Read at The Verge
Danish privacy regulator Datatilsynet has ruled that Danish cities require stronger privacy assurances in order to use Google services that could potentially expose children's data. The agency found that Google uses student data from Chromebooks and Google Workplace for Education for its own purposes, which is not permitted under European privacy law.
The regulator ruled that municipalities aren't allowed to send Google data unless the laws change or Google provides a way to filter students' information out.
Municipalities in Denmark have been given until March 1st to explain how they plan to comply with the order to stop transmitting data to Google. If they fail to comply, they may be required to phase out the use of Chromebooks entirely starting from August 1st. The decision by the regulator highlights the need for thorough vetting of the risk of using Google services for education purposes before approving their use.
Datatilsynet says that cities hadn't actually done a thorough enough job of vetting the risk of using Google Workplace for Education before they approved their use by local schools.