Denmark bans Gmail and Co from schools due to privacy concerns.

Denmark’s data protection authority follows Dutch and German authorities by raising concerns about Google's GDPR compliance.

2022-07-26
Stop using Google; alternatives like Tutanota fully comply with the GDPR and protect user privacy.
Danish schools must stop using Google's email and cloud services due to concerns or violating the high European privacy standards defined by the GDPR. According to Denmark’s data protection authority, Google’s cloud-based Workspace software suite "does not meet the requirements" of the European Union's GDPR data privacy regulations.
SIGN UP

Google's email and cloud "does not meet requirements"

Pupil's privacy must be protected

In a statement published mid July, the Danish data protection agency expresses "serious criticism and bans ... the use of Google Workspace".

Based on a risk assessment for the Helsingør Municipality, the data protection authority concluded that the processing of personal data of pupils does not meet the requirements of the GDPR and must, therefor, stop.

The ban is effective immediately. Helsingør has until August 3 to delete pupil's data and start using an alternative cloud solution.

"Helsingør Municipality has done a great and skilled job to map how personal data is used in the primary school, but it also highlights the data protection legal problems that can be with the big tech companies' ways of solving the task," says Allan Frank, who is an IT security specialist and lawyer at the Danish Data Protection Authority.

Privacy Shield invalidated

This decision follows similar decisions by Dutch and German authorities.

The issues that governmental institutions see themselves faced with has started with the invalidation of Privacy Shield back in 2020.

Privacy Shield has been a data transferring agreement between the USA and the European Union and was supposed to make data transfers between the two legally possible. However, the agreement has been declared invalid by the European Court of Justice (ECJ) in 2020 due to privacy concerns.

One major problem that the EU court pointed out is that data of foreigners is not protected in the USA. The protections that are there - even if limited - only apply to US citizens. The NSA can get full access to any and all data of non-US citizens from US companies at any time. In addition, non-US data subjects have no actionable rights before the courts against the US authorities, which violates the "essence" of certain EU fundamental rights, the ECJ found.

Data processing agreement not sufficient

In the after-match of Privacy Shield being invalidated, American cloud services shifted to relying on data processing agreements with their European customers.

However, this practice is highly questioned among data privacy experts, particularly in regards to its legality.

The now issued statement by Denmark’s data protection authority proves this once again. It complains - among other issues - that

"the data processing agreement states that information can be transferred to third countries in support situations without the required level of security."

The decision summarizes four main issues:

  1. Suspension of Helsingør Municipality carrying out processing of information where this information is transferred to third countries without the necessary level of protection.

  2. A general ban on processing with Google Workspace until adequate documentation and impact analysis has been made and until the processing is brought into compliance with the GDPR.

  3. Serious criticism of the municipality's processing of personal data.

  4. Many of the conclusions in this decision will probably apply to other municipalities that use the same processing structure. These municipalities are expected to take relevant steps themselves based on the decision.

Google Analytics also illegal in Europe

This latest decision comes after data privacy watchdogs in France and Austria ruled that it is illegal for European websites to use Google Analytics to track visitors because of a violation of European data privacy rules.

Also here the issue is that personal data is transferred to the United States for processing without consent from the website visitors.

Consequences for Danish, Dutch & German schools

Based on the statements by the Danish, Dutch and German privacy watchdogs, schools in Denmark, in the Netherlands and in Germany may not use Google's email or cloud services.

While the statements by the Danish, Dutch and German privacy watchdogs are mostly about pressuring American tech companies to finally adhere to strict European privacy regulations, it would be much preferred to have a true alternative to Microsoft, Google and Apple. That's what Tutanota is building right now. Started with secure emails, Tutanota today also offers an encrypted address book, an encrypted calendar, and the encrypted contact form Secure Connect. Many more features such as an encrypted Drive are planned, and we estimate that in a few more years, we can offer an encrypted Groupware with maximum respect of user privacy.

European alternative

European schools can now either wait until Big Tech fixes their privacy issues. Or they can start looking for European alternatives. The latter will have a great positive impact on Europe and European people as a whole:

  1. European tech business is strengthened and can establish an alternative to Big Tech.

  2. Data of European citizens is being protected according to the GDPR.

  3. Data is stored in Europe and no data transfer is happening.

Tutanota, for example, ticks all the boxes a European school would want to protect the sensitive data of pupils, teachers, and parents. Many schools, particularly in Germany, are already using Tutanota.

"In a very sensitive business environment, we have chosen Tutanota among various encryption programs. Tutanota impresses with its extremely simple application. Even non-technical colleagues can encrypt sensitive attachments and texts in accordance with data protection regulations. The simple administration, immediately accessible & always friendly experts and a fair pricing also stand out", says Dietmar Kopp, Maria-Montessori-School.

On top of complying with strict data protection regulations, in Tutanota all data is stored encrypted on German servers. Thus, Tutanota is in full compliance with the GDPR.

SIGN UP
Author
Black and white picture of Hanna being shocked a bit.
Hanna is part of the Tuta team since the launch of the secure email client Tutanota in 2014. Over the years she has become an expert in explaining cryptography to the average internet user, making sure that everyone understands why privacy matters and how encryption helps to protect ones data on the web.
Top posts
Threat Modeling In 2024: Your Guide For Better Security
10 Best Private Email Services in 2024
Google Pays 1150 Times More for Its Search Monopoly Than for Lobbying in the EU & US
Why Use A Password Manager - And Our Top 3!
Anonymous email: Create an email address without a phone number.
The Illusion Of "Swiss Privacy" Being The Best
10 best free email accounts in 2024
Latest posts
The American Privacy Rights Act stands to be America's GDPR
Google Search Is A Problem: How Google Is Crushing Tuta.
The XZ Backdoor and the importance of Open Source Software
Apple is finally giving you the choice: Take it and install a private browser right now!
Terminate subscription
Company
Community
Team
Jobs
Terms
Privacy
Legal notice
Development
Changelog
Roadmap
Security
Encryption
Open Source
GitHub
Features
Secure Email
Encrypted Calendar
Business
Support
Forum
Press
Support
Language
English
Translate