Netherlands: DPIA Google G Suite Enterprise Data protection impact assessment
DPIA Google G Suite Enterprise Data protection impact assessment on the processing of personal data on three platforms with the Chrome browser and as installed apps – in English (171 pages):
https://www.rijksoverheid.nl/documenten/publicaties/2021/02/12/google-workspace-dpia-for-dutch-dpa
A bit of a summary as a blog post by the company who helped draft it:
https://www.privacycompany.eu/blogpost-en/privacy-assessment-google-workspace-g-suite-enterprise-dutch-government-consults-dutch-data-protection-authority-on-high-privacy-risks
SMS is not secure for 2FA
Leitfaden zum Datenschutz in medizinischen Forschungsprojekten – Generische Lösungen der TMF 2.0
Leitfaden zum Datenschutz in medizinischen Forschungsprojekten – Generische Lösungen der TMF 2.0
(Data protection/privacy in healthcare research, pseudonymization/pseudonymisation, 2014)
Also available via https://library.oapen.org/handle/20.500.12657/37299
at direct link below
https://library.oapen.org/bitstream/handle/20.500.12657/37299/leitfaden-zum-datenschutz-in-medizinischen-forschungsprojekten.pdf?sequence=4&isAllowed=y
USA: HHS security risk assessment tool (HIPAA)
USA: Virginia passes the Consumer Data Protection Act
IAPP article
https://iapp.org/news/a/virginia-passes-the-consumer-data-protection-act/
(incl. data protection assessments)
EAID – slides/recording – 02.03.2021: Datenschutz – Zertifizierung – Quo Vadis?
https://www.eaid-berlin.de/datenschutz-zertifizierung-quo-vadis/
includes
Die Idee hat eine lange Geschichte…und auch eine Zukunft?
• Gabriel Schulz, Stellvertreter des Landesdatenschutzbeauftragten Mecklenburg-Vorpommern
Der erste Versuch hat Erfahrungen – wie gut sind diese?
• Sebastian Meissner, EuroPriSe, Head of the EuroPriSe Certification Authority
Zertifizierungen nach Artikel 42 DSGVO und Zertifizierungsstellen gem. Art. 43 DSGVO lassen aber immer noch aus sich warten. Warum?
• Dr. jur. Raoul Kirmes, DAkkS; Sachgebiet Grundsatzaufgaben
Quo Vadis Datenschutzzertifizierung?
• Frederick Richter, Vorstand Stiftung Datenschutz
The Netherlands: Privacy Assessment of Google Workspace G Suite Enterprise suite (DPIA)
“Commissioned by the Ministry of Justice and Security, Privacy Company investigated the privacy risks of G Suite Enterprise, with work and communication apps such as Gmail, Chat, Meet, Forms, Docs and Slides. Meanwhile, Google has renamed these services into Google Workspace.”
Related:
- Google Workspace DPIA for Dutch DPA (in English)
at https://www.rijksoverheid.nl/documenten/publicaties/2021/02/12/google-workspace-dpia-for-dutch-dpa - “Google has also published a guide for system administrators, explaining the rules and the available privacy choices, the Google Workspace data protection implementation guide.”
at https://services.google.com/fh/files/misc/google_workspace_data_protection_guide_en_dec2020.pdf
Google Firebase
Point of contract
https://console.firebase.google.com/
Terms of Service for Firebase Services
https://firebase.google.com/terms?authuser=0
Data Processing and Security Terms
https://firebase.google.com/terms/data-processing-terms?authuser=0
also general description
https://firebase.google.com/support/privacy?authuser=0
BSI – AI Cloud Service Compliance Criteria Catalogue (AIC4) Date 2021.02.02
“The AI Cloud Service Compliance Criteria Catalogue provides AI-specific criteria, which enable an evaluation of the security of an AI service across its lifecycle. The criteria set a baseline level of security, which can be reliably assessed through independent auditors. The catalogue has been developed for AI services that are based on standard machine learning methods and iteratively improve their performance by utilizing training data.”