On May 25, a new piece of European data protection legislation came into force: the General Data Protection Regulation, or GDPR.
We know that GDPR compliance is at the top of many of your minds, so we’ve been working hard over the past few months to ensure that you have the resources you need.
We updated to new, GDPR-friendly terms that includes the Firebase Data Processing and Security Terms. We’ve also given you a way to specify a Data Processing Officer (DPO) or EU Representative in the Firebase console. If you’ve already added your project’s DPO or EU Rep in the Google Cloud console, you don’t need to do it again for Firebase.
It’s not just about the GDPR either - we’ve certified many Firebase products under security standards such as ISO 27001, ISO 27017, ISO 27018 and SOC 1, 2 and 3.
To help you implement privacy best practices we’ve added a dedicated Privacy and Security in Firebase section, launched a new guide on how to manage Instance IDs, and given you some suggestions on how to clear and export user data and store privacy settings using Firebase tools.
For Google Analytics for Firebase users, we have a new guide on your data management options, new sharing settings within the Firebase console that lets you have more control over your data, and a new API for deleting data associated with an Analytics App Instance ID.
Finally, you may want to check out our Google I/O session on paving the way to using Firebase within your enterprise for more ideas on how to manage user data:
If you have any further questions, don’t hesitate to reach out to our support team—we can’t offer legal advice, but we’ll do what we can to help you out with any specific questions or technical concerns.