2022

Image credit: Pollitt & Partners 2015

For almost two decades Google has been proud to have a home in the UK. Today, we have more than 6,400 employees and last year we added nearly 700 new people. We also strengthened our commitment to the UK in 2021 with the laying of a new subsea cable — Grace Hopper — which runs between the United States and the UK.

Building on our long-term commitment to the UK, we are purchasing the Central Saint Giles development — the site many Googlers have long called home — for $1 billion. Based in London’s thriving West End, our investment in this striking Renzo Piano-designed development represents our continued confidence in the office as a place for in-person collaboration and connection.

Across all our UK sites, Google will have capacity for 10,000 employees, as we continue to commit to the UK’s growth and success. This includes our new King’s Cross development, which is currently under construction.

Investing in the future flexible workplace

We believe that the future of work is flexibility. Whilst the majority of our UK employees want to be on-site some of the time, they also want the flexibility of working from home a couple of days a week. Some of our people will want to be fully remote. Our future UK workplace has room for all of those possibilities.

Over the next few years, we’ll be embarking on a multi-million pound refurbishment of our offices within Central Saint Giles to ensure that they are best equipped to meet the needs of our future workplace.

We’ll be introducing new types of collaboration spaces for in-person teamwork, as well as creating more overall space to improve wellbeing. We’ll introduce team pods, which are flexible new space types that can be reconfigured in multiple ways, supporting focused work, collaboration or both, based on team needs. The new refurbishment will also feature outdoor covered working spaces to enable work in the fresh air.

Supporting digital growth across the UK

More than ever, technology is enabling people and businesses across the UK. In 2021, we achieved our target to help one million small British businesses stay open by helping them be found online.

It’s important that everyone is able to take advantage of the increasing innovation in the UK and grow skill sets to prepare for the jobs of the present and the future. Since we launched our Digital Garage programme in Leeds in 2015, we have provided free digital skills training to more than 700,000 people across the UK .

Thousands more UK jobseekers will also be helped to upgrade their digital skills in 2022 thanks to our expanded partnership with the Department for Work and Pensions (DWP). Nearly 10,000 job-seekers are able to gain access to free scholarships to earn a Google Careers Certificate in high-growth, high-demand career fields including IT support, data analysis, project management and UX design.

We’re optimistic about the potential of digital technology to drive an inclusive and sustainable future in the UK. We’re excited to be making this investment in January as a fitting way to start the new year.

The web has to work for users, advertisers, and publishers of all sizes — but users first. And with good reason: people are using the internet in larger numbers for more daily needs than ever. They don’t want privacy as an afterthought; they want privacy by design.

Understanding this is core to how we think about building Google Analytics, a set of everyday tools that help organizations in the commercial, public, and nonprofit sectors understand how visitors use their sites and apps — but never by identifying individuals or tracking them across sites or apps.

Because some of these organizations lately have faced questions about whether an analytics service can be compatible with user privacy and the rules for international transfers of personal data, we wanted to explain what Google Analytics does, and just as important, what it does not do.

Fact: Google Analytics is a service used by organizations to understand how their sites and apps are used, so that they can make them work better. It does not track people or profile people across the internet.

• Google Analytics cannot be used to track people across the web or apps. It does not create user profiles.
• Google Analytics helps owners of apps and websites understand how their users are engaging with their sites and apps (and only their site or app). For example, it can help them understand which sections of an online newspaper have the most readers, or how often shopping carts are abandoned for an online store. This is what helps them improve the experience for their customers by better understanding what’s working or not working.
• This kind of information also includes things like the type of device or browser used; how long, on average, visitors spend on their site or app; or roughly where in the world their visitors are coming from. These data points are never used to identify the visitor or anyone else in Google Analytics.

Google Analytics customers are prohibited from uploading information that could be used by Google to identify a person. We provide our customers with data deletion tools to help them promptly remove data from our servers if they inadvertently do so.

Fact: Organizations control the data they collect using Google Analytics.

• Organizations use Google Analytics because they choose to do so. They, not Google, control what data is collected and how it is used.
• They retain ownership of the data they collect using Google Analytics, and Google only stores and processes this data per their instructions — for example, to provide them with reports about how visitors use their sites and apps.
• These organizations can, separately, elect to share their Analytics data with Google for one of a few specific purposes, including technical support, benchmarking, and sales support.
• Organizations must take explicit action to allow Google to use their analytics data to improve or create new products and services. Such settings are entirely optional and require explicit opt-in.

Fact: Google Analytics helps customers with compliance by providing them with a range of controls and resources.

