Google Gemini compliance: GDPR, AI Act, DPA, training, transfers

TL;DR. Three distinct surfaces buyers conflate: Gemini Enterprise / Vertex AI (contractually no training, ZDR available, broad cert portfolio); AI Studio at ai.google.dev (free-tier API; less protective defaults); consumer Gemini at gemini.google.com and embedded in Workspace (training enabled by default unless disabled). EU residency is configurable per-call on Vertex AI — easy to leak. Google Cloud has the broadest compliance certification portfolio of any major LLM provider.

DPO action: lock down which Gemini surface your staff actually use; configure region pinning at the SDK level (not project level); review Workspace Gemini Apps Activity setting at tenant scope.

What the tool does

Google ships Gemini in three places that buyers commonly conflate:

1. Gemini Enterprise / Vertex AI (rebranded "Gemini Enterprise Agent Platform" at Google Cloud Next 2026) — the enterprise platform for building, deploying, and governing AI agents grounded in your own data. Sits inside Google Cloud, billed via GCP, governed by Google's Cloud DPA.
2. Gemini API via AI Studio at ai.google.dev — developer-facing free / paid tier for prototyping. Different terms from Vertex AI.
3. Gemini consumer surfaces — the standalone chat at gemini.google.com and the embedded Gemini features inside Google Workspace (Gmail, Docs, Slides, Sheets, Meet). For most enterprise buyers using Workspace, this is the most-touched surface.

Compliance defaults differ across all three. Most enterprise procurement should be looking at Gemini Enterprise / Vertex AI; AI Studio is fine for prototyping but is not the enterprise contracting surface.

Data processed

• Text and multimodal input (image, audio, video, PDF — Gemini is natively multimodal)
• Document content via Vertex AI grounding / RAG
• Prompts, function-call payloads, tool-use intermediates
• Embeddings (Vertex AI offers first-party embeddings)
• Optional grounding from Google Search (Vertex AI feature, off by default)
• For Workspace Gemini: any content the signed-in user has access to in Gmail, Drive, Calendar, etc.

Special-category likelihood: High in any free-form deployment. Gemini's multimodal nature means staff may upload images / scanned documents that contain Article 9 categories (medical scans, ID photos, etc.) without realising. UI controls and DPIA matter more than usual.

Default geographic processing: Vertex AI processing region is configurable (EU, US, multi-region). EU residency available but not the default — must be configured at the project / model-call level. Default in many quickstart paths is us-central1.

DPA availability

Google Cloud Data Processing Addendum (Cloud DPA) governs Vertex AI and Gemini Enterprise. Auto-incorporated into Google Cloud commercial agreements. Publicly available without a sales call.

• URL: https://cloud.google.com/terms/data-processing-addendum
• Includes SCCs and the UK International Data Transfer Addendum (UK Addendum)
• Updated regularly; check version date on each review

For AI Studio (Gemini API direct), the Google APIs Terms of Service apply and DPA coverage is more limited. Most enterprises should not be using AI Studio for production workloads.

For Workspace Gemini, the existing Google Workspace DPA applies — verify your Workspace tier covers the AI features you use.

Subprocessor list

Google Cloud publishes a subprocessor list applicable to all Google Cloud services including Vertex AI / Gemini Enterprise.

• URL: https://cloud.google.com/terms/subprocessors
• Updates announced via Google Cloud subprocessor email list (subscribable)
• Last updated date and added/removed entries are tracked in the document

For Gemini-specific data flows, the relevant subprocessors are largely Google's own subsidiaries plus standard infrastructure providers. Less third-party reliance than peers.

Training-on-customer-data position

Vertex AI / Gemini Enterprise: Customer data is not used to train Google's AI/ML models without prior permission or instruction. Google's Service Specific Terms Section 17 ("Training Restriction") makes this an explicit contractual commitment for Cloud customers.

Vertex AI Zero Data Retention (ZDR): Available for Generative AI on Vertex AI. When enabled, prompts and responses are not retained at all (beyond the immediate request lifecycle). Configurable per project / model.

AI Studio / ai.google.dev free tier: Training defaults are less protective. Free-tier API requests have historically been used to improve Google's models. Confirm current free-tier policy on review — Google has shifted defaults over the past 18 months.

Gemini consumer (gemini.google.com) and Workspace Gemini: Conversations may be used to improve Google's products (with human reviewers seeing samples of conversations) unless training is disabled. The relevant admin control sits in the Workspace admin console under "Control Workspace Intelligence for generative AI features" (renamed from the older "Gemini Apps Activity" label). Workspace admin docs state explicitly: "Your content is not human reviewed or used for Generative AI model training outside your domain without permission." Many admins have not actively reviewed this control.

