0

A customer I am working with wants to use Google Speech API for transcribing audio but there are compliance concerns.

I know that you can upload files directly or have the API access files in Google Cloud Storage. For either of these methods is anyone familiar with how they interact with the data compliance laws in Canada?

For instance if the audio files are uploaded to a Cloud Storage bucket at the Montreal datacenter and we make an API call on it does the file ever leave that datacenter?

Thanks in advance for any insights!

Luke Pattison
  • 51
  • 1
  • 3

1 Answers1

1

Stack Overflow is not a great place to get a legal opinion, but is there a particular standard for compliance that they require? Google Cloud has a number of international data compliance certifications, one of which might be the one your customer requires. Talk to your customer and see what they need, and take a look at Google Cloud's list of standards that they are compliant with to see if it meets those needs: https://cloud.google.com/security/compliance

For example, the Cloud Speech API is compliant with ISO 27018, an international standard for cloud service privacy. Is that sufficient for your customer? You'll need to ask them.

Brandon Yarbrough
  • 37,021
  • 23
  • 116
  • 145
  • Thanks for the insight Brandon! You are right and I think I may have worded my question poorly to begin with. I was actually wondering from an architectural perspective if I make a call to Speech API to transcribe an audio file that is stored in a Cloud Storage bucket located in the Montreal datacenter, does the audio file ever actually leave that datacenter? That is where the rub would be for the client since their data isn't allowed to physically leave the country. – Luke Pattison Feb 13 '18 at 16:37