Google updates Firebase terms to comply with GDPR

Google announced yesterday that the Firebase Terms of Service were updated to comply with the EU General Data Protection Regulation (GDPR), coming into effect on May 25th, 2018. Firebase is the Google Analytics for Apps.

According to Google, the terms were updated “to include Data Processing and Security Terms (DPST) for all of the Firebase services — effective May 25th, 2018.” Users can accept the updated terms today by visiting the project in the Firebase console. Google says that users that accepted an earlier version of the Data Processing Addendum for Google Analytics for Firebase, still need to accept these updated terms.

The project owner can specify a Data Processing Officer (DPO) or EU Representative in the Firebase console. Users that previously specified this information via the Google Cloud console, don’t need to re-enter it.

With Firebase, Google is acting as a processor and app owners are controllers and processors.  App owners will have to ask consent to users so that Firebase collects the data. Google revealed that App owners will also need to ask consent for subprocessors:

  • Accenture, LLP, headquartered in the United States, to provide customer and technical support, which may include phone and email support, response, diagnosis and resolution services, incident tracking, and responding to customer queries.
  • Fastly, Inc., headquartered in the United States, to distribute content (uploaded by customers to Firebase Hosting) to end-users via the Fastly content delivery network.

On Google Analytics Firebase, Google collects cookie identifiers, internet protocol addresses, device identifiers; and client identifiers.