Feeds

Swedish watchdog: Google's chocolate cloud? Nej, not private

Bans official use of ad giant's apps suite

Combat fraud and increase customer satisfaction

The Google bods who sell the ad giant's software services in Europe have been banned from flogging their wares to Sweden's public sector due to unresolved privacy concerns.

The ruling came after a local council was prohibited from using Mountain View's cloud services, and applies to Sweden's local and central government, though not to private sector firms.

Salem, a town of around 16,000 about 30km southwest of Stockholm, wanted to sign a licence to use Google Apps, but Sweden's data protection authority blocked the deal.

The judgment is not linked to the recent controversy over the NSA's surveillance web-snooping scheme but reflective instead of deep-seated concerns about the security and privacy implications of using US-based cloud service providers.

This is not the first time Sweden has expressed its concerns. The issue first came up in 2011 when Swedish Datainspektionen (data protection regulators) ruled that Google's terms and conditions, which allow it to do what it likes with customer data "for the purposes of providing, maintaining and improving the services" was unacceptable.

In particular there were concerns about Google handing customer data to third-party subcontractors as well as what would happen with potentially sensitive data if and when the contract was terminated for any reason.

Datainspektionen ordered Salem to renegotiate a contract incorporating tougher privacy protections. Salem returned with a revised deal last month but that too was judged as deficient. The decision leaves Salem with the option of either going through another round of renegotiation, with an uncertain outcome, or looking for another way to deliver IT services.

UK-based privacy expert and campaigner Simon Davis tipped us off about Google Apps' second knock-back in Salem. The ruling prohibits Sweden's public sector bodies from using Google Apps cloud services, according to Davis.

"Google was the only service cited in the judgment. It will apply to all cloud providers, but Google is the one with the deficient contract," Davis told El Reg.

In a blog post, Davis said other regulators across Europe may take a close interest in the Swedish ruling.

The decision comes at a critically important moment for Google. A group of EU data protection regulators is currently deciding how to respond to the company’s controversial new privacy policy which allows the company to amalgamate data across all its products and services for whatever purposes it sees fit. Regulators are concerned that this condition is perilous to data protection rights. The Swedish decision reflects many of these anxieties.

IT security industry veteran Paul Ducklin, writing on Sophos's Naked Security blog, said that Swedish regulators were entitled to take a stricter line about taxpayer data held by local councils than they would for private businesses in similar circumstances.

"It's one thing to outsource your own IT services - personal email, blogging, website and so forth - to save time and money," Ducklin writes. "That's your own choice to make."

"And it's fair enough if you're a company whose customers can vote with their chequebooks if they don't like the service provider you've chosen. But as a 'customer' of a local government, you don't have that liberty, so you are stuck with the privacy-related decisions made by your council," he added. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Kingston DataTraveler MicroDuo: Turn your phone into a 72GB beast
USB-usiness in the front, micro-USB party in the back
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
BOFH: Oh DO tell us what you think. *CLICK*
$%%&amp Oh dear, we've been cut *CLICK* Well hello *CLICK* You're breaking up...
AMD's 'Seattle' 64-bit ARM server chips now sampling, set to launch in late 2014
But they won't appear in SeaMicro Fabric Compute Systems anytime soon
Amazon reveals its Google-killing 'R3' server instances
A mega-memory instance that never forgets
Cisco reps flog Whiptail's Invicta arrays against EMC and Pure
Storage reseller report reveals who's selling what
Microsoft builds teleporter weapon to send VMware into Azure
Updated Virtual Machine Converter now converts Linux VMs too
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.