Literally any use of any technology that requires transfer of any EU personal data to a company that has any presence in the United States, is currently illegal for anyone in Europe.
But we're playing this silly game where data protection authorities slowly realize "oh - Google - they have US presence right? Let's ban them," and then this flows down to EU businesses.
The reality is the law is clear: any use of ... Google... AWS... MSFT (even with EU hosting)... Notion... Salesforce... GitHub... Atlassian... All of this is currently obviously illegal in EU.
So we now live in a weird world of, everyone is breaking the law, who do we call on it?
> So we now live in a weird world of, everyone is breaking the law, who do we call on it?
Welcome to today's world.
This is the case, not just for corporations, but for individuals. Chances are near 100% that everyone breaks some law, every single day. This gives the State the power to prosecute you for thousands of offenses, if they so choose. There are thousands of laws, and normal lay people cannot possibly know about all of them. Moxie once wrote a fantastic blog piece on this I recommend reading: https://moxie.org/2013/06/12/we-should-all-have-something-to...
> For instance, did you know that it is a federal crime to be in possession of a lobster under a certain size? It doesn’t matter if you bought it at a grocery store, if someone else gave it to you, if it’s dead or alive, if you found it after it died of natural causes, or even if you killed it while acting in self defense. You can go to jail because of a lobster.
This is just one absurd example out of thousands. And this is precisely how the State maintains coercive power over people. Everyone breaks some law, so the State can pick and choose whom to go after based on whatever random reason triggers some bureaucrat's or cop's ire.
Salesforce, Atlassian, GitHub and to a lesser extent Google, Microsoft and Amazon are only not allowed for private data, no? So there's nothing wrong with storing code on GitHub for instance. Although IPs are private data, do access logs count? If i recall correctly they don't, but I'm really not a lawyer.
Edit: Actually Atlassian are an Australian company, is there an equivalent CLOUD act that makes data transfers impossible?
An extraordinary Danish Radio report exposed how scores of children in Denmark, many of them orphans, were subject to CIA-funded experiments for at least two decades.
The purpose of these activities remains unknown, as authorities continue to actively suppress the truth of what happened in the 1960s and early 1970s.
The startling exposé is based on the work of documentarian Per Wennick, who was one of 311 participants in the mysterious trials. The children never learned the objective of the tortuous assessments to which they were exposed, even after they ended.
According to Wennick, when he was 11 years old, he was asked at an authoritarian orphanage in Copenhagen if he wanted to try something “fun” at the local municipal hospital. It was vaguely described as an examination of how children “feel”. Believing it would be a welcome diversion, he acquiesced and even received a small sum for his participation.
Wennick went on to undergo a series of regular tests, which included being forced to listen to recordings on headphones of loud noises, screams, and statements intended to scare him. Staff strapped him to a chair while electrodes were placed on his arms, legs, and chest, measuring his heart rate, temperature, and sweat levels.
These experiments continued until 1973, when Wennick was 24-years-old. However, a decade later, while in a hospital due to a skin complaint, he learned his visit—in fact, his every contact with healthcare services— was reported to the Danish Psychological Institute for reasons never made clear to him.
Fast forward to 2018. While at a film festival in the United States, he saw the documentary "Three Identical Strangers," which tells the story of triplets deliberately separated at birth and offered up for adoption to families of differing socioeconomic backgrounds, in a covert and highly unethical scientific “nature versus nurture” study.
It occurred to Wennick he too may have been unwittingly caught up in a similar experiment.
I'm always baffled at how places like the CIA get enough people to work for them. Who says to themselves "they torture, assasinate, fund terrorist groups, help terrible regimes, experiment with people, including children, those are the people i want to work for!"?
- Digital experiences can offer different learning formats which might work better for a subset of kids.
Cons:
- Having computers in the classroom is a huge distraction, and not a valuable use of time for teachers to have to manage on top of everything else; kids constantly abuse the privilege and goof off instead of paying attention to the lesson. Teachers can either fail at their job and ignore it, or must constantly monitor and police all the screens while they are teaching. As if it's not already hard enough to manage the class?
