Some 53 municipalities across Denmark must, by March 1st, show how they will comply with data protection laws going forward, the Danish Data Protection Agency (Datatilsynet) said in a statement on its website.
The ruling is related to a larger, ongoing case in which the legality of use of Chromebook laptops and Google Workspace programmes is under scrutiny in each of the municipalities.
The Data Protection Agency was initially alerted to the issue in 2019, when a parent registered a complaint after finding his eight-year-old son’s name and school were visible in YouTube.
The information found its way to YouTube after one of the boy’s friends borrowed his school computer and posted a message on the video platform.
Subsequently, the Data Protection Agency has investigated handling of data by municipalities that use Chromebooks and Google Workspace.
Tuesday’s ruling requires all municipalities to put measures into place, backed by appropriate regulations, to make sue data is properly protected. These measures must come into force no later than August 1st, but a plan must be presented as soon as March.
“Before you start using equipment, you must, as someone responsible for data, understand how to handle personal information within it and you must be able to provide documentation for this,” the agency’s IT security and legal specialist Allan Frank told news wire Ritzau.
“That applies to all organisations, but in the case of a public authority, where we as members of the public cannot demand our information not be stored – the Data Protection Agency certainly expects the necessary analyses be both completed and documented,” he said.
Member comments