In what seems to have garnered precious little attention, Sweden’s data protection agency earlier this week ruled to (again) disallow an agreement between a tiny municipality and Google for the use of cloud services, such as Google Apps, within the public body.
The Swedish data regulator had requested changes in the agreement between Google and the municipality of Salem in order to comply with local privacy laws. On Monday, the bureau said a new deal between the two parties came with “the same shortcomings”, however.
We don't shill.
Check out TNW's Hard Fork.
This resulted in a ban (PDF), although it may still be lifted in the future.
Simon ‘the privacy surgeon’ Davies highlighted the news yesterday, calling it a ‘landmark ruling’, because it effectively applies an immediate ban on Google cloud services across all Swedish municipal authorities which, by default, extends to national government departments.
The ruling – which bans Google cloud products such as calendar services, email and data processing functions – is based on inadequacies in the Google contract.
A risk assessment by the Board determined that the contract gives Google too much covert discretion over how data can be used, and that public sector customers are unable to ensure that data protection rights are protected.
The assessment gives several examples of this deficiency, including uncertainty over how data may be mined or processed by Google and lack of knowledge about which subcontractors may be involved in the processing. The assessment also concluded that there was no certainty about if or when data would be deleted after expiration of the contract.
In a statement given to PC World, Google said believes that “Google Apps complies with Swedish law” and that they will “continue to work with all involved parties”.
We’ve reached out to Google to see if they have more to share.
Not the first time
The move itself isn’t unprecedented in Northern Europe: Norway’s data protection authorities outlawed the use of Google Apps by municipalities for nine months straight before lifting the ban in September 2012 (following a ton of deliberations and some changes from Google’s side).
Spain has also bumped heads with Google over data protection and privacy concerns earlier this year.
The bigger picture is Google’s increasing number of run-ins with local government bodies across Europe – and the European Commission. Last year, the latter proposed comprehensive reforms to strengthen online privacy rights across the board — changes that could have significant repercussions for US tech companies with operations in Europe.
Evidently, that group includes Google, which has also come under intense scrutiny from the European Commission in recent times for the way it presents search results, and the way it handles user data (etc.).
The proposed ‘modernization’ changes to EU data protection and privacy laws resulted in a massive lobbying campaign by US policy makers and a host of American companies aimed to water down the amendments and reduce its impact, much to the dismay of privacy groups.
As Davies points out in his blog post, the decision in Sweden will likely be monitored very closely by other data regulators across Europe, as well as the European Commission.
Image credit: Thinkstock