- Chromebooks are expensive for school districts, they pay large ongoing sums of money to Google for the G-Suite SaaS contracts, too. They're not getting a great deal, districts often don't even have the expertise to evaluate if it's cost effective or not.
- Chromebooks get filthy and gross, with kid sludge and boogers and whatever else. Who should be tasked with cleaning them?
- Chromebooks result in excessive, unnecessary e-waste. Google offers updates for only a few years before deprecating them. They only run a web browser, but somehow they must be EOLd after only 5 years? Ok..
How about bringing back the books and chalkboards? Ill-informed parents would probably freak out and have a meltdown, thinking their kid is getting a second rate education without the stupid Chromebook during school time.
We are stuck in the minima of a very local function. So dumb.
This isn't the biggest problem though, it's the US public education system that created and enables all this, constantly making changes to curriculae and requirements in a non data-driven way.
Chromebooks are expensive? Do you have numbers? Unlike Windows or OSX where you need an IT guy for a school district, the chrome OS doesn't really require a full time staff. Generally if it dies, you hand the student a new one. Most of the work is tracking inventory.
No testing, no production, no app installs, no backups, no training (at least for students), no managing licenses, no maintaining a custom collection of apps, etc.
Would macbooks or windows boxes be plausibly cheaper in any way?
Seems like most highschools give freshman a new chromebook, and then offer to sell it to the student for $25-$75 when they graduate. Said laptops often live on supporting the student or the student's family. My kid just graduated and is quite fond of her chromebook. It's pretty low power (some arm variant), 4gb ram, pretty durable case, and I expect it to live on for a few more years.
Sure chromebooks can get gross, but that's really only a issue if you plan to give them to multiple people. The laptop we got came with a get to know your laptop card that showed you how to recover from pouring a soda on your keyboard, generally open, shake, and don't close the lid for a few hours.
Teachers can still use books and chalkboards, up to them. But using google apps is a useful skill and using them to turn in homework seems to work really well. The use of chromebooks during class was limited for my kid, but depended on heavily for homework, research, etc.
I went to a school where we used chrome books. We paid a 500 euro deposit I believe upfront and signed a contract that obliged us to use the machine appropriately and that any damage resulting from failing to do so is our fault yada yada. By the end of the curriculum the computer moves into being our own property and the school wipes it from the network so to speak and it’s factory reset.
The reality is that at this point it’s a piece of old junk that no one wants since it’s been in constant use for like 4 years, and yes I went to a privileged school which hopped onto the idea as soon as it was publicly available.
I talked to our it department and they confirm the fact that chrombooks make the back end work of the it department so so so much easier, as does the rest of the google interface. They no longer deal with individual account backups, data storage and network access, being able to focus on what is accessible from the school network and solving hardware problems with the machines themselves, as well as some additional maintenances on PC systems that were present I. Every classroom dedicated to each teacher which we’re not chrome books but ran windows 7 instead, up until a year or 2 ago I believe.
Chrome books have an arguably larger upfront cost bit a reduced maintenance cost which may make them more economical depending on the scale you work on and you budget. As I said I went to a privileged school with around 1k kids as of last year I believe so it may have been a good choice there, the school is not in Denmark btw.
I personally am more interested in knowing what are the alternative options to the chrome books that denmarkian schools can switch to now that chrome books are out of the picture, because let’s face it, we’re not going to back to pen and paper days because of this. I found some HP made notepads that run windows 10 and are visually resembling chrome books in addition to being in the same price range of 400 euro. Does anyone have any better guesses as to what the switch could be made to?
That all makes sense and lines up with my experience. Schools have a hard time keeping IT staff, as soon as you manage a school district for a year or two you can double or triple your salary elsewhere. So the near adminless part of chomebooks is quite valuable, doubly so when every IT lead seems to want to go in a different direction.
