Denmark is banning Chromebooks in schools after Helsingør municipality officials were ordered to undergo a data risk assessment regarding how Google handles personal information.
Datatilsynet, Denmark’s data protection agency, issued a verdict last week that Google’s cloud-based workspace fails to comply with European Union GDPR data privacy regulations. Why? The investigation found that Google is transferring data from servers based in Europe to US servers, which is against GDPR security and privacy standards.
The decision is currently specific to Helsingør; the municipality has until August 3 to get rid of Chromebooks and Google Workspace, as well as its students. However, due to the Datatilsynet report indicating that there was a personal data breach in 2020, the protection agency noted that the decision would most likely apply to other municipalities in the future.
Why does this happen?
The main cause of this is the old EU-US Privacy Shield, which controlled how data was shared between the US and the EU. With no regulations currently in place, this makes EU users vulnerable to less stringent data regulations from the US, which is less concerned about anonymizing personal data.
Interestingly, data transfers between the United States and Europe have been considered illegal since a previous decision, the “Schrems II case” in 2020, which nullified the existing agreement between the United States and the EU on the Privacy Shield as it did not meet GDPR standards. These announcements and decisions follow a trend of European countries, such as Italy, France and Austria, determining that websites using Google Analytics have violated European data privacy rules.
A Google spokesperson recently told TechCrunch the following:
“Schools own their own data. We only process their data in accordance with our contracts with them. In Workspace for Education, student data is never used for advertising or other commercial purposes. Organizations have audited our services and we keep our practices under constant review to maintain the highest possible security and compliance standards.”
It’s gibberish for “no harm, no foul” and doesn’t solve the problem.
It’s not just Google
Recently, Ireland’s DPC (Data Protection Commission) investigated how Meta, Facebook’s parent company, transfers data between Europe and the United States, possibly impacting users of WhatsApp and Facebook. Instagram.
As EU countries fight to protect citizens’ data, US residents are wondering how much of their personal information is being used.
As a tech reviewer, Chromebooks have always held less appeal to me than PCs and Macs. When you add that many EU countries are putting their legal foot on Google’s neck due to data security issues, what’s the point of buying one?
Chrome OS devices are great for checking email, watching YouTube, and diving into Google’s suite of productivity apps (e.g. Docs, Sheets, and Slides), however, you can’t play serious games, video editing or photo editing. As such, Google’s widespread security and privacy concerns further weaken the case for buying a Chromebook.
Sure, Chromebooks are more affordable, but so was my used car, which turned out to be totally useless and dangerous to drive. Finally, one of the biggest flaws of Chrome OS is the Google Play Store, which is full of rogue and malware-infested apps used for data mining, stealing personal information and stealing money.
Google needs to take a cue from Apple and tighten its security vulnerabilities before consumers jump ship and seek out alternative operating systems. If you want to know what you can do to protect yourself, I suggest you consider setting up a VPN, or maybe even a double VPN, which one of our contributors recently wrote about. Stay vigilant my friends!