption, a paradigm that makes it impossible to decipher the contents of intercepted data. It’s a debate that’s been raging for decades, punctuated by cases like that in 2013 between the U.S. and Microsoft in which the latter refused to provide access to data stored on an Irish server.
A consumer win came recently in the the E.U.’s General Data Protection Regulation, which provides certain data protection and privacy guarantees for E.U. and the European Economic Area. On the other hand, the U.S. last year reauthorized the National Security Administration to engage in largely warrantless surveillance.
Of course, Google isn’t the only one advocating a principle-based approach governing data access. In a blog post late last year, Microsoft recommitted to pursuing mechanisms that might help to resolve conflicts with third-country laws, and Apple has repeatedly opposed gag orders preventing it from disclosing information about government-issued national security orders.
It’s good business, frankly. According to an IBM survey conducted by the Harris Poll, some 78% of consumers said that a company’s ability to keep their data private is “extremely important.”