The custom versions of ChromeOS and Chrome web browser for education are still a long way off. Google aims to launch it in August 2023. The new version is in line with the agreements made in 2021 about Google Workspace.
This was announced by Minister of Education, Culture and Science Robbert Dijkgraaf and Minister for Primary and Secondary Education Dennis Wiersma in a letter to the House of Representatives.
Cabinet warns about privacy risks Google Workspace
For the start of this case, we have to go back to June 2020. MPs Peter Kwint (SP) and Paul van Meenen (D66) then submitted a motion asking the cabinet to conduct a Data Protection Impact Assessment (DPIA) in the education sector in our country. In March 2021, the then Minister of Education Ingrid van Engelshoven and Minister of Primary and Secondary Education Arie Slob shared the results with the House of Representatives.
The ministers then said that there may be privacy risks associated with Google Workspace. Schools are said to have “too little or insufficient control” on the processing of metadata. That is information about how a user uses certain programs. Metadata tells, among other things, when a student logs in, how long he stays logged in, what type of device he works on, with which settings, which programs he uses and which searches he performs.
In a nutshell, Google said it considered itself the sole data controller. The privacy agreement also stated that the technology company could unilaterally change the conditions surrounding metadata at any time.
Educational organizations ask Google to take social responsibility
The Dutch Data Protection Authority concluded that with such conditions the processing of metadata and personal information of students could not take place lawfully. Because there were “fundamental questions” about privacy protection and processing, the regulator advised to stop Google Workspace until it became compliant with the General Data Protection Regulation (GDPR).
Educational organizations such as the PO-Raad, SIVON and SURF thought immediately stopping Google Workspace was too drastic a step. However, they made an urgent appeal to Google’s social responsibility to guarantee the privacy of pupils and students. If not, the education sector would no longer use Google Workspace in the near future.
Google becomes data processor instead of data controller
Google heard the complaints and promised to address the privacy concerns of the education world. The search engine giant agreed with Dutch educational authorities that it would no longer act as a data controller, but would take on the role of data processor.
That is a major adjustment because it limits what Google is allowed to do with the collected metadata. Under the old terms, the search giant used this information for commercial purposes, including showing advertisements. Since Google is now acting as a data processor, it can only use metadata to maintain its services, tackle threats and develop updates.
To comply with these agreements, Google would develop a new version of ChromeOS and the Chrome web browser.
New version ChromeOS and Chrome ready in August 2023
It was unknown when this privacy-friendly version of ChromeOS and Chrome web browser would be ready. Ministers Dijkgraaf and Wiersma now have an answer to this. In a letter to the House of Representatives, the ministers write that Google has promised that the versions will be ready in August 2023. “That version will then be in line with the agreements made with Google in 2021 about Google Workspace,” the ministers promise.
SIVON and SURF are in talks with Google about the elaboration of this. At the same time, education organizations have started talks with other vendors in case the new version of ChromeOS and Chrome doesn’t live up to expectations.
Cabinet to invest heavily in information security and privacy education
Minister Dijkgraaf and Wiersma will use this cabinet term to tackle the information security and privacy of educational institutions. The education sector has taken measures in recent years to increase their digital resilience. But the world of education is still vulnerable to cyber-attacks. “Freedom is not an option when it comes to digital resilience and privacy,” the ministers said.
Primary and secondary education will therefore receive an additional 6 million euros on a structural basis. This is used, among other things, to formulate and implement a framework of standards for digital security. The Education Inspectorate will be given a prominent role in raising awareness about the dangers of digital threats in the education sector.
Specialist and legal knowledge about information security and privacy is centralized. This means that not every scale has to invest separately in this expertise. In order to pay more attention to these themes, school boards must write something about this in their annual report from August 2023. Finally, there will be a Computer Emergency Response Team (CERT) for primary and secondary education that will act as a “digital fire brigade”.
The intention of the education ministers is in line with the ambition of State Secretary for Digitization Alexandra van Huffelen to give top priority to cybersecurity and privacy when formulating new laws.
Catch up on more articles here
Follow us on Twitter here