[josefresco]

For the lazy...

> G Suite customers own their data, not Google. The data that G Suite organizations and users put into our systems is theirs, and we do not scan it for advertisements nor sell it to third parties. We offer our customers a detailed data processing amendment that describes our commitment to protecting customer data. Furthermore, if customers delete their data, we commit to deleting it from our systems within 180 days. Finally, we provide tools that make it easy for customer administrators to take their data with them if they choose to stop using our services, without penalty or additional cost imposed by Google

>No advertising in G Suite There is no advertising in the G Suite Core Services, and we have no plans to change this in the future. Google does not collect, scan or use data in G Suite Core Services for advertising purposes. Customer administrators can restrict access to Non-Core Services from the Google Admin console. Google indexes customer data to provide beneficial services, such as spam filtering, virus detection, spellcheck and the ability to search for emails and files within an individual account.

Data Processing Amendment: https://gsuite.google.com/terms/dpa_terms.html

[thrill]

The specificity of "for advertising purposes" leaves wide open the likelihood that it is scanned for "their own purposes", per the question that was asked.

[modernerd]

Or for the purposes of, “spam filtering, virus detection, spellcheck and the ability to search for emails and files…”, which seems reasonable and fair.

[emmab]

Would "anthropology for the purpose of strategy" be reasonable/fair?

[thrill]

Listing multiple items does not exclude others.

[parallel_item]

I like to think of myself as having "alternative" priorities :) Thanks a bunch!

[lmkg]

In my (non-expert) opinion, one of the most important parts of the linked DPA is where Google claims that they are a Processor and not a Controller under GDPR.

A Controller has discretion of what processing takes place and how it is used. A Controller also has greater responsibilities under GDPR to both the data subject and to the authorities. If Google wants to limit their exposure to GDPR (and I see every indication that this is their current strategy), then they need to make sure they only carry out the processing activities outlined in the DPA.

[choot]

Does it stop them from finding generalities in the data and selling that info?

[maxxxxx]

I don't think so.