Google has notoriously been a consumer and a provider of data through its proprietary search technology. In fact, they have even violated EU laws on many occasions and are still under scrutiny for outstanding cases. Also, they have even been under scrutiny for violations of privacy laws with patient health records at the DeepMind-NHS collaboration. Why then should we assume that Google Cloud is GDPR compliant when they cannot keep their own storage and processing of data in check? Who is to say that anything that Google Cloud Customers store and process would not necessarily get leaked into other parts of Google Services like Search. Just to make a 'right to be forgotten' request or to request an update to an outdated data on Google can take an eternity in some cases. In fact, image search is one such service that has outdated cached index of links of images which don't even exist for many people at the source anymore. But, who is to say that maintaining outdated image links is not really an issue but a feature to assist in their third-party initiatives in building computer vision datasets and models. One has to be weary of cloud providers who claim to be GDPR compliant while violating such mandates across their own systems of accurately storing and processing data within the bounds of consent.
