It seems like the person you're responding to has a problem with them selling their data in real-time to 3rd parties, rather than just any Google employee knowing where they are heading.
Yes that’s the specific issue. We didn’t fear specifically they could read our data; the key management systems available appeared sufficient at some level (although the gcp audit system had some issues, particularly access audit is available as a IAM decision log rather than point of use, so any access bypassing IAM or that failed in the service but succeeded in an IAM call would appear a positive access, etc - aws does the right thing here). More of concern is they appeared more than happy to harvest utilization information for the profit of others, and in our business that was a potentially serious side channel.
Surely they can. Who would be locking them out? Another google employee. So the useful questions are which google employees can look up people's locations, and through what process?
Some people need to be able to do that as part of their job. Either directly for some good reason, or indirectly (they are a DB admin). The question is what controls they have to ensure only those people can look such things up and that they don't abuse those rights.
that's completely different. Can an accountant or marketing person look up a persons location vs can any developer vs can any map developer vs specific people with proper access controls
From what I've heard that type of information is only held on a special higher-security "logs" cluster and the code accessing that data is subject to additional review by Google's privacy division before it is allowed access to the data. I think there may be special ways to manually access some of that data, but even requesting that capability would automatically trigger an audit after the fact.
