For the past several years, Europe has been fighting for its digital sovereignty, and this is escalating as also covered by Tech Crunch.
The most well-known names in the software-as-a-service industry – American firms Microsoft and Google – have been growing their business in the European market for a long time thanks to their name recognition and wide portfolio of products that have been moving existing customers to SAAS models. However, this growth story has slowly been overshadowed by concerns about privacy, ensuring safe data transfers and unfair competition.
In 2018, Europe introduced the GDPR or General Data Privacy Regulations to protect the data of its citizens. Implementing this law locally, EU countries have taken it upon themselves to forge change in keeping their data private. Countries like Germany, the Netherlands, Denmark and France have all enforced tighter restrictions on data and are heading the movement.
EU countries fight for data privacy
Most recently, the French Ministry of Education has banned free versions of Microsoft Office 365 and Google Workspace in schools due to data privacy concerns and unfair competition. The paid versions have already been banned for similar reasons.
In France, the ban was not only introduced due to data sovereingty issues in an American cloud service, but also due to the fact that free services are not allowed in public procurement sectors since a “consideration” payment is required. In addition, France has a “Cloud at the Center” policy which highlights three major challenges for France: the transformation of private organizations and public administrations, France’s digital sovereignty, and economic competitiveness.
It’s no surprise France, among other EU nations, are buckling down on tighter data policies, especially in government and public schools where data of students and citizens is at risk.
In Denmark, the government data protection agency, Datatilsynet, officially banned Google Workspace in schools because it didn’t meet the requirements of GDPR.
Within Denmark, one school district called went ahead and banned all Google Chromebooks this summer per the ruling.
In Germany, two states – Baden-Württemberg and Hessen – have both made decisions about banning Microsoft products because they are not GDPR compliant. In Baden-Württemberg schools, the Ministry of Education has also decided to cut off use of 365 solutions due to the lack of data protection for teachers, students and parents.
Just last Friday, the German Datenschutzkonferenz (DSK) published concerns about Microsoft 365 complying with both German and EU data privacy laws. In response, Microsoft published a press release stating that their product and services not only meets but exceed the requirements of data privacy laws (coverage in German).
In the Netherlands, research concludes that Dutch universities are putting massive amounts of data at Google and Microsoft. The study shows how the shift to the public cloud will take control of student’s data away from the universities and would ultimately prevent privacy from being an attainable goal for researchers and students. Currently underway is a Data Protection Impact Assessment (DPIA) issued by the DPA (Data Protection Agency) to assess the potential data privacy risks of the professional use of Microsoft Teams. However, previous assesments by various government agencies have already shown that foreign companies do not comply with the regulations.
Want to learn more? We are organizing a webinar on December 15 where we will discuss the challenges educational organizations face, what the legal and privacy risks are that push governments to ban 365, Workspace and other foreign SaaS tools, and how Nextcloud helps
November 2022 – France’s Ministry of Education bans free versions of Microsoft Office 365 and Google Workspace in schools.
August 2022 – Denmark’s Data Protection Agency (DPA) bans the use of Google Workspace in public sector organizations.
School municipality Helsingør formulates plan to ban 8,000 Chromebooks for the start of the new school year.
July 2022 – German state of Baden-Würrtemberg’s Procurement Chamber made a non-appealable decision that the transfer of personal data to a country outside of the EU is impermissable under the GDPR. (Note: now overturned by the Public Procurement Senate of the Karlsruhe Higher Regional Court in September 2022)
February 2022 – The Dutch government published a Data Protection Impact Assessment (DPIA) assessing the data protection risks of the professional use of Microsoft Teams in combination with OneDrive, SharePoint Online and the Azure Active Directory.
January 2022 – Austria’s Data Protection Authority decided that using Google Analytics on your website is in breach of GDPR.
July 2020 – EU-US Privacy Shield is invalidated by “Schrems II” under the European Court of Justice (ECJ).
September 2019 – German state of Hessen’s Commissioner for Data Protection and Freedom of Information, Professor Ulrich Kelber, stated that the use of Microsoft Office 365 at schools was not allowed under GDPR.
Join our upcoming webinar!
Nextcloud experts will discuss why many educational institutions are moving away from big tech collaboration platforms.
Today, US-based file sync & share vendor Kiteworks announced their acquisition of ownCloud and Dracoon. Kiteworks points out that their customers now have access to their file-sharing application. It is to be expected they will not maintain 3 similar products, but customers will have to migrate to the US firms’ platform or look for another […]
As part of Schleswig-Holstein's state digitization strategy, the state chancellery has announced they will work with Nextcloud to develop AI for working with government documents. This comes just after we announced the first private AI assistant last weekend with Hub 6. The German state already uses Nextcloud and their AI strategy aligns with our work on ethical, local AI technologies.
Over the last year, AI has become a popular topic. Some is hype, some is substance. Some is good, some is bad. We want to give you the good, not the bad, and ignore the hype! AI has a ton of opportunity – but also risk. So we put you in control – off by […]
The serious security flaws in ownCloud (now owned by Kiteworks) do NOT affect Nextcloud. We have strict security processes in place, and do not ship test data from libraries that can cause security breaches.