Danish DPA Banned the Use of Google Chromebooks and Google Workspace in Schools in Helsingor Municipality

On July 14th, 2022, the Danish Data Protection Authority issued a reprimand against Helsingor Municipality. It imposed a general ban on using Google Chromebooks and Google Workspace for education in primary schools in the Municipality. The Danish DPA banned such processing and suspended any related data transfers to the United States (U.S.) until it is brought in line with the General Data Protection Regulation (GDPR). The suspension took effect immediately, and the Municipality had until August 3rd, 2022, to withdraw and terminate the processing, as well as delete data already transferred. Finally, in a new decision on August 18th, 2022, the Danish DPA has ratified the ban to the use of Google Chromebooks and Workspace. In the eyes of the Danish DPA, the Municipality failed for example to document that they have assessed and reduced the relevant risks to the rights and freedoms of the pupils. This article is structured as follows: section II provides the background concerning the unfolding events after the Schrems II ruling. Section III discusses the origins and facts of the Danish DPA case. Section IV examines the reasoning and critical findings of the Danish DPA decision. Finally, section V concludes with some general recommendations the Danish municipalities must follow based on the ensuing effects stemming from this case.