Swedish data regulator Bans Google Apps Over Privacy Policy

google_apps_logo_smallSweden’s data protection agency earlier this week ruled to disallow an agreement between a tiny municipality and Google for the use of cloud services, such as Google Apps, within the public body.

The Swedish data regulator had requested changes in the agreement between Google and the municipality of Salem in order to comply with local privacy laws. The bureau said a new deal between the two parties came with “the same shortcomings.”

[related-posts]

This resulted in a ban (PDF), although it may still be lifted in the future.

Simon Davies highlighted the news yesterday, calling it a ‘landmark ruling’, because it effectively applies an immediate ban on Google cloud services across all Swedish municipal authorities which, by default, extends to national government departments.

He writes:

The ruling – which bans Google cloud products such as calendar services, email and data processing functions – is based on inadequacies in the Google contract.

A risk assessment by the Board determined that the contract gives Google too much covert discretion over how data can be used, and that public sector customers are unable to ensure that data protection rights are protected.

The assessment gives several examples of this deficiency, including uncertainty over how data may be mined or processed by Google and lack of knowledge about which subcontractors may be involved in the processing. The assessment also concluded that there was no certainty about if or when data would be deleted after expiration of the contract.

In a statement, Google said believes that “Google Apps complies with Swedish law” and that they will “continue to work with all involved parties”.

Norway’s data protection authorities also outlawed the use of Google Apps by municipalities for nine months straight before lifting the ban in September 2012 (following a ton of deliberations and some changes from Google’s side).

Spain has also bumped heads with Google over data protection and privacy concerns earlier this year.

The bigger picture is Google’s increasing number of run-ins with local government bodies across Europe – and the European Commission. Last year, the latter proposed comprehensive reforms to strengthen online privacy rights across the board — changes that could have significant repercussions for US tech companies with operations in Europe.

Evidently, that group includes Google, which has also come under intense scrutiny from the European Commission in recent times for the way it presents search results, and the way it handles user data (etc.).

The decision in Sweden will likely be monitored very closely by other data regulators across Europe, as well as the European Commission.

Credit: TNW