Denmark is banning Google’s services in schools after officials in the municipality of Helsingør carried out a risk assessment around the processing of user data by Google.
In a verdict, Denmark’s data protection agency revealed that data processing involving students using Google’s cloud-based Workspace tools like Gmail, Google Docs, Calendar, and Google Drive “does not meet the requirements” of Europe’s GDPR data privacy laws. The data protection agency named Datatilsynet found out that Google’s term and conditions seemingly allow for data to be transferred to other countries for the purpose of providing support, even though the data is ordinarily stored in one of Google’s EU data centers.
Google Chromebooks and Workspace tools are used in schools across Denmark. The authority, however, only focused on the Helsingør municipality after the municipality reported a “breach of personal data security back in 2020,” a report in TechCrunch states. Datatilsynet also said that the conclusions that it reached in Helsingør will also apply to other municipalitites where there is usage of Chromebooks and Google Workspace in schools. The ban is effective immediately, but Helsingør has till August 3 to delete user data.
A Google spokesperson, in response to a query from TechCrunch, said, “We know that students and schools expect the technology they use to be legally compliant, responsible, and safe. That’s why for years, Google has invested in privacy best practices and diligent risk assessments, and made our documentation widely available so anyone can see how we help organisations to comply with the GDPR.”