Education in the Netherlands and the Ministry of Justice should stop using Google's email and cloud services for privacy reasons. This is the advice of the Dutch privacy supervisor Autoriteit Persoonsgegevens, writes the Financieel Dagblad. According to the newspaper, the Dutch Data Protection Authority indicates in two separate opinions that Google email and cloud services do not comply with GDPR legislation.
The main point of criticism is that in education they often do not know where and how data is stored, how it is further processed and for what purpose this is done. According to the Dutch Data Protection Authority, the processing of this data cannot therefore be done lawfully. The research took place at the request of the Ministry of Education, Culture and Science and the Ministry of Justice & Security.
This advice mainly causes problems for schools. There are universities that use Google services such as Gmail, Docs, Sheets and Meet for educational purposes, but it is often (primary) schools that would be affected. The Ministry of J&V already uses a number of Google Cloud services and is now recommended not to expand this.
The ministries, educational interest groups and IT umbrella organization for academics said in a response that they are in consultation with the tech giant. They urgently call on Google to take its social responsibility to discuss the privacy risks and guarantee the privacy of pupils and students.
The research is less rosy for Google. According to various experts, other countries within Europe will also look at these findings; they will further investigate their own position regarding privacy. This also provides insight into the problems for large companies that often store their data with parties such as Google, Microsoft or AW. They will also wonder whether data storage complies with GDPR legislation.
Google responded positively to the research. It appreciates the feedback and hopes to resolve the shortcomings soon. They also indicate that they always comply with the GDPR legislation.