I do question the utility of laptops vs desktops. Assuming students aren't on the laptop during every class. If you assume say 1-2 hour a day of laptop time and access to a web browser at home you could save much of the waste of throwing away a laptop every 4 years. LCD panels can easily last 10 years, and batteries are often the first thing to die on laptops. I've built diskless linux desktops for educational settings, with a bit of tweaking was pretty much seamless for users. Literally had a browser, matlab, mathematic, maple, and print icons on the desktop and didn't do any training for incoming students. We'd buy 100 at a time or so and they would last 6-8 years, and each one met the needs of 4-10 students.
Cost (and environmental impact) is quite a bit less for a mac mini/Intel NUC and similar SFFS than a laptop.
I have a Chromebook that was released in 2019 and will get updates until 2027, so there's definitely not a rule that they can only get updates for 5 years.
How much money and resources do you think goog is spending on an ongoing basis to ensure they sell fewer Chromebooks to schools (and in general) in the future?
It's much easier (and more profitable / less expensive) from a program management perspective to instead deprecate the bulk of these cheap machines after five years to ensure "consistent user experience".
I hope I'm wrong! My experience with capitalism tells me I'm probably not. Less e-waste isn't profitable in the short to medium term. :(
They don't make money on the hardware and have no incentive to make the subscription look like a bad deal because of short hardware life cycle.
The hardware manufacturer is a different story. They love nothing better than to collect a laptop price tag on a laptop replacement schedule while only having to deliver a chromebook performance and absolutely zero os/software related customer support or windows license.
One more con. The screen is very bad. My kid's came new, but it looked worst than the 90s non-active matrix laptop I had. I wouldn't stand more than a few minutes on it. I guess kids have good enough eyes to not affect them too much. But maybe it speeds up their eyes' wear and tear. Hope kids won't be using it more than an hour or so a day.
“The books no longer exist. Neither do the chalkboards, they are digital too.”
The world is always changing, it’s hard to go back, but many of us were shouting the warnings when people used things like chrome books. Perhaps they should flatten them and put a proper OS on them with proper storage and teach kids the importance of data sovereignty and computer freedom.
> Perhaps they should flatten them and put a proper OS on them with proper storage and teach kids the importance of data sovereignty and computer freedom.
It's a cute idea, but these lucky kids are probably 'upgrading' to Windows 11 with some nice in-school MDM. It's always frying-pan-to-fire situations when people get pedantic like this.
Putting a proper OS = kids bypass the "security" and play games during class time. And you end up buying low performing spinning rust based laptops, because of the Windows license cost and higher system requirements for Windows machines.
Eh, I don't think playing trivia games and Worms instead of doing trivial (for me) stuff with Word/Excel or writing useless (for me) Visual Basic had much to do with how i became a programmer (taught myself PHP and then used it to write a terribly insecure CMS for the school parliament, partially to impress a girl).
I do think that the "curiosity" spirit applied when trying to circumvent restrictions (in school or from my parents) did help though.
My school used chrome books and one of my classmates ((sixth form)last 2 years of high school for Americans) literally took it apart and reassembled it again to replace a certain part after it fried and he didn’t want to pay for another one, he found the chip code and bought it from Amazon. That guy is in uni for compsci now,
True for you and me and so it seems true. But everyone else does the same things just maybe a year later, for their own non-programmer mundane reasons and never become programmers, or even close.
<name> spent years on irc and circumventing various copy protections and using p2p filesharing systems, but they just liked <artist> and so did everyone else in those irc channels, and that was that. They are so not-a-programmer they're almost a charicature of a normie. I have to perform the most basic of IT tasks for them, like, why is the sound coming out of the laptop instead of the headphones basic.
<name> learned how to mod video games yet is also not a programmer or in any remotely IT related field and practically a charaicature of a normie.
Once I noticed a few examples consciously like this, I saw that they are actually everywhere.
The cookie pop up not being in English got me imagining a horrible dark pattern where you always produce the cookie popup in a language not in the users Accept-Language header...
It lets me only read the introduction the full article is behind a paywall.
Summary: The national data protection forbids continued use because students' data are transferred to the US.
