Danish privacy regulator Datatilsysnet has ruled that cities in Denmark need considerably more assurances about privacy to use Google service that may expose children’s data, reports BleepingComputer. The agency found (translated) that Google uses student data from Chromebooks and Google Workplace for Education “for its own purposes,” which isn’t allowed under European privacy law.
Municipalities will need to explain by March 1st how they plan to comply with the order to stop transferring data to Google, and won’t be able to do so at all starting August 1st, which could mean phasing out Chromebooks entirely.
The regulator ruled that municipalities aren’t allowed to send Google data unless the laws change or Google provides a way to filter students’ information out. Google using it for purposes like performance analytics or feature development is a problem under their interpretations, even if it doesn’t include targeted advertising. For instance, it’s easy to see how regulators might take issue with student data being used to develop and improve AI features, which are increasingly part of Google Workspace and Chromebooks.
Datatilsysnet says that cities hadn’t actually done a thorough enough job of vetting the risk of using Google Workplace for Education before they approved their use by local schools. In 2022, it required 53 municipalities to re-do their assessments as a condition for rescinding a previous data-sharing ban for the city of Helsingør. As part of the process, they needed to get information on how Google used the student information it collected and where it sent that data, leading to the new order.