Approvals—are—managed—by—worklow—tools—that—maintain—audit—records—of—all— changes.—These—tools—control—both—the—modiication—of—authorization—settings— and the approval process to ensure consistent application of the approval policies. An employee’s authorization settings are used to control access to all resources, including data and systems for G Suite products. Support services are only provided to authorized customer administrators whose identities—have—been—veriied—in—several—ways.—Googler—access—is—monitored—We believe the public deserves and audited by our dedicated security, privacy, and internal audit teams. to know the full extent to For customer administrators which governments request Within customer organizations, administrative roles and privileges user information from Google. for—G—Suite—are—conigured—and—controlled—by—the—customer.—This—means—That’s—why—we—became—the—irst— that individual team members can manage certain services or perform company to start regularly speciic—administrative—functions—without—gaining—access—to—all—settings—and—publishing reports about data.—Integrated—audit—logs—ofer—a—detailed—history—of—administrative—actions,— helping customers monitor internal access to data and adherence to their government data requests. own policies. Law enforcement data requests The customer, as the data owner, is primarily responsible for responding to law enforcement data requests; however, like other technology and communications companies, Google may receive direct requests from governments and courts around the world about how a person has used the company’s services. We take measures to protect customers’ privacy and limit excessive requests while also meeting our legal obligations. Respect for the privacy and security of data you store with Google remains our priority as we comply with these legal requests. When we receive such a request, our team—reviews—the—request—to—make—sure—it—satisies—legal—requirements—and— Google’s policies. Generally speaking, for us to comply, the request must be made—in—writing,—signed—by—an—authorized—oicial—of—the—requesting—agency—and— issued under an appropriate law. If we believe a request is overly broad, we’ll seek to narrow it, and we push back often and when necessary. For example, in 2006 Google was the only major search company that refused a U.S. government request to hand over two months of user search queries. We objected to the subpoena, and eventually a court denied the government’s request. In some cases we receive a request for all information associated with a Google account, and we may ask the requesting agency to limit it to a speciic—product—or—service.—We—believe—the—public—deserves—to—know—the—full— extent to which governments request user information from Google. That’s—why—we—became—the—irst—company—to—start—regularly—publishing—reports— about government data requests. Detailed information about data requests and Google’s response to them is available in our Transparency Report . It is Google’s policy to notify customers about requests for their data unless 13