DOCSLIB.ORG

DPIA on the Use of Google G Suite (Enterprise) for Education for the University of Groningen and the Amsterdam University of Applied Sciences

DPIA on the Use of Google G Suite (Enterprise) for Education for the University of Groningen and the Amsterdam University of Applied Sciences

DP DPIA on the use of Google G Suite (Enterprise) for Education For the University of Groningen and the Amsterdam University of Applied Sciences 15 July 2020, update 12 March 2021 Sjoera Nas Floor Terra Updated G Suite for Education DPIA 12 March 2021 clean 0 / 175 Contents SUMMARY ................................................................................................................................... 5 CONCLUSION 12 MARCH 2021 ................................................................................................................... 10 INTRODUCTION ......................................................................................................................... 12 DPIA: WHAT IS IT AND WHY IS IT MANDATORY? ............................................................................................. 12 SCOPE: G SUITE (ENTERPRISE) FOR EDUCATION .............................................................................................. 14 INPUT FROM GOOGLE ................................................................................................................................ 20 OUTLINE DPIA REPORT .............................................................................................................................. 21 PART A. DESCRIPTION OF THE DATA PROCESSING ....................................................................... 23 1. THE PROCESSING OF PERSONAL DATA ............................................................................................ 23 1.1 CUSTOMER DATA ............................................................................................................................ 24 1.3 FUNCTIONAL DATA ........................................................................................................................... 26 1.4 DIFFERENT G SUITE EDITIONS ............................................................................................................. 26 1.5 G SUITE CORE SERVICES, GOOGLE ACCOUNT, SUPPORT SERVICES, ADDITIONAL SERVICES, AND OTHER RELATED SERVICES .................................................................................................................................................. 27 1.6 THE ENROLMENT FRAMEWORK FOR G SUITE (ENTERPRISE) FOR EDUCATION .................................................. 44 2. PERSONAL DATA AND DATA SUBJECTS ........................................................................................... 48 2.1 DEFINITIONS OF DIFFERENT TYPES OF PERSONAL DATA ............................................................................ 48 2.2 DIAGNOSTIC DATA ............................................................................................................................ 52 2.3 OUTGOING TRAFFIC ANALYSIS ............................................................................................................. 56 2.4 RESULTS ACCESS REQUESTS ................................................................................................................ 61 2.5 TYPES OF PERSONAL DATA AND DATA SUBJECTS ..................................................................................... 64 3. DATA PROCESSING CONTROLS ..................................................................................................... 67 3.1 PRIVACY CONTROLS GOOGLE ACCOUNT FOR END -USERS ........................................................................ 68 3.2 PRIVACY CONTROLS ADMINISTRATORS .................................................................................................. 78 4. PURPOSES OF THE PROCESSING ................................................................................................... 83 4.1 PURPOSES AUAS AND UG ................................................................................................................. 83 4.2 PURPOSES GOOGLE .......................................................................................................................... 84 4.3 PURPOSES ADDITIONAL SERVICES AND GOOGLE ACCOUNT, WHEN NOT USED IN A CORE SERVICE................... 92 4.4 SPECIFIC PURPOSES CHROME OS AND THE CHROME BROWSER ................................................................ 95 5. PROCESSOR OR (JOINT) CONTROLLER ............................................................................................ 96 5.1 DEFINITIONS .................................................................................................................................... 96 5.2 DATA PROCESSOR ............................................................................................................................. 97 5.3 DATA CONTROLLER ........................................................................................................................... 98 5.4 JOINT CONTROLLERS ........................................................................................................................ 105 6. INTERESTS IN THE DATA PROCESSING .......................................................................................... 107 6.1 INTERESTS OF THE UNIVERSITIES ........................................................................................................ 107 6.2 INTERESTS OF GOOGLE .................................................................................................................... 108 6.3 JOINT INTERESTS ............................................................................................................................. 109 7. TRANSFER OF PERSONAL DATA OUTSIDE OF THE EEA ...................................................................... 110 8. TECHNIQUES AND METHODS OF THE DATA PROCESSING ................................................................... 114 8.1 ANONYMISATION ........................................................................................................................... 114 Updated G Suite for Education DPIA 12 March 2021 clean 1 / 175 9. ADDITIONAL LEGAL OBLIGATIONS: E-PRIVACY DIRECTIVE ................................................................. 116 10. RETENTION PERIODS ............................................................................................................. 117 10.1 CUSTOMER DATA ......................................................................................................................... 118 10.2 DIAGNOSTIC DATA ........................................................................................................................ 118 PART B. LAWFULNESS OF THE DATA PROCESSING ..................................................................... 121 11. LEGAL GROUNDS ................................................................................................................. 121 11.1 CUSTOMER DATA FROM THE CORE SERVICES, FEATURES AND THE GOOGLE ACCOUNT USED IN THE CORE SERVICES ................................................................................................................................................ 122 11.2 PERSONAL DATA IN ADDITIONAL SERVICES, OTHER RELATED SERVICES, TECHNICAL SUPPORT SERVICES AND ALL DIAGNOSTIC DATA ................................................................................................................................... 129 11.3 GOOGLE’S OWN LEGITIMATE BUSINESS PURPOSES ................................................................................. 132 12. SPECIAL CATEGORIES OF DATA ................................................................................................. 132 12.1 TRANSFER OF SPECIAL, SENSITIVE, SECRET AND CONFIDENTIAL DATA TO THE USA .................................... 133 13. PURPOSE LIMITATION ........................................................................................................... 134 14. NECESSITY AND PROPORTIONALITY ........................................................................................... 136 14.1 THE PRINCIPLE OF PROPORTIONALITY ............................................................................................... 136 14.2 ASSESSMENT OF THE PROPORTIONALITY ........................................................................................... 136 14.3 ASSESSMENT OF THE SUBSIDIARITY .................................................................................................. 139 15. DATA SUBJECT RIGHTS .......................................................................................................... 139 15.1 LEGAL FRAMEWORK AND CONTRACTUAL ARRANGEMENTS BETWEEN UNIVERSITIES AND GOOGLE .............. 140 15.2 RIGHT TO INFORMATION ................................................................................................................ 140 15.3 RIGHT TO ACCESS .......................................................................................................................... 141 15.4 RIGHT OF RECTIFICATION AND ERASURE ............................................................................................ 142 15.5 RIGHT TO OBJECT TO PROFILING ...................................................................................................... 143 15.6 RIGHT TO DATA PORTABILITY .......................................................................................................... 143 15.7 RIGHT TO FILE A COMPLAINT ........................................................................................................... 143 PART C. DISCUSSION AND ASSESSMENT OF THE RISKS .............................................................. 144 16. RISKS ...............................................................................................................................

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    177 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us