Notification

Planning your return to office strategy? See how ChromeOS can help.

Zahtevana stran za zdaj ni na voljo v vašem jeziku. Na dnu strani lahko izberete drug jezik ali takoj prevedete katero koli spletno stran v jezik po izbiri z vgrajeno funkcijo prevajanja Google Chroma.

Overview of ChromeOS data processor mode

Data processor mode is currently only available for users on managed ChromeOS devices in these countries.

Google developed data processor mode for ChromeOS, including its new compliance tools, to help IT administrators review and manage how Google collects, stores, and otherwise processes personal data when a customer uses managed ChromeOS devices.

Among other benefits, data processor mode gives customers:

  • Greater transparency into when and why Google processes personal data,
  • Increased control over such processing, and
  • Capabilities to support their privacy obligations under the GDPR.

Customers can switch to data processor mode by reviewing and accepting the new data processor mode terms in the Google Admin console. This switch shifts Google’s role from that of a data controller, to primarily that of a data processor under the EU’s General Data Protection Regulation (GDPR), for personal data handled by Essential Services. Essential Services are the services (tools, features, and settings) considered most important for a secure, reliable, and useful Chrome experience. Services which are less central to the Chrome experience are called Optional Services. Use of Optional Services is voluntary, and they are not covered by data processor mode, meaning that Google remains a data controller and separate terms of service apply. These services can be toggled on or off by IT administrators in the Admin console, enabling them to select those which best suit their needs.

Some helpful data terms

Use of data processor mode involves several separate, but related, categories of data. Some of these are defined by law, and some are specific to Google:

  • "Personal data" has the meaning given to it in Article 4 of the GDPR. It is any information relating to an identified or identifiable natural person, also known as a “data subject”. Different pieces of information, which collected together can be used to identify a data subject, may also qualify as personal data. Both Customer Personal Data and Service Data are considered personal data.
  • Customer Personal Data” is a Google term, and refers to personal data contained within Customer Data. “Customer Data” is any data provided to Google by (or on behalf of) customers and/or their managed end users, while using Essential Services, or which is received through these services by customer and/or their end users. Some examples of Customer Personal Data are: name, email address, IP address, or user ID.
  • Service Data” refers to personal data that Google collects or generates when providing Essential Services to its customers and their managed end users. Some examples of Service Data are: noting which policies are most commonly used by administrators, how many customers use a particular setting, and how Chrome is interacting with other Google services.

‘Data Controller’ vs ‘Data Processor’

The terms “data controller” and “data processor” come from the GDPR. A data controller determines the purposes and means of processing personal data. In other words, the data controller decides 'why' and 'how' personal data should be processed. A data processor, on the other hand, can only process personal data on behalf of a data controller, following the instructions and permissions given by the controller.

Purposes for processing data

When a customer switches to data processor mode, Google’s role when processing personal data for Essential Services shifts from that of a data controller, to primarily that of a data processor. Google acts as a data processor for both Customer Personal Data and Service Data, meaning that it can only process this personal data according to the instructions and permissions given to it by the customer. These are called the “Customer Instructions”, and are contained in the data processor mode terms. According to the Customer Instructions, Google may only process personal data for three purposes: (1) to provide, maintain and improve the Essential Services; (2) to identify, address and fix security threats, risks, bugs and other anomalies; and (3) to develop, deliver and install updates to the Essential Services subscribed to by the customer. Google may also act as a data controller over Service Data (but not Customer Personal Data) for specific, limited reasons called “Legitimate Business Purposes”, detailed in the data processor mode terms. Examples of Legitimate Business Purposes include billing and account management, abuse and security threat detection, and providing customer support.

New tools available in data processor mode for ChromeOS

Landing Page—The new landing page for data processor mode can be found in the Admin console. It provides an overview of data processor mode, including the tools and features customers can use to control how Google collects and uses personal data. In addition to providing greater control and transparency, these tools may assist customers in their role as data controllers, and to satisfy obligations that arise under the GDPR. The landing page also lists and describes the Essential Services and Optional Services, including links to policy settings for each service.

A switch to turn off all Optional Services—Google will remain a data controller for personal data processed by Optional Services. Should customers wish, there is a control available to disable all Optional Services. To reverse this, users will need to manually enable each service individually. Optional Services can also be turned on and off individually.

Download Service Data—Download Service Data allows IT administrators to download Service Data associated with a managed user or managed devices, and may assist with their own data management responsibilities, such as when responding to Data Subject Access Requests (DSAR).

