Dutch schools must stop using Google's email and cloud services due to privacy concerns.
Dutch Personal Data Authority raised concerns about Google's GDPR compliance.
Google’s email and cloud use “not lawful”
Pupil’s privacy must be protected
Dutch education ministers Robbert Dijkgraaf and Dennis Wiersma have just reported in a parliamentary letter that there are many privacy concerns about current Google services. Consequently, the Dutch education sector will not be able to use modified versions of the Chrome browser and Chrome OS in its current state.
Already last summer, the Dutch Personal Data Authority advised schools and universities to stop using Google’s email and cloud services. The watchdog had concerns about compliance with the General Data Protection Regulation (GDPR).
According to the watchdog, educational institutions do not know how and where the personal data of pupils and students are processed and stored. As a result, the processing of the information would be “not lawful.”
Google promises fix
Google has indicated that it plans to fix the privacy concerns by August 2023, but the current versions of Google’s email and cloud services must not be used by educational institutions in the Netherlands.
Big Tech’s privacy protection regularly questioned
A similar story hit in Germany in 2019 affecting Microsoft when Office 365 was declared illegal for German schools. Back then the Hessian commissioner of Data Protection and Freedom of Information issued a statement that given the missing transparency in regards to data protection and potential third-party access no personal data of German school children must be stored on Microsoft’s, Google’s or Apple’s servers outside of Germany.
As a consequence, American cloud providers do not comply with strict German privacy protection laws and must not be used by German schools. As an answer to the lack of privacy protections by US companies, the US Senate is now proposing their very own data protection law the APRA, but the law has not been passed, yet, and it’s not certain whether it ever will get passed.
Two privacy concerns
Two issues were criticized specifically:
-
American authorities can access data stored in the European cloud without the German government having control over this.
-
In Office 365 and Windows 10 lots of telemetry data is gathered and transmitted to Microsoft without Microsoft giving satisfying information about what is logged and transferred.
Consequences for Dutch & German schools
Based on the statements by the Dutch and German privacy watchdogs, schools and universities in the Netherlands and in Germany may not use Google’s email or cloud services.
Instead, it is recommendable to use a European email service such as Tutanota.
On top of complying with strict data protection regulations, in Tutanota all data is stored encrypted on German servers. Thus, Tutanota is in full compliance with the GDPR.
Secure groupware suite is planned
In the future, we plan to extend our secure email service that already incorporates fully encrypted calendars and contacts into an encrypted Groupware Suite.
And we do not stop there: We are already working on making Tutanota’s encryption resistant against attacks from quantum computers. As the most secure email service, we aim at securing your private emails not just now, but also in the future!
tl:dr: While the publications by the Dutch and German privacy watchdogs are mostly about pressuring Google and Microsoft into adhering to strict European privacy regulations, it would be much preferred to have a true alternative to Microsoft, Google and Apple. That’s what Tutanota is building right now. Started with secure emails, Tutanota today also offers an encrypted address book, an encrypted calendar, and the encrypted contact form Secure Connect. Many more features are planned, and we estimate that in a few more years, we can offer an encrypted Groupware Suite with maximum respect of user privacy.