Reputation: 23
Is there any way to restrict Google Cloud global APIs to specific regions?
https://cloud.google.com/translate/data-usage states: “Our services are global and we do not guarantee that the data will not leave the region for processing.”
We are currently building a new product using Google Cloud Translation and Data Loss Prevention APIs. Is it possible to restrict these in such a way that data will not leave e.g. Europe, not even for processing?
Our management is concerned that some of our customers might not accept data leaving specific regions.
Or is processing (not storing) data across regions generally accepted by major corporations? I see examples of health companies using DLP for anonymization of e.g. medical records and (hopefully) they have assessed this as acceptable risk.
Upvotes: 2
Views: 393
Answers (1)
Reputation: 13637
As stated by the documentation, API services are globally distributed and Google does not guarantee that all data will not leave the region for processing. This is by design, in order to meet the demands for massive scalability and top notch performances. Indeed, data are treated according to Google's enterprise-grade security standards and methods. For instance, Google Cloud provides by default encryption in transit. Furthermore, using a Google Service like Translate and DLP, you need to authenticate and authorize the request. Authentication is done by setting up a Google Cloud Service account. Authorization is done by setting up an API scope and access policies with Google IAM.
However, take into account that GDPR does not strictly mandate data location per se. As stated in the article 46 - Transfers subject to appropriate safeguards, GDPR allows the data processing outside European borders.
Google Cloud supports model contract clauses and privacy shield in this regards:
In the absence of a decision pursuant to Article 45(3), a controller or processor may transfer personal data to a third country or an international organisation only if the controller or processor has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available.
Additional information about data processing terms of Google Cloud are available in the article as follows: https://cloud.google.com/terms/data-processing-terms
About GDPR compliance, Google made multiple updates to ensure that Google Cloud customers can confidently use services now that the GDPR is in effect, by:
- Committing in our contracts to comply with the GDPR in relation to our processing of customer personal data in all Google Cloud Platform and G Suite services.
- Offering additional security features that may help you to better protect the personal data that is most sensitive.
- Giving you the documentation and resources to assist you in your privacy assessment of our services.
- Continuing to evolve our capabilities as the regulatory landscape changes.
A complete reference is available at: https://cloud.google.com/security/gdpr/
Disclaimer: Comments and opinions are my own and not the views of my employer.
Upvotes: 2
Related Questions
- Cloud API access scopes
- Selecting region for api in google cloud
- Google cloud regions for the projects(Personal/Official)
- Specify Region for Google Speech API?
- use region other than us-central1 for Google Cloud Functions
- GCP - Multiple regions for same website and database
- Google Cloud Functions - multi regional setup
- Is there a way to configure GCP regions in Firebase?
- gcp multiregion-region-zone relationship json/API
- Global Region Restrictions of accessing Google Cloud Datastore