Datatilsynet, Denmark’s data protection agency, released a verdict last week that stated that Google’s cloud-based Workspace don’t meet the European Union’s GDPR data-privacy regulations. Why? The investigation discovered that Google transfers data from Europe-based servers to US servers, which clashes with GDPR’s security and privacy standards. The ruling is currently specific to Helsingør; the municipality has until Aug. 3 to rid themselves, and their students, of Chromebooks and Google Workspace. However, due to the Datatilsynet report stating that there was a personal data breach in 2020, the protection agency noted that the ruling would most likely apply to other municipalities in the future.
Why is this happening?
The main cause for this situation is the now defunct EU-US Privacy Shield that controlled how data was shared between the US and the EU. With no regulation currently in place, this leaves EU users vulnerable to the less-stringent data regulations of the United States, which are less concerned with anonymizing personal data. Interestingly enough, data transfers between the US and Europe have been considered illegal since a previous ruling, “the Schrems II case” in 2020, which nullified the existing US-EU Privacy Shield agreement due to it not meeting the standards of the GDPR. These announcements and rulings follow a trend of European nations, such as Italy, France, and Austria, determining that websites using Google Analytics violated European data-privacy protection rules. A Google spokesperson recently told TechCrunch the following: “Schools own their own data. We only process their data in accordance with our contracts with them. In Workspace for Education, students’ data is never used for advertising or other commercial purposes. Independent organizations have audited our services, and we keep our practices under constant review to maintain the highest possible standards of safety and compliance.” This is gobbledygook for “no harm, no foul” and doesn’t address the issue.
It’s not just Google
Recently, Ireland’s DPC (Data Protection Commission) looked into how Meta, Facebook’s parent company, has been transferring data between Europe and the US, which is possibly impacting WhatsApp and Instagram users. While nations within the EU fight for citizens’ data protection, it leaves US residents to wonder how much of their personal information is being mined.
Going forward
As a tech reviewer, Chromebooks have always been less attractive to me compared to PCs and Macs. When you add that many EU nations are putting their legal foot on Google’s neck due to data security issues, what’s the point of buying one? Chrome OS devices are ideal for checking emails, watching YouTube, and diving into Google’s productivity suite of apps (e.g., Docs, Sheets and Slides), however, you can’t do any serious gaming, video editing nor photo editing. As such, Google’s prevalent security and privacy issues further weakens the case for purchasing a Chromebook. Sure, Chromebooks are more affordable, but so was my second-hand car, which turned out to be utterly useless and dangerous to drive. Lastly, one of the biggest faults with Chrome OS is the Google Play store, which is filled with malicious, malware-infested apps used for data mining, stealing personal information, and money. Google must take a page from Apple and tighten up its security vulnerabilities before consumers jump ship and seek alternative operating systems. If you want to know what you can to protect yourself, I suggest looking into setting up a VPN, or maybe even a double VPN, which one of our contributors recently wrote about. Stay vigilant, my friends! h/t TechCrunch