Swedish bureaucrats have instructed a town in the Scandinavian country to say “No” to Google.
Salem, a municipality approximately 30km south-west of Stockholm, wanted to ink a deal to use Google Apps, but the Information Commission thought otherwise.
When I first spotted this story, my immediate thought was that it would have something to do with PRISM.
If you haven’t been following computer security news lately, that’s the USA’s controversial programme to conduct widespread network surveillance of foreigners.
You can see why overseas jurisdictions might want to discourage their residents from using cloud services offered by companies which are themselves regulated by US law.
But Sweden’s broadside against Google has nothing to do with whether the US government does or doesn’t have its digital eyes on the cloud storage of non-US residents.
This is an argument directly with Google over its own privacy provisions.
The Swedish data protection mandarins already disagreed with the Municipality of Salem back in 2011, arguing that Google’s contractual land-grab over its customers’ data “for the purposes of providing, maintaining and improving the services” was a step too far.
The municipality apparently felt that this was reasonable because it would help to improve Google’s IT-related services to everyone – in other words, that the people of Salem could tolerate this clause for the greater good of all.
But the Swedish Datainspektionen ordered Salem to renegotiate with Google, on the grounds that the clause was too open-ended to be safe.
The decision noted, amongst other things, that the contract was too loose about how the data might be handled by subcontractors, or by Google after the contract ended.
Salem did go back to the negotiating table, and came up with a revised deal last month, but it still wasn’t enough for the regulators, whose decision is that the earlier shortcomings have not been addressed.
So Salem must negotiate again with Google, or find another way to deliver its IT services.
On the surface, this may sound like Nordic bureaucratic pettiness, but I think we should applaud the Swedish privacy experts here.
It’s one thing to outsource your own IT services – personal email, blogging, web site, and so forth – to save time and money. That’s your own choice to make.
And it’s fair enough if you’re a company whose customers can vote with their chequebooks (yes, they still exist, at least in Australia!) if they don’t like the service provider you’ve chosen.
But as a “customer” of a local government, you don’t have that liberty, so you are stuck with the privacy-related decisions made by your council.
I suppose, as Google’s own Eric Schmidt once famously joked, “you can just move, right?”
But that’s the same Eric Schmidt who’s on the record as having said that “Google policy is to get right up to the creepy line and not cross it.”
Let’s see if Salem can win the battle to get Google to back off a bit in the next round of negotiations…