• When organizations use Google Analytics to collect data from their websites or apps, they control that data. For example, they:
  • Can enable IP Anonymization (or IP masking) on their websites, meaning that full IP addresses are never processed or logged.
  • Have the ability to partially or completely disable data collection on certain pages.
  • Can select how long user-level and event-level data is stored by Analytics before it’s scheduled for automatic deletion from the Analytics account and Google’s servers.
  • Can delete data from the Analytics servers by submitting a request for its removal — including the ability to delete a single user’s data from their Analytics account via the User Deletion API, the User Explorer report, or the User Exploration technique.

Fact: Google Analytics helps put usersin control of their data.

• Google makes products and features that are secure by default, private by design, and put users in control. That’s why we have long offered a browser add-on that enables users to disable measurement by Google Analytics on any site they visit.
• Along with providing strong default protections, we aim to give people accessible, intuitive and useful controls so they can make choices that are right for them. For example, visitors can choose if and how Analytics cookies are used by websites they visit, or block all cookies on all or some websites.
• In addition, organizations are required to give visitors proper notice about the implementations and features of Google Analytics that they use, and whether this data can be connected to other data they have about them.
• These customers are also required to obtain consent from users for each visit, as required by applicable laws in their country.

Fact: Google Analytics cannot be used to show advertisements to people based on sensitive information like health, ethnicity, sexual orientation, etc.

• Google Analytics does not serve ads at all. It is a web and app analytics tool. (You can read all about it here.)
• Some organizations do use insights they’ve garnered via Google Analytics about their own sites and apps to inform their own advertising campaigns.
• If a business also uses Google’s advertising platforms, it’s strictly required to follow Google’s advertising guidelines preventing the use of sensitive information to personalize ads — like health, race, religion, or sexual orientation. We never allow sensitive information to be used for personalized advertising. It’s simply off limits.

Fact: An organization’s Google Analytics data can only be transferred when specific and rigorous privacy conditions are met.

• Google Analytics operates data centers globally, including in the United States, to maximize service speed and reliability. Before data is transferred to any servers in the United States, it is collected in local servers, where users’ IP addresses are anonymized (when the feature is enabled by customers).
• The GDPR and European Court of Justice say that data can be transferred outside of the European Union for just this sort of reason, provided conditions are met.
• In order to meet those conditions, we apply numerous measures, including:
  • Using data transfer agreements like EU Standard Contractual Clauses, which have been affirmed as a valid mechanism for transferring data to the United States, together with additional safeguards that keep data secure: industry-leading data encryption, physical security in our data centers and robust policies for handling government requests for user information.
  • Maintaining widely recognized, internationally accepted independent security standards like ISO 27001, which provides independent accreditation of our systems, applications, people, technology, processes and data centers.
  • Offering website owners a wide range of controls that they can use to keep their website visitors’ data safe and secure.
• Our infrastructure and encryption is designed to protect data, and safeguard it from any government access.

And we use robust technical measures (such as Application Layer Transport Security and HTTPS encryption) to protect against interception in transit within Google’s infrastructure, between data centers, and between users and websites, including surveillance attempts by government authorities around the world.

We welcomed the opportunity to participate in the White House Open Source Software Security Summit today, building on our work with the Administration to strengthen America’s collective cybersecurity through critical areas like open source software.

Industries and governments have been making strides to tackle the frequent security issues that plague legacy, proprietary software. The recent log4j open source software vulnerability shows that we need the same attention and commitment to safeguarding open source tools, which are just as critical.

Open source software code is available to the public, free for anyone to use, modify, or inspect. Because it is freely available, open source facilitates collaborative innovation and the development of new technologies to help solve shared problems. That’s why many aspects of critical infrastructure and national security systems incorporate it. But there’s no official resource allocation and few formal requirements or standards for maintaining the security of that critical code. In fact, most of the work to maintain and enhance the security of open source, including fixing known vulnerabilities, is done on an ad hoc, volunteer basis.

For too long, the software community has taken comfort in the assumption that open source software is generally secure due to its transparency and the assumption that “many eyes” were watching to detect and resolve problems. But in fact, while some projects do have many eyes on them, others have few or none at all.

At Google, we’ve been working to raise awareness of the state of open source security. We’ve invested millions in developing frameworks and new protective tools. We’ve also contributed financial resources to groups and individuals working on securing foundational open source projects like Linux. Just last year, as part of our $10 billion commitment to advancing cybersecurity, we pledged to expand the application of our Supply chain Levels for Software Artifacts (SLSA or “Salsa”) framework to protect key open source components. That includes $100 million to support independent organizations, like the Open Source Security Foundation (OpenSSF), that manage open source security priorities and help fix vulnerabilities.

