Sweden tells council to stop using Google Apps

Sweden tells council to stop using Google Apps

Summary: Sweden's data protection authority has told a local council to stop using Google Apps because of how personal data is handled.

SHARE:
TOPICS: Google
18

Sweden's data protection authority has told a local council to stop using Google Apps and is now looking into whether it will tell schools to back away from Google's cloud. 

Sweden's Data Inspectorate "Datainspektionen", which oversees the nation's Personal Data Act, this week ruled that the Salem Municipality in Stockholm must stop using Google Apps email and calendar services.

The main problem is that the data processor, Google, sets the ground rules for handling personal information, and, according to the inspectorate, has too much room to use the data for purposes other than what is specified by the municipality.

Ingela Alverfors, a lawyer for the inspectorate investigating the case, told ZDNet that cloud contracts in general posed a problem for municipalities because the municipality was supposed to stipulate how data was processed.

"Usually the one responsible for the data is the powerful party. Now it's the cloud provider who writes the contract," Alverfors said.

The contract should, for example, include limits on how data is used, but Google's contract allowed it to process the data for maintaining and providing services, which was too open-ended in her view.

"You could do lots of things with the data. Our view is that Salem is probably not handling sensitive data in the cloud service, but still they are handling personal data," she said.

Salem Municipality has three weeks to appeal against the decision. IT chief Tony Söderlund told ZDNet Salem would appeal — for the second time since an initial probe in 2011 — and had no plans to abandon Google Apps.

"We are working with our response and it's too early to say what the response will be, but we are confident that our agreement with Google applies to Swedish and European laws,” Söderlund said.

"We are not thinking about abandoning Google Apps, partially because there is no  alternative to Google's excellent services."

Google said: "We believe that Google Apps complies with Swedish law and we'll continue to work with all involved parties. Over five million organisations worldwide, including well over one million in Europe, are already using Google Apps and enjoy the increased productivity, innovation and collaboration that internet computing offers."

The decision on Salem does not automatically prevent all municipalities from using Google Apps, but Alverfors said it would make the same decision if it found others with the same contract in place.

Alverfors said the inspectorate had not investigated Microsoft's Office 365, adding that cloud email services did not appear to be that widely adopted by Swedish municipalities.

Schools, however, were a different story and the inspectorate is currently investigating the use of Google Apps at schools in Sollentuna Kommun, another municipality in Stockholm, which migrated to the cloud platform in 2009.

"There's an open case [on the use of Google Apps] in Sollentuna Kommun. We hope to have decision at the end of the year," said Alverfors, who noted that the concerns are also primarily around the data processing terms.

Alverfors said the inspectorate will soon kick off a project to uncover how many schools across Sweden are using Google Apps and other cloud services like it.

Norway's data protection authority last year gave qualified clearance for local councils to use Google Apps and Microsoft Office 365 after initially intending to block it. The Narvik municipality, which adopted Google Apps, is permitted to use Google's cloud so long as it is not used to transmit personal information about citizens. 

Topic: Google

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

18 comments
Log in or register to join the discussion
  • Conversations we should be have here in the good old USA.

    The cloud has amazing upside potential. But this stuff is too important, for the world to rush into blindly. I think we need a major congressional committee set up to deal with these emerging technologies. American's data should remain their own, even in the cloud.
    x I'm tc
    • If Sam Nunn was still in the Senate I'd Agree

      NT
      jnffarrell
    • American's data should remain their own. Ha

      From the country that spends more money and steals more data than the rest of the world?
      Considering the good old US will probably be in the top three groups hacking away, if someone steals your data. just steal it back, and theirs too!
      Boothy_p
      • China complained

        China complained that the US data - data that was proof the Chinese were stealing from US companies.
        Harlon Katz
    • there's a change

      it is usually people outside the US that have concerns about data stored in the US. Now seems Americans are worrying too!
      cymru999
  • I'm not sure...

    how the Swedish data protection legistlation is written, but the European makes using cloud services with operations in the USA very difficult, because of FISA and the Patriot Act.

    The entities using the cloud services must see that any personally identifiable data held on the service is not seen by or handed over to a third party - including the US Government - without getting the written permission of the people identified in the information or a valid EU warrant. On the other hand, the cloud provider with an office or servers in the USA must hand over the information upon request, without having to have a warrant, let alone a valid EU warrant, thus leaving their customers open to prosecution.

    That makes it very risky to use such a service at the moment. The US laws need to be adjusted, so that they are compatible with services offered to users outside US jurisdiction.
    wright_is
  • Just a little blind there, Tony

    "We are not thinking about abandoning Google Apps, partially because there is no alternative to Google's excellent services." - Tony Söderlund

    Um, have you heard of this company called Microsoft? They have a really great product that a lot of folks are starting to use called Office. It comes in all kinds of forms including a cloud version. And speaking of the cloud, they also have this really great cloud service called Azure. One of the things cool about it is that they don't data mine it for advertising leads like Google does their cloud service. You ought to look into it, Tony.
    Sir Name
    • not that simple

      many european governments have moved to open source software because of the cost implications for using Microsoft
      cymru999
  • Data Inspectorate or Chicken Inspectors

    build complex paperwork systems, then snooze at their desks or check boxes in forms while unforeseeable problems develop. Google will have to develop a 'standard contract' for schools and municipalities, and all will be well, for now. But... Watch Out for those Unknown Unknowns.
    jnffarrell
    • The bigger problem

      The problem is, Google say that they will follow US law for their services. Punkt, Ende, aus, as we say in Germany. That is a major problem, because the "customer" in Sweden or in the EU doesn't have anything to do with US Law, they have to follow local data protection laws, which generally forbid the handing over of personally identifiable information over to third parties without due process in a local court.

      As the cloud providers in America have to obey NSLs from the FIS Court, that means that you are essentially opening yourself up to criminal prosecution and private law suits.
      wright_is
  • Interesting

    Good article. I believe that any data saved in the cloud should belong to the individual or organisation who created it. History has proven that there are no multinational companies who practice "No Evil". Microsoft, IBM, Google, Apple, Novell, Oracle, you name it have proven that profit will always define policy.

    Until we see international policy protecting the individual or organisation in the data space, there is no guarantees.

    Guess what I am saying, the rush to move services into the cloud may be premature..
    MovingOn.Pmb
    • Lot of questions for the cloud

      I think this goes well beyond Google as questions keep coming up on how secure and private your information is on a cloud storage solution. Common sense tells me Google would certainly consider using it somehow to benefit itself. But I am sure they are not alone.
      JohnnyES-25227553276394558534412264934521
  • Sweden tells council to stop using Google Apps

    Funny thing is the advise came from someone located in Redmond.......go figure how that could have happened.
    Over and Out
    • Redmond?

      The article says that they haven't yet investigated Office 365, but it would probably fall under the same rules - they wouldn't be able to use it, as they cannot specify that MS (or Google) follow the data protection law that is in place in Sweden.

      As long as the cloud service is based in the USA, it isn't a valid option, if you don't want to risk being sued for "letting" the data be handed over to the US Government without proper permission.
      wright_is
      • I thought there was a way

        US companies could set up safe harbour agreements which as I understand it puts the data out of us government reach!
        cymru999
    • Wow. That's like the 007 time you said that.

      Coincidence? Inquiring minds want to know....
      William Farrel
  • Mh, not that surprising in the current climate

    Shame no one advice UK councils not to use Icelandic Banks a few years ago.
    Now that would have been really useful advice
    Boothy_p
  • Google security risk? Say it's not so

    Really? Sweeden is just now deciding that Google uses personal data for its own reasons? Go figure.
    JohnnyES-25227553276394558534412264934521