Privacy Policy of Google DialogFlow? (GDPR)

Question

I was unable to find the answers on the dialogflow/google terms of use/privacy statement, so I ask here:

• Are all the Dialogflow API Servers located in the EU - i.e. do GDPR Rules apply here?
• is there a comprehensive information available which data and how it is processed within the DialogFlow API (wrt data protection)? (This would be needed in order to inform our users of our ChatBot about their data usage here... At least, we have to follow GDPR.)

Thanks!

Answer 1

Where the API servers are has no bearing on GDPR. What matters are where the users are that it is storing data about; if they may be in the EU, the GDPR applies, i.e. it probably does.

The applicable Dialogflow T&Cs seem to be here. It doesn't appear to list what dialogflow stores or processes specifically, but it says it incorporates Google's general API terms, which in turn link to Google's overall privacy policy, which should tell you what you need.

When dealing with any US-based company (such as Google) that may handle EU personal data, you should check that they are registered with the Privacy Shield scheme, which (not surprisingly) Google is. That should mean you're largely compliant (subject to what data you are collecting and on what grounds), but have a contingency plan for what happens if Privacy Shield collapses, which is entirely possible and fairly likely.