Supporting our EU customers with their DPIAs: Google's commitment to privacy and security with Google Workspace with Gemini
David Lee
Group Product Manager, Google Workspace
Google Workspace Newsletter
Keep up with the evolving future of work and collaboration with insights, trends, and product news.
SIGN UPAt Google, user privacy and security are foundational to everything we do, especially when it comes to generative AI. We are more committed than ever to ensuring users feel safe and confident when using Google Workspace with Gemini, a dedication reinforced by our intention to sign the European Union AI Act Code of Practice.
We understand that new technologies may require that customers carry out Data Protection Impact Assessments (DPIAs), which can be complex. Drawing on our substantial experience in supporting customer DPIAs, including our successful assessments in the Netherlands, we are firmly committed to helping customers with their compliance journeys.
To support this, we've published a new DPIA resource: Supporting Your Data Protection Impact Assessment (DPIA) for Google Workspace with Gemini. This support guide is designed to assist your organization in preparing your DPIAs for Gemini in Workspace apps and the standalone Gemini app, supplementing our existing DPIA Cloud Resource Center. While your organization, as the data controller, is responsible for conducting the DPIA, this support guide provides valuable information to help you complete yours.
Here are some key highlights from the new support guide, intended to provide information on Gemini's security and privacy features for addressing potential risks:
Foundational security: Gemini automatically applies Google Workspace data handling practices, keeping customer data within your tenant, and employs a layered defense strategy against various attack vectors. We also adhere to ISO/IEC 42001 for AI Management Systems.
Robust data protection: Gemini integrates with Workspace controls like trust rules, Information Rights Management (IRM), and Client-Side Encryption (CSE).
Granular controls: Administrators have extensive controls to enable/disable Gemini features and manage conversation history.
Risk mitigation: Gemini comes with built-in protections to mitigate AI-specific risks like hallucinations, biases, and prompt injections, and includes prominent end-user warnings to double-check outputs.
Monitoring: Google Workspace provides tools for administrators to monitor Gemini usage and activity through reports and audit logs.
Enterprise contractual commitments: Gemini in Workspace apps and the Gemini app are Workspace Core Services by default, meaning they automatically benefit from our robust contract terms, including the Cloud Data Processing Addendum. This means that you control your data and Google does not use Customer Data in Google Workspace services, including Gemini, for advertising purposes, among other enterprise privacy commitments.
By leveraging Google's comprehensive controls and implementing your own policies and best practices, you can confidently deploy Workspace with Gemini while maintaining a strong security posture and ensuring data protection.
We encourage you to explore the new DPIA support guide today!
