Danish privacy watchdog Datatilsysnet has ruled that Danish cities need more privacy guarantees when using Google services that may expose children's data, BleepingComputer reports. The agency found that Google used student data from Chromebooks and Google Workplace for Education "for its own purposes," which is not allowed under European privacy laws.
Municipalities have until March 1 to explain how they plan to comply with the order to stop transferring data to Google, and starting August 1 will not be able to do so at all, which could mean phasing out Chromebooks entirely.
Regulators ruled that municipalities cannot send data to Google unless the law changes or Google provides a way to filter student information. According to their explanation, it is problematic for Google to use the data for purposes such as performance analysis or feature development, even if it does not include targeted advertising. For example, regulators could easily take issue with student data being used to develop and improve artificial intelligence features that are increasingly becoming part of Google Workspace and Chromebooks.
Datatilsysnet claims that cities actually do not conduct a thorough enough review of the risks of using Google Education Workplace before approving local schools to use it.
Stop the transfer of personal data to Google for a specific purpose, or obtain a clear legal basis for such transfer.
Analyze and document how personal data is processed before using tools such as Google Workspace.
Ensure that Google does not process any data received for non-compliance purposes.
In 2022, Datatilsysnet asked 53 municipalities to re-evaluate as a condition for lifting the previous ban on data sharing in Helsingør. The new order comes as they seek information about how Google uses student information it collects and where it sends that data.