from the your-data-may-be-collected-for-quality-assurance-purposes dept.
Arthur T Knackerbracket has processed the following story:
Danish privacy regulator Datatilsysnet has ruled that cities in Denmark need considerably more assurances about privacy to use Google service that may expose children’s data, reports BleepingComputer. The agency found (translated) that Google uses student data from Chromebooks and Google Workplace for Education “for its own purposes,” which isn’t allowed under European privacy law.
[...] The regulator ruled that municipalities aren’t allowed to send Google data unless the laws change or Google provides a way to filter students’ information out. Google using it for purposes like performance analytics or feature development is a problem under their interpretations, even if it doesn’t include targeted advertising. For instance, it’s easy to see how regulators might take issue with student data being used to develop and improve AI features, which are increasingly part of Google Workspace and Chromebooks.
Datatilsysnet says that cities hadn’t actually done a thorough enough job of vetting the risk of using Google Workplace for Education before they approved their use by local schools. In 2022, it required 53 municipalities to re-do their assessments as a condition for rescinding a previous data-sharing ban for the city of Helsingør. As part of the process, they needed to get information on how Google used the student information it collected and where it sent that data, leading to the new order.
(Score: 5, Informative) by julian on Monday February 12, @10:23AM
They're incredibly cheap and very useful but being permanently wired into the Google botnet is unacceptable. Thankfully there is a community that is liberating them. Here's a good presentation [youtube.com] about it.
(Score: 1, Flamebait) by VLM on Monday February 12, @12:38PM (1 child)
I think this scenario is similar to another common educational situation, where any suggestion of possible fiscal restraint by a school district is opposed by wild claims their only choice is to cancel the varsity hs football team and eliminate drivers ed. Then the voters approve the huge tax increase and they go back to igniting piles of cash for no positive purpose.
So likely GOOG wants to spam the kids with ads and they said no so its scorched earth time where then you don't get to use your installed base of chromebooks then. The likely compromise of this story will be google "lightly spamming" the kids and they get to keep using chromebooks.
(Score: 3, Informative) by GloomMower on Monday February 12, @04:31PM
I've not noticed ads in chromebooks, unless you use some app that has ads in it. But I'm sure whatever is collected is used at least for something else.
I think the Denmark law is no data can be collected. Maybe like even their name. I think you need a google account to log in, in the first place on chromebooks.
Chromebooks are by far the most popular device used in schools in the united states. Early on it looked like schools were going crazy over ipads, but chromebooks have way overshadowed them. At least they got keyboards.
(Score: 3, Insightful) by deimios on Monday February 12, @01:50PM
They'll just update their EULA to include language that vaguely assures that the affected territories are exempt (pinky swear), then keep doing it as usual.
If this was Microsoft they'd even throw in some "incentives" and discounts.
(Score: 3, Interesting) by pTamok on Monday February 12, @01:52PM (2 children)
It's the cities that are at fault, as they are the the entities responsible for the collection and handling of (personal) data provided by the users of the Chromebooks, most of whom are minors, and forced to use the equipment.
They have not done their due diligence - not only in mapping their use of personal data, but also in assuring it is properly handled when handed off to Alphabet/Google for processing.
I have no doubt that Alphabet/Google have not made it easy for the cities to do the due diligence, and probably did a lot of hard-selling.
The regulator can hand out quite large fines, which the local taxpayers won't like, because paying them will come out of local budgets. I don't believe there is any personal responsibility, so the local politicians and civil servants won't have any worries on that score.
(Score: 3, Interesting) by Runaway1956 on Monday February 12, @02:34PM (1 child)
I won't disagree with you, but, individual cities education system can't compete with slick sales reps and even slicker lawyers pushing the hardware. That's why state, national, and EU level governments are useful. Maybe Goog won't negotiate with Bumfuckistan in good faith, but the EU has enough weight to take on Goog, and Microsoft, and a dozen other major corporations at the same time.
Odd thing just crossed my mind. Where does Apple stand in all this? I've not read about the EU taking iThings to task for their data mining. Maybe I've just missed the headlines?
(Score: 2, Insightful) by pTamok on Monday February 12, @06:49PM
Moderated you insightful.
There's a lot of money, influence, and power riding on being able to run rough-shod over individuals' privacy and control over personal data. In my personal opinion, it will take gaol sentences for company directors/C-level people to effect change. Which is unfortunate, because I don't there is political will for that right now, and with enough lobbying, there might never be.
(Score: 3, Interesting) by ShovelOperator1 on Tuesday February 13, @08:40AM
Maybe it's time to teach how to read terms and conditions and how to understand intentions behind them?
Seriously, the example I met a few months ago shows that this is needed. A very large university, a few thousands of scientists, a large law department responsible for patents and "intellectual property", and they bought a non-EU online Office suite license (and it was not Google!).
Most people just accepted ToS with these "flowers":
- Exemption from GDPR protections as data leaves the terminal (it means that they're nearly openly establishing something like a mafia, skipping GDPR as soon as the data leaves user's computer, not a country or EU).
- Totally dumping the "safe harbor" (or how it is now called) idea.
- The personally identifiable info from documents content can be used for everything, including profiling (for who?) and marketing. Any information, and it's document author's duty to get permission from people who they are writing about.
- Company making the word processor gets the license to use the content in any possible way. People are writing patent applications with it!
- The company can store biometric data from real-time communication, including web cam image dumps and voice prints. It is totally unclear what they will do with it.
I will still go with my LO Writer which I used to write everything, from a shopping list to a doctoral thesis.