Hallowe’en turned out to be a real fright for some Google Docs users yesterday as access to content was blocked due to a buggy code push.  The result was that certain content was flagged to have broken Google’s Terms and Conditions.  As widely reported, for some users this could have been a real issue, had the problem continued for any length of time.  Although not a widespread problem, the issue does raise some questions about how users look at the cloud – especially free – cloud services.

Who Owns The Data?

I had to dig back through the archives and find this post from 2012, where I talked about the implications of using free services like Google Drive and Google Docs.  Google terms and conditions allow the company to freely use your content.  That includes inspection, which appears to be pattern-matching based, rather than looking at the actual data.  As we all know, there’s no such thing as a free cloud service, so somewhere we have to pay.  In Google’s case, it’s the ability to target ads more effectively at you, which they can do by looking at your data.  Obviously, this isn’t just a Docs process but would include anything you share with Google (like Gmail).

So even though the data is yours, is it right Google should have the ability to withhold it from you?  I expect most people would say no.  But remember it’s a free service, right?  So you’re bound by the terms Google offers you – take it or leave it.  Most of us never bother reading that small print associated with accepting terms of service.  I think the last Apple ToS I accepted ran into 100+ pages, which I was supposed to read and understand as part of the process of selling an old handset back to the company.  So we assume Google and others will do the right thing.  But behind the scenes, there are algorithms that think otherwise.  When a “fail fast and fail often” type update gets pushed out (which you will never be aware of), then things can go wrong.

GDPR

What impact does this have on the way in which cloud companies will deliver their services in the future?  Well, Google & Co have terms and conditions in place to protect themselves against liability if you’re using their services illegally.  It allows them to take down copyrighted material or anything else breaking the law.  That’s fair enough.  Will things get tougher under GDPR?  The General Data Protection Regulation, an EU edict extends the previous data protection laws put in place across the EU and member countries.  It comes fully into effect on 25 May 2018.  Under the new rules, there are stricter regulations on what qualifies as personal data.

Google (with Docs), looks like it would be classified as both data processor and data controller.  This means significant responsibility providing access to data and other information being stored.  Although this is not much different to responsibilities today, one new area of rights for the individual cover automated profiling and decision making.  You can read the full definition online, but “automated processing” is determined by three elements:

  • it has to be an automated form of processing;
  • it has to be carried out on personal data; and
  • the objective of the profiling must be to evaluate personal aspects about a natural person.

Now to me the way in which Google analyses Docs content seems to conform to the definition of automation.  In which case an individual can request the right to be excluded from this processing if the profiling results in “legal effects” or “similarly effects him or her”.  The effect here would be the blocking of access to content in the way that happened this week.

The Architect’s View

Google’s opaque processing of data to make decisions on content blocking could be challenged under GDPR.  With some of the new additional powers, the user is more in control and we could see some very interesting test cases.  However, rather than depending on EU law, it makes more sense to take action in the first place to ensure that loss of service (for whatever reason) doesn’t result in loss of access to data.  Keep your data onsite and in the cloud too, if that’s what you want.  But just be very aware of the implications of relying on a single remote service like Google Docs.

Related Links

Comments are always welcome; please read our Comments Policy.  If you have any related links of interest, please feel free to add them as a comment for consideration.  

Copyright (c) 2009-2017 – Post #57A3 – Chris M Evans, first published on https://blog.architecting.it, do not reproduce without permission.

 

We share because we care!Share on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn30Buffer this pageEmail this to someoneShare on Reddit0Share on StumbleUpon0

Written by Chris Evans

  • Girish Gurudutt

    what is new in cloud SP – full stack