Data processor mode is currently only available for users on managed ChromeOS devices in these countries.
Google developed data processor mode to help IT administrators understand and manage how Google collects, stores, and processes personal data when a customer uses ChromeOS devices managed with Chrome Enterprise Upgrade or Chrome Education Upgrade.
Among other benefits, data processor mode gives customers:
- Greater transparency into when and why Google processes personal data,
- Increased control over such processing, and
- New tools to support privacy compliance under the General Data Protection Regulation (GDPR).
Customers who have enrolled devices for management using Chrome Enterprise Upgrade or Chrome Education Upgrade can switch to data processor mode by reviewing and accepting the new data processor mode terms in the Google Admin console. This switch shifts Google’s role from that of a data controller for personal data handled by Essential Services, to primarily that of a data processor.
Essential Services are the services (tools, features, and settings) considered most important for a secure, reliable, and useful Chrome experience. Services considered less central to the Chrome experience are called Optional Services. Use of Optional Services is voluntary, and they are not covered by data processor mode, meaning that Google remains a data controller and separate terms of service apply, usually the standard Google Terms of Service and Privacy Policy. IT administrators can toggle individual Optional Services on and off in the Admin console, to select those which best suit their needs.
Some helpful data terms
Use of data processor mode involves several separate, but related, categories of data. Some of these are defined by law, and some are specific to Google:
- Personal data has the meaning given to it in the GDPR. It is any information relating to an identified or identifiable natural person, also known as a data subject. Different pieces of information, which collected together, can be used to indirectly identify a data subject, also qualify as personal data. Both Customer Personal Data and Service Data are considered personal data.
- Customer Personal Data is a Google term, and refers to personal data contained within Customer Data. Customer Data is any data provided to Google by (or on behalf of) customers and/or their managed end users, while using Essential Services, or which is received through these services by customer and/or their end users. Some examples of Customer Personal Data are: name, email address, and personal data contained in files and docs.
- Service Data refers to personal data that Google collects or generates when customers and end users are interacting with Essential Services. Some examples of Service Data are: noting which policies are preferred by administrators, how many customers use a particular setting, and how Chrome is interacting with other Google services.
Data Controller vs Data Processor
The terms data controller and data processor come from the GDPR. A data controller determines the purposes and means of processing personal data. In other words, the data controller decides 'why' and 'how' personal data should be processed. Data processors can only process personal data on behalf of a data controller, following the instructions and permissions given by the data controller.
Purposes for processing data
When a customer switches to data processor mode, Google’s role when processing personal data for Essential Services shifts from that of a data controller, to primarily that of a data processor. Google acts as a data processor for both Customer Personal Data and Service Data. This means it can only process this data according to the instructions and permissions given to it by the customer, who is the data controller. These are called the Customer Instructions, and are contained in the data processor mode terms.
According to the Customer Instructions, Google may only process personal data for three purposes: (1) to provide, maintain and improve the Essential Services; (2) to identify, address and fix security threats, risks, bugs and other anomalies; and (3) to develop, deliver and install updates to the Essential Services subscribed to by the customer.
Google may also act as a data controller over Service Data (but not Customer Personal Data) for specific, limited reasons called Legitimate Business Purposes, detailed in the data processor mode terms. Examples of Legitimate Business Purposes include billing and account management, abuse and security threat detection, and providing customer support.
Data processor mode tools available in the Admin console for ChromeOS
Landing Page—The landing page provides an overview of data processor mode. On the landing page, Google provides:
- A list and description of the Optional Services, including a link to the policy settings for each service.
- Information and access to the tools customers can use to manage personal data (described below). In addition to providing greater control and transparency, these tools may assist customers in their role as data controllers, and to satisfy obligations that arise under the GDPR.
Optional Services Master Switch—Google will remain a data controller for personal data processed by Optional Services. Should customers wish, there is a control available to disable all Optional Services. To reverse this, users will need to manually enable each service individually. Optional Services can also be turned on and off individually from the Policies page.
Download Service Data—Download Service Data allows IT administrators to download Service Data associated with managed users on managed devices, and may assist with their own data management responsibilities, such as when responding to data subject access requests.
Takeout Customer Data—Takeout Customer Data allows IT administrators to download Customer Personal Data, which may also help customers comply with their own data management and compliance responsibilities.
Delete User Data—Delete User Data allows IT administrators to trigger an end user’s personal data deletion from Essential Services to comply with their own data management responsibilities, such as data subject deletion requests. The IT administrator triggers the data deletion by using the tool to delete a user from the organization.
Make the switch to data processor mode
The ChromeOS data processor mode terms can be viewed here.
Making the switch to data processor mode is a two-step process:
- Go to the Admin console under the Devices > Chrome > Compliance section, or open the email provided to you by Google.
- Review and accept the ChromeOS data processor mode terms.
Services of data processor mode
Essential Services
Essential Services are the services (tools, features, and settings) considered most important for a secure, reliable, and useful managed ChromeOS experience.
Google provides a list of Essential Services, and help center articles for customers to learn more about what data is processed by these services, and why.
Optional Services
Optional Services are less central to managed ChromeOS, but add value to the user experience.
For customers managing ChromeOS with data processor mode enabled, Google offers a way to turn off all Optional Services at once. To reverse this, users will need to manually enable each service individually. Optional Services can also be turned on and off individually. Google remains a data controller for personal data collected and processed by such services.
How to turn off data processor mode
You have the option of turning off data processor mode.
- Sign in to the Admin console and navigate to the data processor mode landing page.
- Click Turn off data processor mode.
Some important notes on turning off data processor mode:
If data processor mode is turned off, your policy settings will remain in effect, however, Google’s processing of personal data through managed ChromeOS will no longer be governed by the data processor terms. Instead, data processing will be covered by the Google Terms of Service and Privacy Policy, under which Google acts solely as a data controller. You will lose access to data processor mode’s landing page, including access to Download Service Data, a switch to turn off all Optional Services, Takeout Customer Data, and Delete User Data. For customers who have a Workspace license, administrators may be able to access Takeout Customer Data if the tool is granted through their Workspace agreement. However, the applicable Essential Services’ Customer Personal Data will no longer be accessed or downloaded using Takeout.
Related topics
- List of Essential Services
- Data processor mode services
- Google Privacy and Terms
- Chrome Browser Enterprise Security Configuration Guide
- Chrome Enterprise policy list
Google and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.