The Danish data protection authority, Datatilsynet, issues an order to stop the transfer of student data from schools to Google through the use of Chromebooks and Google Workspace services. The decision comes after a four-year investigation prompted by concerns from parents and activists.
53 municipalities across Denmark are required to change their data processing practices. They must stop transferring personal data to Google for specific purposes or find a clear legal basis for such transfers, and analyze and document how personal data is processed before using tools such as Google Workspace.
The decision does not include an outright ban on the use of Chromebooks, which are widely used in Danish schools, but imposes significant restrictions on the sharing of personal data with Google. Municipalities have until 1 March 2024 to announce their plans to comply with Datatilsynet’s order and until 1 August 2024 to fully align their data processing practices with the new requirements.
The decision was received positively in Denmark and beyond, although many pointed to the excessively long time it took for the decision to be made. It also noted that the practices criticized in the agency’s report had been in place for at least a decade and could have resulted in fines or other corrective measures for those responsible.