G Suite (Google Apps) Privacy FAQ

Many of the answers from this page have been adapted from Google’s Security and Privacy FAQ, where you can find additional information related to security and privacy related questions.   

  1. What data can be stored in my UC Berkeley Google accounts (bMail, bCal, bDrive, etc.)?
  2. Can my UC Berkeley Google account(s) be used for personal events and communications?
  3. What is the difference between privacy protection for UC Berkeley Google accounts and what is offered to consumers?
  4. How will my personal Google account be affected by my UC Berkeley Google account?
  5. Will Google personnel read our emails, files and calendars?
  6. Can Google monetize, sell, or otherwise use mail or data store in my bConnected Google account? 
  7. Does Google give third parties access to our data?
  8. How does Google handle law enforcement requests?
  9. Is my email accessed for security monitoring?
  10. Who owns the data that UC Berkeley users put into Google Apps?
  11. How long does Google keep UC Berkeley’s data?
  12. How does Google protect UC Berkeley against spam, viruses and phishing attacks?
  13. Will my data remain safe when it is being managed on the same servers as other Google customers?
  14. How does Google protect its infrastructure against hackers and other threats?
  15. Can Google delete my data without my permission?

1. What data can be stored in my UC Berkeley Google accounts (bMail, bCal, bDrive, etc.)?

In general, UC Berkeley Google accounts which include “core” apps: bCal, bMail, bDrive, bConnected Lists, Contacts and Hangouts/Talk, can be used to store and transmit general and Protection Level 1 data, as defined in the Data Use Agreement. Any consumer apps you choose to use (YouTube, Blogger, Google+, etc.) are only suitable for general data. Read more about keeping sensitive data safe

None of the apps within G Suite are suitable for storing and transmitting Protection Level 2 data, such as notice triggering data, human subject research data and other actively regulated data. For additional details on what types of data might or might not be suitable for G Suite, please refer to Data Use Agreement

2. Can my UC Berkeley Google account(s) be used for personal events and communications?

UC Berkeley Google accounts are designed for institutional use; however, incidental personal use is acceptable as long as it complies with the University of California’s Electronic Communication Policy. Learn more about the Personal Use policy within UCOP Electronic Communication Policy, Section III.D.8.  

3. What is the difference between privacy protection for UC Berkeley Google accounts and what is offered to consumers?

The University of California Office of the President (UCOP) negotiated a contract with Google, on behalf of the UC campuses. The contract UC Berkeley has in place with Google puts in place stronger protective measures around data stored and transmitted within the core apps: mail, calendar, contacts, drive, docs/sheets/slides/forms, and talk. Google consumer apps, such as Search, YouTube, Maps, etc., do not offer the same protections and are subject to Google’s standard terms of service. The main differences between services offered under UC Berkeley’s contract and Google include:

  • Data stored in core apps are not scanned for the purpose of displaying ads
  • Data stored in core apps are not accessed by non-core services
  • The same access restrictions to data in core apps applies to third party sites where Google is serving ads

An example of this protection would be if you sign into your bCal account, then proceed to Google Search to look for something. Ads displaying in Google Search results screen (a non-core service) will not be influenced by data in your calendar events (data in a core service).

If you were to use a personal Google consumer account, your data is not protected from sharing between any of the services offered, such as between Google Calendar and Google Search.

G Suite has received a satisfactory SSAE 16 and ISAE 3402 Type II audit, ISO 27018 Cloud Privacy Standard, and ISO 27001 certification. This means that an independent auditor has examined the controls protecting the data in G Suite (including logical security, privacy, Data Center security, etc) and provided reasonable assurance that these controls are in place and operating effectively.

For full text of UC Berkeley's contract with Google, please refer to UCOP Contract Database. Please note that to access UCOP Contract Database, your computer must be on UC Berkeley's network.

4. How will my personal Google account be affected by my UC Berkeley Google account?

Your UC Berkeley Google account is managed separately from your personal Google account(s), therefore the data and settings from these accounts will remain separate. Only data that you manually copy between the accounts will be shared (e.g. if you send a personal email to your bMail account). If you use a personal Gmail account, in order to avoid confusion, it is best to use a different web browser to toggle between the two accounts. Using an “incognito” browser in Chrome™, for instance, may also help avoid confusing the two accounts.

5. Will Google personnel read our emails, files and calendars?

No, Google’s scanning and indexing procedures are 100% automated and involve no human interaction. In order to provide some of the core features in G Suite, Google’s automated systems will scan and index some user content. Google scans or indexes user content in Google Apps in order to provide features that will either directly benefit users or help Google maintain the safety and security of their systems. For example:

  • Email is scanned so Google can perform spam filtering and virus detection
  • Priority Inbox, a Gmail feature, scans email message to identify which messages are considered important and which are considered not important
  • Note that there is no ad-related scanning or processing in G Suite for Education or Business with ads disabled
  • Some user data, such as documents and email messages, are scanned and indexed so users can privately search for information in their personal Google accounts

UC Berkeley Google data is not part of the general google.com index, except when you choose to publish information publicly.

