People in Saudi Arabia have the right to protect their personal data and information from the prying eyes of the
government. Against a backdrop of Saudi Arabia’s ongoing human rights abuses
, citizens are now facing further human rights risks with Google’s plans of establishing a Cloud region in the country.
In December 2020, Google announced
it will be expanding and opening a cloud center in the Kingdom. Access Now, along with 39 organizations & individuals are urging Google to immediately halt these plans until it outlines clear steps for how it intends to
mitigate adverse human rights impacts.
“Establishing a Google Cloud in Saudi Arabia — a state with an atrocious track record of human rights abuses — is a
dangerous plan,” said Marwa Fatafta, MENA Policy Manager at Access Now. “Ripe for exploitation, Google is handing over personal data directly into the palms of a brutal regime who has spared
no effort to oppress and spy on its citizens.”
On January 26, 2021
, Access Now and the Canadian Internet Policy and Public Interest Clinic (CIPPIC) raised the alarm, and requested information from Google
on the due diligence process it has carried out. In its reply
, Google reiterated its commitment to human rights, stating that “an independent human rights assessment was conducted
for the Google Cloud Region in Saudi Arabia,” taking all necessary steps to address matters that the groups raised.
Google did not, however, specify what those steps were or whether consultations were held with potentially affected
With Saudi Arabia’s human rights track record, Google should uphold its human rights commitments by:Conducting a robust, thorough human rights due diligence process, and publishing a summary of findings, including steps
it is taking to mitigate risks of adverse human rights impacts;Drawing red lines around what types of government requests concerning Cloud regions it will not comply with because they
are inconsistent with human rights norms;Insulating staff from extra-legal pressure to exceed their authorized access procedures and policies;Preventing or mitigating risks of adverse human rights impacts and clearly communicating steps it is taking to this end
before implementing plans to build cloud regions in other countries; andDeveloping baseline standards for where to host cloud services that take into account Google’s human rights
responsibilities to guide expansion into new countries.
The government of Saudi Arabia has a long history of silencing activists, human and women’s rights defenders
, and journalists
, and violating the basic rights of its citizens through extrajudicial killings, detention and torture, and the use of spyware
to track and censor. This disturbing new step by Google raises more concerns with fears that this cloud center could
leverage more power to the government of Saudi Arabia in further facilitating human rights abuses.
Google and other cloud service providers — including Microsoft
, who has operated in Saudi Arabian cloud centers since 2018, and Amazon Web Services (AWS)
, who opened its first cloud center in the region in Bahrain in 2019 — have a responsibility to protect people’s data as
they expand their global cloud footprints, especially in countries where they are already at risk. It is crucial that
these companies consult with human rights organizations and potentially impacted communities in order to develop
baseline standards that elevate their human rights responsibilities. When expanding into new countries, Big Tech must
implement the highest standards of security around user data, draw red lines around what types of government requests
they will not comply with, and be prepared to push back against those that are inconsistent with human rights norms.