Google: New policy doesn’t supersede enterprise, government contracts

Google has clarified that its new, unified privacy policy would have no effect on enterprise and government contracts, reinforcing that individual contracts trump the company’s general policy.

In response to questions about how the new policy affects enterprise and government accounts, Google’s Amit Singh said in an e-mailed statement: “Enterprise customers using Google Apps for Government, Business or Education have individual contracts that define how we handle and store their data. As always, Google will maintain our enterprise customers’ data in compliance with the confidentiality and security obligations provided to their domain. The new Privacy Policy does not change our contractual agreements, which have always superseded Google’s Privacy Policy for enterprise customers.”

Karen Evans — former administrator for the Office of Electronic Government and Information Technology — and security researcher Jeff Gould recommended on the SafeGov.org Web site that Google create a dedicated privacy policy for Google Apps for Government.

In an interview with The Washington Post, Gould said it is encouraging that Google issued a statement that addressed his concerns about the policy’s potential implications for government clients. But, he said, he would still like to see all consumer technology companies with government cloud offerings — including Google, IBM and Microsoft — introduce separate privacy policies for government clients in addition to the private terms laid in out contracts. This, he said, would draw a clear line between their consumer and public sector products.

Gould would also like these cloud service providers to strip out any sort of data collection tools they may have in their consumer products from their public sector products as a precaution. With Google Apps for enterprise and government clients, for example, administrators have the option to enable apps such as Google Calendar.

These companies, he said, “should have a blanket policy specifically for their public sector clients saying that we will not use our consumer data-mining technology. What they do in the consumer space is very powerful, but not it’s appropriate to have this mining built into the government cloud, even if it’s turned off.”

“We have issued a public call for [Google] — and we address it to other integrators playing in the government space — to categorically say we will turn off all advertising and data mining in a government cloud scenario,” Gould said.

Google Apps for Government is certified by the U.S. government as being in compliance with the Federal Information Security Management Act (FISMA), and today the General Service Administration issued a statement saying that it is not concerned about the policy change.

“The recent changes announced by Google pertain only to their free, publicly available services,” the GSA said in a statement. “These changes do not apply to Google Apps for Government, which is the version used by GSA. Our usage of the Google Apps solution is governed by contractual agreement with Google and our prime contractor, Unisys. The solution is compliant with all federal regulations and requirements, including those regarding privacy and data protection.”

Related stories:

Experts: Google privacy shift will have greater impact on Android users

FAQ: Google’s new privacy policy

How to choose what you share with Google