The Danish privacy regulator Datatilsysnet has ruled that Danish cities need significantly more privacy guarantees to use Google services that may disclose children’s data, BleepingComputer reports citing the decision.
The agency found that Google was using student data from Chromebooks and Google Workplace for Education “for its own purposes,” which is a gross violation of European privacy law. By March 1, municipalities (read: city authorities) must provide a clear explanation of what measures they plan to implement to comply with the order to stop transferring data to Google. Otherwise, starting August 1, educators will have to completely stop using Chromebooks.
The regulator has ruled that municipalities are not allowed to send data to Google until the laws change or Google provides a way to filter student information. Google’s wording regarding the use of data for purposes such as analyzing performance or developing new features is a problem, in their view, even if targeted advertising is not included. It is likely that regulators see risks in using student data to develop and improve artificial intelligence features that are increasingly becoming part of Google Workspace and Chromebooks.
Earlier, Datatilsysnet concluded that the permission to use Google Workspace for Education in local schools was issued prematurely, and that cities had actually paid too little attention to risk assessment. In 2022, the commission required 53 municipalities to re-evaluate in order to lift the previous ban on data sharing for the city of Helsingor. One of the requirements of the “recertification” process, which resulted in a new order with a potential ban, was to provide information on how Google uses the collected information about students and where it sends this data.