That's probably a good thing. Google is an evil company interested only in profiling their users instead of offering any decent customer service. And the US does allow spying on non-citizens. No reason to do any business with those.
The problem is that Europe lacks any serious alternative. We live as digital colonies.
This is a really interesting perspective and useful for me as I often default into the "Google is evil" camp and often don't check myself on re-evaluating the cons to a decision like this.
Looking at it while attempting to reduce my bias this does seem Draconian and there aren't many suitable alternatives like Chromebooks.
> The problem is that Europe lacks any serious alternative
As long as software engineers continue to make 1/3 of what they do in the US and founders get taxed at over 50% on their companies, this problem will continue. It is entirely self inflicted.
European tech companies complying with European regulations won't be able to compete with American companies that flaunt European regulations until they hold those American companies accountable and deny them access to the European market if they can't play by European rules. Enforcement of these regulations against American corporations will give the European software industry more room to breath.
I don't think GDPR and the like are the reason Europe has failed to produce anywhere near the amount of successful software companies that the US and China have. It is not hard to locate a datacenter in Europe or provide a button to delete your data or display a cookie popup. In the grand scheme of things very few users use the delete button anyways, so the loss of data is immaterial.
There is a massive brain drain from European schools and companies to the US (has been going for 20+ years now). If you look at the makeup of any top ranked school in the US, their MBA and STEM programs are at least 30-50% European immigrants. MBA programs in particular are overwhelmingly European immigrants. You have to ask yourself - what prompts so many people to get up and leave rather than try to build something at home? Tax policy? Lack of work ethic in the culture at home [1]? Excessive red tape for starting a business? Lack of respect for technical workers vs. managers? All of these are things to consider.
You don't create a winner by working 32 hours a week, that's for sure. Like pg said in his blog [2], you win by moving faster than everyone else.
Your post of full of prejudices. I won't address those part, but
> You don't create a winner by working 32 hours a week, that's for sure. Like pg said in his blog [2], you win by moving faster than everyone else.
You can definitely get more done if you are not stressed out, think through things and move a bit slower but always in the right direction.
You learn that first time you end up at a company that forces you to work 75 hrs/w just because they can buy everyone can clearly see it is not leading to anything other than more bugs.
Most EU companies have 40 hrs/w with occasional periods of 50-60. I think it is a good balance where you get things done and don't burn out your employees.
Or put differently, the EU wants to set a reasonable standard of living for their citizens and need to also compete against race to the bottom nations like China and the US without effective use of tariffs, so yeah not so effective.
A tricky question. Many schools in other EU countries are using Google Office Suite and Google Classroom. Is that also the same issue? My kids reports are published via Google Docs.
How about Microsoft's Office 365? Do they have data centers in EU? Or is that the same issue? Because then we also have fully Microsoft based school including extended Teams usage.
Basically how do you want to have any cloud based app running in EU when most of the providers don't have data centers here in EU?
> Basically how do you want to have any cloud based app running in EU when most of the providers don't have data centers here in EU?
All big providers have EU regions, and there are EU-native providers, but the problem is that even from an EU datacenter Microsoft/Google/Amazon can be forced to share data with the US government.
According to the Google translated beginning of the article:
"When elementary school students return from vacation, they can no longer use their portable Chromebooks. The Data Protection Authority has banned the use of Workspace - the applications on the Chromebook - because students' data may be disclosed to US authorities.
"The specific decision applies to Helsingør Municipality. But the Danish Data Protection Agency makes it clear that all the other municipalities that use Google's learning platform - that is about half of the country's 98 municipalities - should stop using Chromebooks in teaching. "The Danish Data Protection Agency expects these municipalities to take relevant steps on the basis of the decision," writes the Danish Data Protection Agency.
So basically completely sane concerns about user privacy? In an ideal world we'd limit our concerns about advertising and data sharing to the application layer, but in this modern world we need to be concerned about OS and even firmware level decisions about dialing home.