6. Can Google monetize, sell, or otherwise use mail or data store in my bConnected Google account?

The agreement that UC Berkeley utilizes for its G Suite for Education Service (including bMail, bCal, Drive, and others) does not allow Google use of our data for any purposes other than to fulfill its obligations to deliver the service to us under our agreement. UC Berkeley does not believe that scanning for the purpose of serving ads anywhere is an allowed use under our agreement.

7. Does Google give third parties access to our data?

Google may only share information with third parties in conformity with Google’s Privacy Policy and Customer Agreement. Google does not share or reveal private user content such as email or personal information with third parties except as required by law (see the Google Transparency Report), on request by a user or system administrator, or to protect Google’s systems. These exceptions include requests by users that Google's support staff access their email messages in order to diagnose problems; when Google is required by law to do so; and when Google is compelled to disclose personal information because Google reasonably believes it's necessary in order to protect the rights, property or safety of Google, its users and the public.

8. How does Google handle law enforcement requests?

Google complies with valid legal processes seeking account information, such as search warrants, court orders, or subpoenas. Google attempts to notify users before turning over their data whenever possible and legally permissible.  For more information, please see both the bConnected Transparency Report and the Google Transparency Report for information regarding government requests for user data.

9. Is my email accessed for security monitoring?

As a matter of campus practice, email is not accessed for security monitoring, however, UC Berkeley does monitor network traffic in an attempt to ensure the security of all systems on the network.

By default, email messages sent to or from bConnected email accounts use encryption. When encrypted, sender and recipient information (To/From email addresses), subject lines, and message content are not visible, even if intercepted through monitoring. However, this level of email encryption can not be guaranteed throughout the Internet ecosystem, so email should not be considered a secure form of communication.

UC Berkeley’s information security monitoring practices are reviewed by a consultative campus governance process, which balances security benefits with privacy concerns, enforces controls on the type of monitoring allowed, and limits how any data collected may be used. The UC Office of the President may mandate different monitoring practices under the Coordinated Monitoring and Threat Response Initiative.

10. Who owns the data that UC Berkeley users put into G Suite?

Simply put, Google does not own UC Berkeley users’ data.  Google does not take a position on whether the data belongs to the institution signing up for Apps, or the individual user, but it knows it doesn't belong to Google.* This means three key things:

  1. Google won't share your data with others except as noted in Google’s Privacy Policy
  2. Google will keep your data as long as you require Google to keep it
  3. Finally, you should be able to take your data with you if you choose to use external services in conjunction with G Suite or stop using Google’s services altogether

*For specific questions about UC's intellectual properties and copyright policies, please refer to UCOP’s Copyright Resources.(link is external)

11. How long does Google keep UC Berkeley’s data?

Google believes that users should have control over their data. Google maintains multiple backup copies of users' content so that Google can recover data and restore accounts in case of errors or system failure. When you ask Google to delete messages and content, Google makes reasonable efforts to remove deleted information from our systems within a commercially reasonable amount of time. Learn more.

12. How does Google protect UC Berkeley against spam, viruses and phishing attacks?

Google has one of the best spam blockers in the business, and it's integrated into G Suite. Spam is purged every 30 days. Google has built in virus checking, and they enforce checking of documents before allowing a user to download any message. Most computer viruses are contained in executable files, so standard virus detectors scan messages for executable files that appear to be viruses. Google helps block viruses in the most direct possible way: by not allowing users to receive executable files (such as files ending in .exe) that could contain damaging executable code; even if they are sent in a compressed (.zip, .tar, .tgz, .taz, .z, .gz) format.

Google supplies Chrome™ and Firefox® users with constantly updated filters against phishing and malware.

By combining advanced algorithms with reports about misleading pages from a number of sources, Google downloads to your browser a list of information about sites that may engage in phishing or contain malicious software. Safe Browsing is often able to automatically warn you when you encounter a page that's trying to trick you into disclosing personal information.

13. Will my data remain safe when it is being managed on the same servers as other Google customers?

Yes. Data is virtually protected as if it were on its own server. Unauthorized parties cannot access your data. Your competitors cannot access your data, and vice versa. In fact, all user accounts are protected via a virtual “lock and key” that ensures that one user cannot see another user's data. This is similar to how customer data is segmented in other shared infrastructures such as online banking applications.

14. How does Google protect its infrastructure against hackers and other threats?

Google, an established provider of web-based services has gone to great lengths to protect against threats. Google runs its data centers using custom hardware running a custom OS and file system. Each of these systems has been optimized for security and performance. The Google Security Team is working with external parties to constantly test and enhance security infrastructure to ensure it is impervious to external attackers. And because Google controls the entire stack running our systems, we are able to quickly respond to any threats or weaknesses that may emerge.

Google maintains a number of geographically distributed data centers. Google’s computing clusters are designed with resiliency and redundancy in mind, eliminating single points of failure and minimizing the impact of common equipment failures and environmental risks. Access to our data centers is restricted to authorized personnel.

15. Can Google delete my data without my permission?

No, Google cannot delete your data without your permission. Data stored within core apps are protected under the contract between UC Berkeley and Google, and will not be deleted unless the user requests it. However, under certain circumstances Google reserves the right to suspend a user’s account for violation of terms of service that rise to the level of an “emergency security issue”. If Google were to suspend a user’s account without warning, they would be required to provide UC Berkeley with an explanation in a timely manner.