Google Cloud are committed to meeting our customers’ evolving data processing and security requirements. To this end, Google are pleased to announce the next version of the Cloud Data Processing Addendum (CDPA), which updates our data processing and security terms for Google Cloud, Google Workspace (including Workspace for Education), Cloud Identity (when purchased separately), and Looker (original) customers worldwide. The CDPA (Partners) includes equivalent updates for Google Cloud and Looker (original) partners. 

These versions of the CDPA are designed to strengthen and consolidate our global privacy and security commitments for all of the products listed above in one convenient location. Key updates include: 

  1. certain commitments previously only offered to customers or partners subject to European data protection laws have been extended to apply to a wider customer/ partner base; 
  2. specific commitments have been added to support new privacy regulations; and 
  3. product-specific privacy and security terms unique for certain services have been consolidated. 

Notably, as data privacy legislation continues to evolve, we’ve expanded the application of existing privacy commitments within the CDPA to benefit customers and partners who may be subject to privacy legislation anywhere in the world. For example, we now offer commitments to support compliance with the California Consumer Privacy Act (CCPA), without reducing any of the strong commitments we have historically offered (and will continue to offer) to support compliance with European data protection laws such as the GDPR.

Google also moved certain privacy and security terms from other sections of our contracts into the CDPA and simplified those terms to increase the transparency and clarity of our privacy and security commitments. Customers and partners can now easily find specific privacy and security terms, all in one place.

What remains unchanged is our continued focus on enabling customers and partners to use our products securely and on supporting them with compliance with respect to applicable regulatory requirements.