Firebase Database EU Data Protection compliance
4,267 views
Skip to first unread message
mar...@uncinc.nl
May 3, 2017, 12:00:29 PM5/3/17
to Firebase Google Group
Dear all,
I have a client for which Firebase would be a perfect fit for a project we are working on, except for the fact this client has customers who require compliance with the EU Data Protection Directive.
I have read that the Google Cloud Platform is compliant, and I have seen posts in this group about this, but there is no definitive answer to the question: does Firebase (in this specific case Firebase Real-time Database) comply with this Directive? It is unclear to me whether all of Firebase now falls under the Google Cloud Platform.
Looking forward to more information!
Regards,
Martijn Houtman
Renaud Tarnec
May 3, 2017, 4:59:17 PM5/3/17
to Firebase Google Group
+1 for a key question for Firebase users in Europe.
Ian Barber
May 4, 2017, 4:57:16 AM5/4/17
to Firebase Google Group
Firebase complies with privacy shield as part of Google in general: https://www.privacyshield.gov has our certification.
Ian
--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-talk+unsubscribe@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/48c71d4c-390b-4e58-a22d-010169aff99b%40googlegroups.com.
Nick K
May 4, 2017, 6:54:06 PM5/4/17
to Firebase Google Group
I would also be interested to get a bit more specific information than that Google as a whole complies with the privacy shield.
Many EU customers will want to know where data is hosted -- they simply don't trust data to be hosted in the US, no matter whether the privacy shield applies or not.
For Google Cloud it is possible to specify in which region you want Google to store data. Is this also possible for Firebase?
The answer seems to be no, as just a few months ago a Firebase engineer commented (http://stackoverflow.com/a/40948902):
Therefore, Firebase seems a problematic option for many EU companies.
Many EU customers will want to know where data is hosted -- they simply don't trust data to be hosted in the US, no matter whether the privacy shield applies or not.
For Google Cloud it is possible to specify in which region you want Google to store data. Is this also possible for Firebase?
The answer seems to be no, as just a few months ago a Firebase engineer commented (http://stackoverflow.com/a/40948902):
"All Firebase Database instances are currently located in the central US. There is no way to have your data stored in a different location."
Therefore, Firebase seems a problematic option for many EU companies.
Nick K
May 4, 2017, 8:33:51 PM5/4/17
to Firebase Google Group
By the way, I also think it doesn't matter whether Google stores the data in the US or EU. Since it's a US firm, under the Patriots Acts, the US government can get access to the data irrespective where the data is stored (since it's a US firm). More importantly, I think, is to have privacy by design and store all data encrypted.
Op vrijdag 5 mei 2017 00:54:06 UTC+2 schreef Nick K:
Op vrijdag 5 mei 2017 00:54:06 UTC+2 schreef Nick K:
Ian Barber
May 5, 2017, 4:12:40 AM5/5/17
to Firebase Google Group
Good question! Firebase Database is currently hosted in the US, thats correct. For some services, you can choose a region - for example Cloud Storage for Firebase will work with any Cloud Storage bucket, so you can create one in another region and use that.
Ian
--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-talk+unsubscribe@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/fed481ed-742e-4271-abaa-e823377f45d0%40googlegroups.com.
Marius
Jun 19, 2017, 1:25:58 PM6/19/17
to Firebase Google Group
Hello Ian,
Very interesting question here: I work for a major french telco and we are really interested in Firebase Analytics (fore more than 200 apps). Only problem is that we don't know where our european customers' data will be located...
Does Firebase ensure that data location in the EU for the moment or not ?
Cheers,
Marius
On Friday, May 5, 2017 at 10:12:40 AM UTC+2, Ian Barber wrote:
Good question! Firebase Database is currently hosted in the US, thats correct. For some services, you can choose a region - for example Cloud Storage for Firebase will work with any Cloud Storage bucket, so you can create one in another region and use that.Ian
On Fri, May 5, 2017 at 12:28 AM, Nick K <nic...@gmail.com> wrote:
By the way, I also think it doesn't matter whether Google stores the data in the US or EU. Since it's a US firm, under the Patriots Acts, the US government can get access to the data irrespective where the data is stored (since it's a US firm). More importantly, I think, is to have privacy by design and store all data encrypted.