But we know more work is needed across the ecosystem to create new models for maintaining and securing open source software. During today’s meeting, we shared a series of proposals for how to do this:

Identifying critical projects

We need a public-private partnership to identify a list of critical open source projects — with criticality determined based on the influence and importance of a project — to help prioritize and allocate resources for the most essential security assessments and improvements.

Longer term, we need new ways of identifying software that might pose a systemic risk — based on how it will be integrated into critical projects — so that we can anticipate the level of security required and provide appropriate resourcing.

Establishing security, maintenance & testing baselines

Growing reliance on open source means that it’s time for industry and government to come together to establish baseline standards for security, maintenance, provenance, and testing — to ensure national infrastructure and other important systems can rely on open source projects. These standards should be developed through a collaborative process, with an emphasis on frequent updates, continuous testing, and verified integrity.

Fortunately, the software community is off to a running start. Organizations like the OpenSSF are already working across industry to create these standards (including supporting efforts like our SLSA framework).

Increasing public and private support

Many leading companies and organizations don’t recognize how many parts of their critical infrastructure depend on open source. That’s why it’s essential that we see more public and private investment in keeping that ecosystem healthy and secure. In the discussion today, we proposed setting up an organization to serve as a marketplace for open source maintenance, matching volunteers from companies with the critical projects that most need support. Google stands ready to contribute resources to this effort.

Given the importance of digital infrastructure in our lives, it’s time to start thinking of it in the same way we do our physical infrastructure. Open source software is a connective tissue for much of the online world — it deserves the same focus and funding we give to our roads and bridges. Today’s meeting at the White House was both a recognition of the challenge and an important first step towards addressing it. We applaud the efforts of the National Security Council, the Office of the National Cyber Director, and DHS CISA in leading a concerted response to cybersecurity challenges and we look forward to continuing to do our part to support that work.

Welcome to the latest edition of “My Path to Google,” where we talk to Googlers, interns and alumni about how they got to Google, what their roles are like and even some tips on how to prepare for interviews.

Today’s post is all about Chai Madan, a Google Cloud consultant in our Singapore office, who is passionate about making a difference through her work.

What do you do at Google?

As a Google Cloud consultant in Singapore, I work on infrastructure and security projects with some of Google Cloud’s customers in Southeast Asia. I love partnering with enthusiastic customers who want to change the world through their business, and seeing the impact of our work on everyday life — from booking a cab here in Singapore to ordering gifts for my parents online. Cloud computing is making this possible, which is why I’m proud to do this work.

Can you tell us more about yourself?

I’m Malayalee and was raised in Dubai until I was 17 years old, when I moved to India to enroll in university. When I’m not working, I’m most likely having fun with friends and family, fitness training, listening to podcasts, exploring restaurants or traveling around the world (at least, before the pandemic).

Why were you interested in this role?

Throughout my career, I’ve gravitated towards new and exciting areas in the tech industry. This includes the cloud computing space, which is where most businesses around the world are heading. And now, in keeping with my personal mantra of “dream big and dare to fail,” I’m starting a new role on Google Cloud’s Digital Natives team, where I’ll help businesses with their digital transformation programs. I can’t wait to use my skills and experience to make an impact with those customers, and I’m excited for the challenge.

What’s your daily source of inspiration?

I’m inspired by the fact that I enjoy my work. Particularly, I enjoy seeing and experiencing our impact in action. Outside of my core role, I also like participating in our fun work events. Last year, my daughter joined me for Google’s virtual Take Your Child to Work Day and won prizes for designing her own Google Doodle and making a Google-themed snack at home.

What was your application and interview process like?

I applied directly on the Google Careers website and heard back from a recruiter shortly afterward, who asked to set up a phone call. I remember thinking “It’s just a first round with the recruiter,” so I didn’t prepare much — gee, was I in for a surprise! My recruiter knew the requirements for the role and conducted a mini interview. I was a little stunned, but she ultimately helped me see that I had what it took to succeed. I had never felt so supported during an interview before. I would encourage anyone interested in exploring roles at Google to apply without hesitation!

Any advice for aspiring Googlers?

Have a strategy, but be open to tweaking it along the way. You will make mistakes, but you can learn from them. Once your interview is scheduled, practice, practice, practice. Write things down and do mock interviews. And finally, don’t wait for a job description to be a 100% match. As long as you are passionate about the role and feel like you can get the hang of it, apply and make your mark!