SafeGov is not the first to question the acceptability of Google Apps under European privacy laws. In January 2012 a report from the Norwegian Data Protection Inspectorate ruled that the EU-US safe harbor agreement does not adequately guarantee protection against the US PATRIOT Act; and that without further specific guarantees, the use of cloud services such as Google does not comply with Norway's Personal Data Act, 2000.
And at the end of May this year, the Swedish Information Commissioner told the Salem Municipality ‘to either remedy the shortcomings of the agreement [to use Google’s cloud services] or to stop using the cloud service.’
This new report from SafeGov, an organization that describes itself as "a forum for IT providers and leading industry experts dedicated to promoting trusted and responsible cloud computing solutions for the public sector," follows interviews with more than a dozen representatives of European Data Protection Authorities and several EC officials involved in the development of data protection policy.
It found "wide support for the idea that vulnerable data subjects such as school children deserve special protection." Cloud services, including Google, make their money and pay for the services through advertising – and increasingly targeted advertising – to their users. This involves the collection of personal data from those users.
The problem is that schoolchildren, and employees in other public bodies, have no say in whether they are willing to accept the collection of that data. "A fundamental question that arises when schools adopt cloud services that process users’ personal information," says the report, "is whether the students and their parents have been given an adequate opportunity to provide or withhold their informed consent. We found broad agreement that such informed consent is required under both the 1995 Data Protection Directive and the proposed draft of the GDPR."
SafeGov sees the solution to the issue in the cloud services providing "a legally binding pledge not to conduct user profiling or data mining for any advertising-related purposes" when providing services to schools."We’re comforted by the support voiced for safeguarding school children," said Jeff Gould, president of SafeGov.org, "and today we’re asking for a clear, principled commitment from cloud, policy and education actors banning targeted advertising in schools.”