Google’s business services are ubiquitous across the internet. They offer unrivaled advantages and conveniences for small- and medium-sized businesses at affordable prices.
If you own a business with an online presence, there’s an excellent chance you’re already employing the use of some or all of these services.
However, did you know that by using Google’s business services, you are agreeing to stay compliant with not only local and international laws and regulations, but also Google’s own corporate stipulations?
Google’s regulation efforts extend even further than their own services. Google Safe Browsing enforces rules on businesses with an online presence to ensure the safety and protection of users’ personally identifiable information.
If you’re planning on signing up for any of Google’s corporate services, here’s what you need to know to ensure that your company and its digital documentation are legally compliant, no matter where your company does business.
Google Business Services
There are dozens of Google business-class products available for various purposes. Examples of these premium services include:
These signature services let vendors quickly and easily develop and launch their digital marketing campaigns. Additionally, Google offers cloud-computing servers, including its Android OS, Maps, Search and Enterprise Search, Chrome, the Google Cloud Platform and also 14 other, separate services that are bundled into its “G-Suite.”
Specific Legal Requirements for Individual Google Services
Every vendor that uses Google services must sign and comply with Google’s “Terms of Service” and “Terms and Agreement” documents before accessing said services. These agreements are legally binding contracts and impose penalties on users of Google services who violate either or both company policies and local laws.
Users must post several of Google’s specific disclosures on their own sites to comply with those agreements. Some examples include:
The company requires its Google Analytics users to post on their site Google’s rules that prohibit abusing or misusing the data is collected. Section seven of the Terms of Service agreement outlines the rules by which Analytics users must abide:
Additionally, section 7 mandates that:
Broken down into simple English, the document stipulates that:
- You must assert that neither you nor your visitors will use Analytics to track personally identifiable information (names, addresses, birthdates, billing information, etc.) that identifies individuals directly – or data that can be linked to such information.
- You cannot include language that would circumvent any of the required privacy protections.
- the fact that they use those other services
- how their visitors can opt-out of – and keep their data protected from – those other services
Google requires its users to tell site visitors that their information is collected to track and connect their searches to specific sites. Ergo, privacy policies that are tailored for use with AdWords must include language that reveals:
- A description of how that site uses visitor data.
- That third-party vendors (including Google) show ads by Google AdWords users across the Internet.
- That cookies are used to track visitor views on advertisers’ websites.
User privacy is paramount for Google Play users. Google requires developers who market their apps on Google Play to notify their end-users about how they manage private information. Developers must include in their app:
- Language describing how the app collects, uses, and shares consumer data, and the types of third parties that might receive it. Developers must limit the app’s data management to those functions included in the description.
If data is collected that is not relevant to the app’s functionality, then the developer must include disclosures as to how it uses and shares that information and get user consent before beginning to collect that user’s data.
The request for consent must:
- Present the consent language clearly and unambiguously.
- Require an affirmative action, like an acceptance tap or checkbox – navigating away from the consent page does not imply acceptance or consent
- Not assert “auto-dismissing” or expiring messages that suggest failing to act (click or tap) infers informed consent.
Additionally, the app’s disclosures:
- Must be included in the app itself and not just on the Google Play page or set aside within a settings page.
- Must describe the type of data collected and how it will be used.
Google also expects users of its services to be compliant with laws specific to their country or region.
In Europe, for example, the General Data Protection Regulation (GDPR) rule came into force in May of 2018. The new law requires that all businesses within the European Union (EU) – and those that do business in the EU – elevate the protections they provide to maintain the privacy and security of the consumer data they collect.
Google has updated its policies in response to the GDPR but still requires its users to modify their data protection activities to become compliant before the law becomes operational.
Companies that do business online and do business or plan to do business in any country outside their country of origin must ensure that their proprietary documentation conforms to the laws of each country in which they engage.
Considering that seven of its consumer services – Android, Maps, YouTube, Chrome, Gmail, Search, and Play – each host over one billion global users, it’s not a surprise that millions of global companies also use Google’s business services to access those markets.
By ensuring that your business practices and documentation comply with both Google’s standards and those of the countries in which your company works, you can leverage Google’s tools to expand your enterprise into ever-growing market sectors.