Education agreement with Google over privacy risks

Akkoord onderwijs met Google over privacy-risico’s

After intensive discussions in recent weeks, an agreement has been reached with Google to mitigate high privacy risks related to the use of Workspace for Education Plus (formerly G Suite Education for Enterprise) and Workspace Education Fundamentals (the free variant, formerly G Suite for Education) by educational institutions in the Netherlands.

These high risks were uncovered in a Data Protection Impact Assessment (DPIA) conducted in 2020 - 2021. In response to the results of this DPIA, SURF and SIVON asked the Personal Data Authority (AP) for advice. In the May 31 opinion, the AP indicated that all high data protection risks must be sufficiently mitigated no later than the beginning of the 2021/2022 school year, otherwise schools must stop using Workspace for Education.

SURF and SIVON are pleased to announce that agreement has been reached with Google on a comprehensive set of contractual, organizational and technical measures. These measures sufficiently mitigate all high privacy risks identified in the DPIA.

ChromeOS, Google Cloud Platform and other Google services

Most of the agreed measures apply to the core services (core services) in Workspace for Education (for example, Classroom and Gmail). Google commits to continue discussions with SURF and SIVON on other Google services regularly used in education, such as Google Cloud Platform and ChromeOS (the operating system for Chromebooks).

Follow-up

Over the next 2 weeks, SURF and SIVON will continue discussions with Google to refine the negotiation results and reach agreement on how existing contracts will be modified or migrated to the new agreements. Our goal is to complete this no later than the first week of August. SURF and SIVON will provide educational institutions with instructions on how to ensure these changes apply to their contracts before the beginning of the next school year.

In addition to the measures Google has implemented, mitigating the high data protection risks also requires educational institutions to implement appropriate administrator settings and certain organizational measures. SURF and SIVON are providing the necessary documentation for Workplace Administrators (administrators) to implement those measures.

SURF and SIVON are providing educational institutions with a complete package of all the documents and information they need to assess whether the use of Workspace for Education (Plus) - taking into account their specific interpretation and use of Workspace for Education (Plus) - sufficiently fulfills the protection of personal data in accordance with the GDPR. We expect more news on this by the first week of August at the latest.

SURF and SIVON continue to cooperate with Google

SURF andConsidering the risks and issues raised during the DPIA and the actions taken or announced by Google, SURF and SIVON can confirm that Google is addressing these issues. Given the importance of the use of Google services in educational institutions, SURF and SIVON will continue to monitor Google on behalf of education and speak with Google about privacy issues. For example, a DPIA on Chrome browser and Chrome OS will be conducted and these results will be discussed with Google in a similar manner to Workspace for Education (Plus). SIVON continue to work with Google

Related posts

Google Workspace can be safely used in education

So reports the Ministry of Education, Culture and Science (OCW) based on research by SURF and SIVON to the House of Representatives today. In recent years, SURF and SIVON investigated...

Updated on
27 June 2024

Google Workspace for Education

Gegevensbeveiliging data vs