Feeds

Swedish watchdog: Google's chocolate cloud? Nej, not private

Bans official use of ad giant's apps suite

Security for virtualized datacentres

The Google bods who sell the ad giant's software services in Europe have been banned from flogging their wares to Sweden's public sector due to unresolved privacy concerns.

The ruling came after a local council was prohibited from using Mountain View's cloud services, and applies to Sweden's local and central government, though not to private sector firms.

Salem, a town of around 16,000 about 30km southwest of Stockholm, wanted to sign a licence to use Google Apps, but Sweden's data protection authority blocked the deal.

The judgment is not linked to the recent controversy over the NSA's surveillance web-snooping scheme but reflective instead of deep-seated concerns about the security and privacy implications of using US-based cloud service providers.

This is not the first time Sweden has expressed its concerns. The issue first came up in 2011 when Swedish Datainspektionen (data protection regulators) ruled that Google's terms and conditions, which allow it to do what it likes with customer data "for the purposes of providing, maintaining and improving the services" was unacceptable.

In particular there were concerns about Google handing customer data to third-party subcontractors as well as what would happen with potentially sensitive data if and when the contract was terminated for any reason.

Datainspektionen ordered Salem to renegotiate a contract incorporating tougher privacy protections. Salem returned with a revised deal last month but that too was judged as deficient. The decision leaves Salem with the option of either going through another round of renegotiation, with an uncertain outcome, or looking for another way to deliver IT services.

UK-based privacy expert and campaigner Simon Davis tipped us off about Google Apps' second knock-back in Salem. The ruling prohibits Sweden's public sector bodies from using Google Apps cloud services, according to Davis.

"Google was the only service cited in the judgment. It will apply to all cloud providers, but Google is the one with the deficient contract," Davis told El Reg.

In a blog post, Davis said other regulators across Europe may take a close interest in the Swedish ruling.

The decision comes at a critically important moment for Google. A group of EU data protection regulators is currently deciding how to respond to the company’s controversial new privacy policy which allows the company to amalgamate data across all its products and services for whatever purposes it sees fit. Regulators are concerned that this condition is perilous to data protection rights. The Swedish decision reflects many of these anxieties.

IT security industry veteran Paul Ducklin, writing on Sophos's Naked Security blog, said that Swedish regulators were entitled to take a stricter line about taxpayer data held by local councils than they would for private businesses in similar circumstances.

"It's one thing to outsource your own IT services - personal email, blogging, website and so forth - to save time and money," Ducklin writes. "That's your own choice to make."

"And it's fair enough if you're a company whose customers can vote with their chequebooks if they don't like the service provider you've chosen. But as a 'customer' of a local government, you don't have that liberty, so you are stuck with the privacy-related decisions made by your council," he added. ®

Providing a secure and efficient Helpdesk

More from The Register

next story
It's Big, it's Blue... it's simply FABLESS! IBM's chip-free future
Or why the reversal of globalisation ain't gonna 'appen
IBM storage revenues sink: 'We are disappointed,' says CEO
Time to put the storage biz up for sale?
'Hmm, why CAN'T I run a water pipe through that rack of media servers?'
Leaving Las Vegas for Armenia kludging and Dubai dune bashing
Microsoft and Dell’s cloud in a box: Instant Azure for the data centre
A less painful way to run Microsoft’s private cloud
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
Windows 10: Forget Cloudobile, put Security and Privacy First
But - dammit - It would be insane to say 'don't collect, because NSA'
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.