What you need to know
- Google Chromebooks and Workspace products reportedly face a ban in Denmark.
- It's been determined that these services don't meet GDRP requirements over data processing.
- The ban is imposed, citing data concerns effective immediately.
Thanks to their affordable pricing, Chromebooks are go-to notebooks for students and educational purposes. The other feature that sets apart these Chromebooks is the suite of Google Workspace apps that help users get work done. Unfortunately, both have been under scrutiny and reportedly face a ban from Denmark's Data Protection Agency.
The move comes after severe criticism from the Helsingør municipality, a city in Denmark, against Chromebooks and the use of Google Workspace for education purposes, reports TechCrunch. This is a follow-up from last year, wherein Helsingør Municipality reportedly notified the Danish data protection agency of a breach of personal data security. Later, the municipality was ordered to dig into how Google processes personal data.
This ultimately led to the decision to ban Chromebooks and Google services like Gmail, Google Docs, and Drive, all of which come under the search giant's Workspace suite. The verdict finds that these services "don't meet the requirements of European Union's GDPR data privacy regulations."
"Helsingør Municipality has done a great and skilled work to map how personal data is used in primary school, but it also sheds light on the data protection law problems that may be with the big tech companies' ways of solving the task," says Allan Frank, IT security specialist and lawyer at the Danish Data Protection Agency (via translation).
The concern here revolves around the users' data processing, including data from Google products like Chromebooks and its suite of apps. Seemingly, the personal data of users is allegedly being transferred to third countries without the necessary level of protection, the Helsingør Municipality study suggests.
Thus, the agency decided to impose a ban "until adequate documentation and impact assessment has been carried out and until the treatments have been brought into line with the Regulation."
While the ban has been imposed across Helsingør municipality at the moment, the data protection agency advises other cities across Denmark to follow the same. Meanwhile, Helsingør has until August 3 to remove the data.
Amidst the ban taking effect, a Google Spokesperson has told TechCrunch:
"We know that students and schools expect the technology they use to be legally compliant, responsible, and safe. That's why for years, Google has invested in privacy best practices and diligent risk assessments and made our documentation widely available so anyone can see how we help organizations comply with the GDPR."
"Schools own their own data. We only process their data in accordance with our contracts with them. In Workspace for Education, students' data is never used for advertising or other commercial purposes. Independent organizations have audited our services, and we keep our practices under constant review to maintain the highest possible standards of safety and compliance."
The statement from Google's spokesperson sounds affirmative, to say the least. Earlier this year, the company announced that it would give organizations in the EU more control over how data is handled, which it plans to enable later this year. However, it seems the company may need to accelerate its plans to avoid any further problems.