Banning Workspace isn't super clear. But Google Workspace is what they used to call G Suite and Google Apps and maybe one more name.
That includes the sign on to the computer and the device management to enforce limitations, it includes Google Docs, it includes Google Drive which is where persistent data is typically stored for a Chromebook.
If you elect not to use Workspace, there's no way to control and monitor the use of the devices. If the users login to the devices, they'd need to use a Google account, which presents the same data storage issues, so everyone would need to use the devices as a guest; but I'd bet guest use also results in unrestricted telemetry being sent to Google; and again, there's no way for the school system to manage the devices (which could enforce telemetry settings, perhaps) with users logged in as guests.
On the other hand, a windows Active Directory based system might run with servers hosted by Microsoft in Azure (and probably subject to similar concerns about data access by US governments), or it can be done with servers hosted onsite by the school system, or it can be outsourced to a provider within the country or economic area.
Apple computers are frankly unsuitable for this market; device management is poor. Open source operating systems could be setup however you like. Someone could setup a ChromeOS fork where the server hooks didn't need to go to Google, but I haven't seen it if it's been done. ChromeOS devices can usually run other OSes (if the other OSes support the critical hardware and the device can be convinced to boot in a method condusive to the other OS), but it might be labor intensive to setup at a school system wide level. You'd also need to come up with a different choice for productivity apllications as I don't think Google Docs would be easy to get working without Google.
I think the eventual right answer is to make it possible to do device management and sign-in in a federated way instead of piling all eggs into so few baskets. Right now normal Mac and Windows installs have similar problems in that it's getting hard to use them without ceding control to Apple or Microsoft.
ChromeOS is a full-blown Linux implementation that happens to come with the Chrome browser but obviously also comes with the whole rest of the operating system (file browser, editors, i/o services, Debian and Android subsystems, ...)
A school district asked the danish government if they could still use google "workspace" for their teaching. The answer was no, and all other school districts were cautioned to also follow the new guidance.
The "no" is said to be based on the possibility that google workspace data COULD be handed over to american authorities jy google.
Even with Google Translate I can't read it because it's paywalled. But the first paragraph reads something like:
"The Data Protection Authority has banned the use of Workspace - the applications on the Chromebook - because students' data may be disclosed to US authorities"
Wouldn't that be the case with all US hosted services?
Yes, and thats what makes the decision very notable. The article touches on the implications, but Politiken is not a technical news media so nothing in depth.
as far as I understand, the US government does not protect the rights of EU citizens, so US-hosted services are not GDPR compliant.
There was a special agreement to keep them legal, "privacy shield", which was taken down by EU Courts because of US government overreach.
https://en.wikipedia.org/wiki/EU%E2%80%93US_Privacy_Shield#L...
They can continue to use the same computers. They only need to replace the software on those computers with something that respects the rights of the students.
I really don't see what the European endgame is here. They seem to be backing themselves into a corner where due to superficial regulations they will be forced to select from a smaller pool of smaller companies with worse internal controls, worse inside risk defenses, and worse production security practices than the larger, more established, and more sophisticated multinationals. They are doing this for "privacy" but the practical outcome is going to be that whatever data they were trying to defend will be more readily available to top-tier national adversaries (China, Russia, U.S. foreign intelligence), more prone to accidental revelation, more subject to rogue insider practices, and more exposed to smaller-scale intelligence agencies that just happen to share a European jurisdiction, like the notoriously ham-handed and overreaching German BND.
If the nation of Switzerland was singlehandedly dying on the hill of privacy concerns while the whole world laughed and moved on I think your take would be the correct one - but Europe is a big economy and it has an immense amount of tech talent. SoCal may still be the Mecca of technology but Europe is no slouch - by taking a stand they are opening up a market for privacy conscious applications to thrive. In the best world Europe's actions will benefit us all in the long run and we might see a big player pivot to actually meaningfully adhere to the privacy concerns - in a less good world we'll probably see a fair amount of competition by small players within the Eurozone to provide the best software solutions while also respecting privacy.