Op vrijdag 5 mei 2017 00:54:06 UTC+2 schreef Nick K:I would also be interested to get a bit more specific information than that Google as a whole complies with the privacy shield.
Many EU customers will want to know where data is hosted -- they simply don't trust data to be hosted in the US, no matter whether the privacy shield applies or not.
For Google Cloud it is possible to specify in which region you want Google to store data. Is this also possible for Firebase?
The answer seems to be no, as just a few months ago a Firebase engineer commented (http://stackoverflow.com/a/40948902):"All Firebase Database instances are currently located in the central US. There is no way to have your data stored in a different location."
Therefore, Firebase seems a problematic option for many EU companies.
--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
Ian Barber
Jun 19, 2017, 4:13:12 PM6/19/17
to Firebase Google Group
It depends on the specific service within Firebase. For Analytics though, I don't believe there is a guarantee on where the data will be stored, sorry.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-talk+unsubscribe@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/559d3c8f-b55b-45f9-ace0-604481f957ec%40googlegroups.com.
Marius
Jun 20, 2017, 10:27:38 AM6/20/17
to Firebase Google Group
I see. For european users of Firebase it will be compulsory to have their data stored within the EU as the GDPR is going live in May 2018. It might worth a look from Firebase team to arrange something even if it implies being charged to have this guarantee.
Thanks for your answer Ian.
James Askew
Jun 30, 2017, 12:31:19 PM6/30/17
to Firebase Google Group
Thats really interesting thanks for that Marius - do you have any source i can reference for this?
On a general note though, i love firebase, it's fantastic, but this data location issue is really starting to become an issue for us, and without any clarity we will have to reluctantly look at migrating away from firebase.
When starting with firebase i rather naively thought it would be bound to be resolved before it became an issue for us (i acknowledge that no one ever said this would be the case), but these threads have been going for as long as firebase has been around, and despite being part of google for 20 odd months there is still no real information.
At some point we have to assume there really are no plans to enable european data location (or its just not possible), and you just don't want to say that out loud.
I really hope that is not the case!
Christoffer Buusmann
Oct 10, 2017, 10:37:26 AM10/10/17
to Firebase Google Group
I posted a similar question re. Firestore: https://groups.google.com/forum/m/#!topic/firebase-talk/wg_fQZhptzQ
Please file an official feature request so that we can make the Firebase team aware that we would like this :)
Please file an official feature request so that we can make the Firebase team aware that we would like this :)
Arian Kuschki
Oct 24, 2017, 9:55:50 PM10/24/17
to Firebase Google Group
Hi Marius,
as far as I know, the GDPR (to be launched in May 2018) contains no requirements regarding data locality. Do you have any reference for that?
Thanks,
Arian
Michał Tajchert
Dec 8, 2017, 9:41:55 AM12/8/17
to Firebase Google Group
From what I gathered from different sources:
- It is not about data location (especially as Google is part od Privacy Shield).
- It is more about requirement for Data Processing Agreement - and more down to Terms of Service of particular service in Firebase.
- It is more about requirement for Data Processing Agreement - and more down to Terms of Service of particular service in Firebase.
- Different services in Firebase uses very different TOS - https://firebase.google.com/terms/
- Only those with "Google Cloud Platform License Agreement" are DPA compliance, with an exception for Firebase Analytics which is on personal request.
Big question marks for me are:
- Is there any official confirmation of an above as this is result of trying to find answer better than "Google is working hard to prepare for the GDPR across Firebase".
Big question marks for me are:
- Is there any official confirmation of an above as this is result of trying to find answer better than "Google is working hard to prepare for the GDPR across Firebase".
- Does it mean FCM is not GDPR compliance?
I wish there would be list of compliance services, no ETA but under work to make GDPR compliance, no way GDPR compliance services. This would help a lot.
Reply all
Reply to author
Forward
0 new messages