After Denmark, the Netherlands and Germany also prohibit the use of Google services

A few days ago we shared here on the blog the news that in Denmark the decision was made to ban Chromebooks and the Google Workspace suite of productivity tools and software due to concerns or violations of the high European privacy standards set by GDPR.

According to the Danish Data Protection Authority, Google's cloud-based Workspace software suite "does not meet the requirements" of the European Union's GDPR data privacy regulations.

Related article:
Denmark bans Chromebooks and Workspace in schools on data privacy grounds

Google said it plans to fix the problems by August 2023, but educational institutions should not use the current versions of Google's email and cloud services.

“Helsingør Municipality has done a wonderful and competent job of mapping how personal data is used in primary school, but it also highlights data protection legal issues that can be linked to big tech companies' methods of resolving privacy. homework," he said. Allan Frank, IT security specialist and lawyer at the Danish Data Protection Authority.

And the reason for mentioning this is that now this decision follows similar decisions of the Dutch and German authorities. To be more specific, it has been decided that German schools should not use cloud offerings such as Office 365, G Suite and iCloud due to privacy violations.

The Hessian Commissioner for Data Protection and Freedom of Information has issued a statement that, given the lack of transparency in data protection and possible access by third parties, no personal data of schoolchildren may be stored in German archives alone. on servers of Microsoft, Google or Apple outside of Germany.

In addition, Dutch schools and universities must stop using Google email and cloud services due to privacy issues. According to the Dutch Personal Data Authority, educational institutions do not know how and where the personal data of pupils and students is processed and stored. Consequently, the treatment of the information would be “illegal”.

The problems facing government institutions began with the invalidation of the Privacy Shield in 2020.

Privacy Shield was a data transfer agreement between the United States and the European Union and was intended to make data transfers between the two legally possible. However, the agreement was declared invalid by the Court of Justice of the European Union in 2020 due to confidentiality issues.

a major problem that the Court of the EU is that the data of foreigners is not protected in the United States. The protections that exist, although limited, only apply to US citizens. The NSA can gain full access to all non-US citizen data from US companies at any time.

Furthermore, non-US data subjects do not have enforceable rights in court against US authorities, which violates the "essence" of certain fundamental EU rights, the Court of Justice found. Justice of the European Union.

After the invalidation of the Privacy Shield, US cloud services resorted to data processing agreements with their European customers. However, this practice is highly questioned by data privacy experts, especially in terms of its legality. The statement issued by the Danish Data Protection Authority proves this once again. The authority denounces, among other things, that:

"The data processing contract stipulates that the information may be transferred to third countries in situations of assistance without the required level of security."

In addition, Google's illegality in Europe came about after that privacy watchdogs data in France, Italy and Austria ruled that it was illegal that European websites used Google Analytics to track visitors due to a breach of European data privacy rules. Here too, the problem is that the personal data is transferred to the United States for processing without the consent of website visitors.

Finally, it is worth mentioning that the making of these decisions revives the debate on the possibilities offered by Linux and open source for needs, but also puts others like Microsoft, who has already postulated with some solutions, at the forefront.


Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.