Domain-wide Takeout—Domain-wide Takeout allows IT administrators to download Customer Personal Data, which may also help customers comply with their own data management and compliance responsibilities.

Delete User Data—This feature allows IT administrators to trigger an end user’s personal data deletion from Essential Services to comply with their own data management responsibilities, such as data subject deletion requests. The IT administrator using the tool to delete a user from the organization triggers the data deletion.

Make the switch to data processor mode

Making the switch is a two-step process:

  1. Go to the Admin console under the “Devices” section, or open the email provided to you by Google.
  2. Review and accept the ChromeOS data processor mode terms.

Services of data processor mode

Essential Services

Essential Services are the services (tools, features, and settings) considered most important for a secure, reliable, and useful Chrome experience.

Google provides a list of Essential Services, and further detail is provided below. Google has also provided help articles for both Chrome users and managing IT Administrators to learn more about how each individual service processes personal data.

Interactions with individual services may vary based on how an organization sets up user access. For example, an educator might utilize Essential Services in Workspace, User Services, and Safe Browsing features, but may not leverage most of the services in Enterprise Management that an IT administrator would oversee.

Optional Services

Optional Services are less central to managed ChromeOS, but add value to the user experience. More details on each service can be found in the list below.

For customers managing ChromeOS with data processor mode enabled, Google offers a way to turn off all Optional Services at once. To reverse this, users will need to manually enable each service individually. Optional Services can also be turned on and off individually. Google remains a data controller for personal data collected and processed by such services.

Follow the link to each Optional Service to learn more:

  • Advanced protection program: The Advanced Protection Program is designed to defend Google accounts against targeted online attacks.
  • Autofill - Web Payment: Autofill - Web Payment provides users with a solution to sync their payment methods across their Google devices with the same Google account.
  • Calendar: The Google Calendar app integrated with managed Chromebooks lets users view events in the Google Calendar.
  • Chrome Remote Desktop: ChromeOS users and IT administrators can access ChromeOS devices (including kiosks) remotely using Chrome Remote Desktop. This is done by registering as a user or administrator on the support page or through the Chrome Remote Desktop app.
  • Connectors Framework: Chrome Enterprise Connectors Framework offers a collection of connectors and APIs that simplify the steps needed to integrate Chrome browser and ChromeOS with first and third party solution providers.
  • Developer tool: Chrome DevTools offers users a set of web developer tools built directly into Chrome browser and Android Developer Options on the ChromeOS platform.
  • Domain reliability verification: The Domain Reliability Verification feature helps verify that users can reliably request and reach Google domains.
  • Feedback report: Feedback Report allows users to provide feedback about a feature or product.
  • Nearby sharing: Nearby Sharing is a feature that allows users to share text, images, files or web pages with other nearby Android and ChromeOS devices.
  • Profile Image Downloader: Profile Image Downloader gives signed-in users the option of using their Google Account image for their ChromeOS profile, or they can choose a different image from their local file system or camera.
  • Search suggestion: Search Suggest provides query completion predictions while the user is typing in a Google Search box.
  • Quick Answers: Quick Answers (QA) is a ChromeOS feature that shows useful information related to the user selection on the right click.
  • URL-Keyed Pseudonymous Metrics: For users who have it enabled, URL-Keyed Pseudonymous Metrics (UKM) sends metrics tied to URLs to Google, to improve searches and browsing. UKM data is only collected from users who have both (i) enabled metrics collection, and (ii) enabled the "Make Searches and Browsing Better" setting.
  • VM Plugin Checker: VM Plugin Checker communicates with the Plugin VM License Checker API to confirm if a managed user has a valid Plugin VM (Parallels) license.
  • Wallpaper - photo service: Wallpaper - Photo Service allows users to select Chrome wallpaper images via the Google Photo service.
  • Webpush Messaging: Web Push Messaging permits web pages to be sent push messages or notifications if a user has allowed Chrome notifications.
  • WebRTC reporting: WebRTC (Web Real-time Communication) is a free, open software project that provides browsers and mobile applications with Real-Time Communications capabilities via simple APIs.

Data processor mode is optional

To switch out of data processor mode once enabled, please reach out to your Google sales contact for assistance.

Related topics

Google and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

Was this helpful?

How can we improve it?

Need more help?

Try these next steps:

Post to the help community Get answers from community members
true
Search
Clear search
Close search
Main menu
5937245619754635850
true
Search Help Center
true
true
true
true
true
410864
false
false