EU Data Protection Directive The Article 29 Working Party is an independent European advisory body focused on data protection and privacy. They have provided guidance on how to meet European data privacy requirements when engaging with cloud computing providers. Google provides capabilities and contractual commitments created to meet data protection recommendations provided by the Article 29 Working Party. EU model contract clauses In 2010, the European Commission approved model contract clauses as a means of compliance—with—the—requirements—of—the—Directive.—The—efect—of—this—decision—is—that—by— incorporating—certain—provisions—into—a—contract,—personal—data—can—low—from—those—subject— to the Directive to providers outside the EU or the European Economic Area. Google has a broad customer base in Europe. By adopting EU model contract clauses,—we’re—ofering— customers an additional option for compliance with the Directive. U.S. Health Insurance Portability and Accountability Act (HIPAA) G Suite supports our customers’ compliance with the U.S. Health Insurance Portability and Accountability—Act—”HIPAA),—which—governs—the—conidentiality—and—privacy—of—protected—health— information (PHI). Customers who are subject to HIPAA and wish to use G Suite with PHI must sign a business associate agreement (BAA) with Google. The BAA covers Gmail, Google Calendar, Google Drive, Google Sites and Google Vault. Additional information can be found in our HIPAA Implementation Guide. U.S. Family Educational Rights and Privacy Act (FERPA) More than 30 million students rely on G Suite for Education. G Suite for Education services comply with FERPA (Family Educational Rights and Privacy Act) and our commitment to do so is included in our agreements. Children’s Online Privacy Protection Act of 1998 (COPPA) Protecting children online is important to us. We contractually require G Suite for Education schools to obtain parental consent that COPPA calls for to use our services, and our services can be used in compliance with COPPA. 15