Feeds

Swedish watchdog: Google's chocolate cloud? Nej, not private

Bans official use of ad giant's apps suite

The Essential Guide to IT Transformation

The Google bods who sell the ad giant's software services in Europe have been banned from flogging their wares to Sweden's public sector due to unresolved privacy concerns.

The ruling came after a local council was prohibited from using Mountain View's cloud services, and applies to Sweden's local and central government, though not to private sector firms.

Salem, a town of around 16,000 about 30km southwest of Stockholm, wanted to sign a licence to use Google Apps, but Sweden's data protection authority blocked the deal.

The judgment is not linked to the recent controversy over the NSA's surveillance web-snooping scheme but reflective instead of deep-seated concerns about the security and privacy implications of using US-based cloud service providers.

This is not the first time Sweden has expressed its concerns. The issue first came up in 2011 when Swedish Datainspektionen (data protection regulators) ruled that Google's terms and conditions, which allow it to do what it likes with customer data "for the purposes of providing, maintaining and improving the services" was unacceptable.

In particular there were concerns about Google handing customer data to third-party subcontractors as well as what would happen with potentially sensitive data if and when the contract was terminated for any reason.

Datainspektionen ordered Salem to renegotiate a contract incorporating tougher privacy protections. Salem returned with a revised deal last month but that too was judged as deficient. The decision leaves Salem with the option of either going through another round of renegotiation, with an uncertain outcome, or looking for another way to deliver IT services.

UK-based privacy expert and campaigner Simon Davis tipped us off about Google Apps' second knock-back in Salem. The ruling prohibits Sweden's public sector bodies from using Google Apps cloud services, according to Davis.

"Google was the only service cited in the judgment. It will apply to all cloud providers, but Google is the one with the deficient contract," Davis told El Reg.

In a blog post, Davis said other regulators across Europe may take a close interest in the Swedish ruling.

The decision comes at a critically important moment for Google. A group of EU data protection regulators is currently deciding how to respond to the company’s controversial new privacy policy which allows the company to amalgamate data across all its products and services for whatever purposes it sees fit. Regulators are concerned that this condition is perilous to data protection rights. The Swedish decision reflects many of these anxieties.

IT security industry veteran Paul Ducklin, writing on Sophos's Naked Security blog, said that Swedish regulators were entitled to take a stricter line about taxpayer data held by local councils than they would for private businesses in similar circumstances.

"It's one thing to outsource your own IT services - personal email, blogging, website and so forth - to save time and money," Ducklin writes. "That's your own choice to make."

"And it's fair enough if you're a company whose customers can vote with their chequebooks if they don't like the service provider you've chosen. But as a 'customer' of a local government, you don't have that liberty, so you are stuck with the privacy-related decisions made by your council," he added. ®

The Essential Guide to IT Transformation

More from The Register

next story
Sysadmin Day 2014: Quick, there's still time to get the beers in
He walked over the broken glass, killed the thugs... and er... reconnected the cables*
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
VMware builds product executables on 50 Mac Minis
And goes to the Genius Bar for support
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
They're not emails, they're business records, says court
Microsoft says 'weird things' can happen during Windows Server 2003 migrations
Fix coming for bug that makes Kerberos croak when you run two domain controllers
Cisco says network virtualisation won't pay off everywhere
Another sign of strain in the Borg/VMware relationship?
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.