Additional information on data withheld for security purposes

Information that cannot be provided for security purposes

Under applicable law, you may be entitled to request that we provide you with access to certain data that we process relating to you. For more information, please refer to our Privacy Help Center, section “Your account controls”. Please note that we do not include certain data in our responses to data subject access requests.

For example, data is not included to the extent we are unable to verify that the person making the request is the data subject to whom it relates. Disclosing data to a person making a request without being able to adequately verify that person’s entitlement to the data could undermine the confidentiality and security of users’ data, and may adversely affect other individuals to whom the data relates.

Additionally, data is not included to the extent that providing a copy of such data could adversely affect the rights and freedoms of others. This applies to data we process for purposes of defending our systems to protect you, our users, the public, and Google. This means for example: to detect threats to the security of our systems; privacy, anti-abuse and anti fraud protection; to support traffic management (e.g., defending against DDoS); and to defend against other abusive and system-damaging activities.

We do not disclose data where such a disclosure may impact the ability of you and other users to safely use the services. Cyberattackers and other potential adversaries can exploit details about data to infer exactly how we defend our systems, leaving those systems - and our users - more vulnerable to sophisticated attack. For example, knowledge of how many copies of account sign-in logs and related activity metrics are held, and in what formats, implicitly indicates security sensitive configuration details, commercially sensitive indications of our approach to backup and archiving, and, most importantly, embodies architectural information about our approach to defense-in-depth.

If certain detailed information, about our system defenses, and the data we process through them, such as how low-level data structures are laid out in memory, were to become known, it could give an undue advantage to potential adversaries. It’s for that reason - to protect our users and their data - that we hold some of these details in confidence and do not release them. As these technologies evolve and specific details become less critical to our systems’ security, we reappraise what we are able to safely provide.

Google apps
Main menu
Search Help Center