Danish privacy regulator Datatilsysnet has ruled that cities in Denmark need significantly more privacy guarantees to use the Google service that could expose children's data, reports BeepComputer. The agency find (translated) that Google uses student data from Chromebooks and Google Workplace for Education “for its own purposes,” which is not permitted under European privacy law.
Municipalities will have to explain by March 1 how they intend to comply with the order to stop the transfer of data to Google, and will no longer be able to do so at all from August 1, which could involve complete deletion Chromebooks.
The regulator ruled that municipalities are not allowed to send data to Google unless laws change or Google provides a way to filter student information. Google using it for purposes like performance analysis or feature development is a problem according to their interpretations, even if it doesn't include targeted advertising. For example, it's easy to see how regulators could challenge the use of student data to develop and improve AI features, which are increasingly part of Google Workspace and Chromebooks.
Datatilsysnet claims that cities did not do a thorough enough job assessing the risks of using Google Workplace for Education before approving its use by local schools. In 2022, he required 53 municipalities to redo their assessments as a condition for Cancel a previous ban on data sharing for the town of Helsingor. As part of the process, they needed to obtain information about how Google used collected student information and where it sent that data, leading to the new order.