Norwegian public sector organisations will be banned from using Google Apps after the Norwegian data protection authorities ruled that the service could put citizens’ personal data at risk.
The data protection authority said Google Apps did not comply with Norwegian privacy laws because there was insufficient information about where data was being kept. The decision came from a test case in Narvik, where the local council had chosen to use Google Apps for their email.
The Norwegian ban comes just as things were going so well for Google Apps in Europe, with the company winning its largest ever contract with BBVA, the Spanish bank.
Now, however, Google could find access to swathes of public sector work effectively closed. Early last year, there was a similar decision in Denmark, where the town of Odense was banned from using Google Apps in its schools. Privacy regulators were concerned that if teachers used Google’s document and calendar functions for lesson planning, student assessment and communicating with parents, it would leave some sensitive personal data at risk.
The German government is also working on stricter data protection rules that would specify where, geographically, confidential and sensitive information must be stored.
Meanwhile, France has set up a patriotic venture with France Telecom and Thales to promote French cloud services over US rivals.
All these moves show that there is still a deep level of concern in Europe about the security of using US-based cloud computing providers, especially if there is any lack of clarity about whether the data is physically being stored.
Unease is exacerbated by the Patriot Act, which requires US companies to hand data over to US authorities, when asked, even if that data is stored in Europe.