I think it's a fair criticism to fear that the data may end up in the hands of well intentioned but poorly secured applications that cause larger leaks, but we've seen huge leaks in the US even from companies that exist solely due to the value of their data (i.e. Equifax).
You seem to be saying that it would be acceptable to impair real privacy in the present if it causes the growth of an indigenous European software/cloud industry. I can see the logic, but I don't really agree with it.
To me it seems like the smaller and more local your infrastructure becomes the worse the privacy story gets. Worst of all would be a completely bespoke infrastructure self-hosted by local authorities, where a handful of petty IT guys have complete access to everyone's data. Sure, it's against the law for them to access it, but they will do it anyway, because there are no internal controls nor effective audits.
Way on the other end of the risk scale is the idea that an American court will order Google to turn over the files of a Danish schoolchild to intelligence agencies. That's just a complete non-risk compared to the insider risks in the other scenario.
I think the big problem is that our regulations are too strict for US companies to comply to without breaking US laws. I have a feeling that if the US had insanely good privacy laws, EU probably wouldn't have too much issue delegating to US companies.
There is no winning scenario by continuing to use foreign products that are subjugated by foreign laws, so might as well try to get something done on the inside. That or declare privacy dead already and move to the next thing to lose control over.
My understanding is that this isn't about "privacy" in the "evil corporation selling my data" sense, but specifically about US-based companies' obligation comply with search warrants for data that they have access to. An "insanely good privacy law" isn't going to fix it.
The thing that set it off was "a 2013 drug trafficking investigation, during which the FBI issued an [Stored Communications Act] warrant for emails that a U.S. citizen had stored on one of Microsoft's remote servers in Ireland, which Microsoft refused to provide." The US promptly changed the law to require US companies comply with search warrants, regardless of where the data is located. European Data Regulators have a big problem with this.
That is already the case. There is a list of approved third countries where transfer of data is acceptable since they provide guarantees for that data in line with GDPR.
Interesting point. Perhaps true. Certainly their intent is to have their cake and eat it too, but you're probably right that isn't going to play out.
I think the problem is the complexity of running an international software business is getting harder and more complex and that is actually reducing security.
Whew, this comment has a lot to unpack. Big Tech using "we're the best defense against scary scary China" is ridiculous, because at the end of the day, Big Tech is happy to play ball with China when it gives them money. (Even Google tried to go back until it became politically problematic, Microsoft and Apple both do business there.) And Big Tech copies all of the behavior we are afraid of from China: Endless surveillance, punishment with no chance of appeal, etc.
I would encourage anyone who has ever tried the "but China" defense for Big Tech to go back to the drawing board, and come up with something that isn't out of the Trumpist playbook.
Second: Europe has access to a robust collection of open source solutions that are also used by many of those same companies. You can absolutely create a managed experience working around the already tried-and-true Linux platform, and Windows is, of course, still perfectly serviceable if appropriately neutered by policy and a quality enterprise-class firewall.
Europe should absolutely be applauded for keeping their citizen's data increasingly in-house, particularly because we in the US have repeatedly failed to put Sundar Pichai and Mark Zuckerberg in the prison cells they so desperately belong in.
Insider risk is the #1 risk to data privacy and none of your "robust" open source pieces of junk has got any kind of insider protections. There's going to be some slob somewhere with an EFF sticker on his laptop and the root password who is leafing through your daughter's files looking for nudes because he's a "loli catcher" or some other form of pervert.
The risk model where American intelligence courts are the top line item is stupid.
Literally any use of any technology that requires transfer of any EU personal data to a company that has any presence in the United States, is currently illegal for anyone in Europe.
But we're playing this silly game where data protection authorities slowly realize "oh - Google - they have US presence right? Let's ban them," and then this flows down to EU businesses.
The reality is the law is clear: any use of ... Google... AWS... MSFT (even with EU hosting)... Notion... Salesforce... GitHub... Atlassian... All of this is currently obviously illegal in EU.
So we now live in a weird world of, everyone is breaking the law, who do we call on it?