The Swedish Data Inspection Board has for a second time disallowed an agreement that a local municipality wants to sign with Google regarding the use of its hosted Apps package.
The agreement does not comply with the rules in Sweden’s Personal Data Act, and therefore it either has to be amended or the Salem municipality has to stop using Google Apps, the board said on Monday.
The Personal Data Act turns 15 this year and aims to prevent privacy violations when personal data is processed. Salem’s deal with Google gave the company too much leeway to process personal data for its own purposes. Also, wasn’t clear what happens to the stored personal data when the contract ends, the board said.
Google didn’t agree with the Data Inspection Board: “We believe that Google Apps complies with Swedish law and we’ll continue to work with all involved parties,” it said in an emailed statement.
The company also underlined that over five million organizations worldwide, including well over one million in Europe, already use Google Apps.
Salem’s municipality didn’t reply to questions for a comment, but has since the beginning been convinced that its agreement with Google is in compliance with the law. Prior to the transition to Google Apps, Salem did an extensive investigation in cooperation with legal experts and the conclusion was that the agreement holds up, CIO Tony Söderlund said in September 2011, after the first round of criticism.
Neither Google nor Salem officials commented on the Data Inspection Board’s concerns regarding how personal data would be handled.
A history of distrust
Salem was the first Swedish municipality to switch to Google Apps. In January 2011, the transition from a Microsoft-based environment to Google Apps started. The goal was to get a reliable, cost-effective solution for email, calendar and document management, it said.
The Data Inspection Board’s task is to protect individual privacy without unnecessarily preventing or complicating the use of new technology, according to its website.
Sweden isn’t the only Nordic country that has put Google Apps and hosted productivity apps under the microscope. Last year in Norway, the Data Protection Authority gave two local municipalities its blessing after nine months of deliberations.
But the authority’s approval of cloud-based services was conditional on certain prerequisites, including completion of a thorough risk and vulnerability analysis and technology that is in compliance with Norwegian regulations, the Data Protection Authority said in September last year.