London: Concerned at the potential misuse of students’ data, Denmark’s data protection authority has ordered schools to stop sending students’ data to Google, via the use of Chromebooks and Google Workspace services.
The regulator Datatilsynet issued an injunction to 53 municipalities, ordering them to no longer pass on students’ personal data to Google.
The matter was brought to the agency’s attention around four years ago by a concerned parent and activist, Jesper Graugaard.
Graugaard protested how student data is sent to Google without any consideration about the potential for misuse.
The Danish agency has now decided that the current methods of transferring personal data to Google do not have a legal basis for all disclosed purposes.
Municipalities have time until March 1 to declare precisely how they intend to comply with the regulator’s order and to fully align their data processing practices with the new requirements by August 1.
Google was yet to comment on the Danish agency’s order. “Most IT standard products today have a very complex contractual basis, which not only contains many options for variations in the processing of personal data, but also has a relatively high frequency of changes,” said Allan Frank, IT security and law specialist at the agency.
“This makes it more difficult than necessary for data-responsible companies and authorities to live up to GDPR, because it is easy to lose track of what is happening with data,” he said in a statement.
Municipalities have been ordered to cease the transfer of personal data to Google for specific purposes or obtain a clear legal basis for such transfers.
They are told to analyse and document how personal data is processed before using tools like Google Workspace, and ensure that Google refrains from processing any data it receives for non-compliant purposes. (IANS)