The enterprise no-training story for Vertex AI is solid and contractual. The free-tier API and consumer-chat defaults are not. The biggest unmanaged risk is staff using gemini.google.com on personal Google accounts, sometimes signed in as their work identity if Workspace is configured permissively. — My read

EU / UK transfer position

Google Cloud DPA relies on Standard Contractual Clauses (SCCs) for EU transfers and incorporates the UK International Data Transfer Addendum for UK transfers.

EU-US Data Privacy Framework (DPF) certification: Google LLC and several Google entities are DPF-certified (active as of 2026-03 — same reauthorisation caveat as OpenAI and Anthropic).

EU data residency: Vertex AI offers EU regions (europe-west1, europe-west4, others). Configuration is per-call, not per-project by default — a DPIA must specify and verify region pinning. Multi-region configurations can route EU subjects' data outside the EU unless explicitly constrained.

Google's "Sovereign Cloud" partnerships (with T-Systems in Germany, others) offer additional EU data sovereignty options for highly regulated buyers. Out of scope for most SMEs but worth knowing about.

Security documentation

Google Cloud has the broadest certification portfolio of any major LLM provider:

• SOC 1 / 2 / 3 — yes, all
• ISO 9001, 27001, 27017, 27018, 27701 — yes
• ISO/IEC 42001:2023 — yes, accredited certification covers Google Cloud Platform, Google Workspace, and the Gemini App (the assessment was conducted by Coalfire, mapped against both ISO 42001 and the NIST AI Risk Management Framework)
• FedRAMP High — yes (US government)
• HIPAA BAA — available for qualifying customers
• PCI DSS — yes
• C5 (Germany), IRAP (Australia), MTCS (Singapore) — multiple regional certs

The breadth here is a real advantage in compliance audits. Standards coverage is rarely the gap with Google; the gap is configuration defaults.

AI Act role + risk classification

• Role: Google is a provider of general-purpose AI models (Gemini family). GPAI obligations under Articles 51-55 apply.
• Your role as a buyer: deployer, with deployer obligations.
• Risk tier: as with all GPAI, depends on the use case. Annex III triggers high-risk obligations regardless of the model. Vertex AI's enterprise governance features (Model Garden filtering, Safety filters, Vertex AI Model Monitoring) help evidence deployer due diligence — keep audit trails.

Google publishes AI Act readiness materials and a Model Card for Gemini family models.

DPIA prompts (for your use case)

1. Which Gemini surface are you actually deploying — Vertex AI, AI Studio, consumer chat, or Workspace Gemini? They have different DPAs, different training defaults, and different data residency stories. Get this on paper before anything else.
2. Have you configured EU data residency at the call level for any EU subject data? Default routing may be US-resident.
3. Have you applied for ZDR on Vertex AI Generative AI if your data sensitivity warrants it?
4. Have you mapped staff use of gemini.google.com and Workspace Gemini features? Personal Google accounts using consumer Gemini sit under consumer terms; this is the most-missed risk in Workspace-using SMEs. For Workspace tenants, confirm the "Control Workspace Intelligence for generative AI features" admin setting reflects your training-restriction stance.
5. AI Act Annex III applicability: if your use case touches recruitment, credit, education, law enforcement, migration, or justice, deployer high-risk obligations engage.
6. Multimodal input: are users uploading images/PDFs that may contain Article 9 special-category data? UI controls plus a DPIA covering this scenario.

Unresolved questions / red flags

• Three distinct surfaces with different defaults confuse procurement. Most "Gemini compliance" assertions in SME marketing material conflate them.
• EU residency is configurable, not default. Same problem as OpenAI; commonly missed.
• Free-tier AI Studio defaults shift periodically. Don't assume yesterday's read still holds — re-check on each profile refresh.
• Workspace Gemini training defaults track Workspace policy. Workspace Business / Enterprise admins can set training restrictions via the "Control Workspace Intelligence for generative AI features" admin control; many haven't actively reviewed it.
• Vertex AI's regional pinning happens at the SDK call level, not project level — a missed config in code can quietly route EU data to US.
• "Gemini Enterprise" rebrand from Vertex AI (Cloud Next 2026) is recent. Documentation is still being migrated; older URLs may break.

Related profiles

• OpenAI — same general-purpose LLM category, US-centric defaults
• Anthropic — same category, multi-cloud subprocessing

Sources checked

• Google Cloud Service Specific Terms Section 17 ("Training Restriction") — corroborated 2026-05-01
• Vertex AI ZDR documentation: https://docs.cloud.google.com/vertex-ai/generative-ai/docs/vertex-ai-zero-data-retention
• Google Cloud DPA: https://cloud.google.com/terms/data-processing-addendum
• Google Cloud subprocessor list: https://cloud.google.com/terms/subprocessors
• Cloud Next 2026 Gemini Enterprise Agent Platform announcement — multiple secondary sources 2026-05-01

For ongoing AI compliance support, work with Janus DPO-as-a-Service. For other vendors, browse the full index.