Danish authorities have taken action against the use of Google Workspace in municipal government operations, citing data protection concerns. This decision reflects growing European scrutiny of US-based cloud services in public sector environments.

The Decision

The Danish data protection authority determined that Google Workspace could not be used by municipalities in a manner that complies with the GDPR. The concerns centered on data transfers to the United States and the inability to ensure adequate protection of citizens' personal data within Google's infrastructure.

Why Public Sector Use Is Particularly Sensitive

Government entities process vast amounts of sensitive personal data about their citizens -- from tax records to healthcare information to educational data. The stakes of a data protection failure are significantly higher than for typical commercial use, and citizens often have no choice but to interact with government services.

European data protection authorities have been particularly strict about public sector use of US-based services because the Schrems II ruling called into question whether standard safeguards adequately protect data from US surveillance.

Implications

Denmark's action follows similar moves by other European jurisdictions. France has directed schools to stop using certain US-based productivity suites, and various German authorities have raised concerns about Microsoft 365 and Google services in government contexts.

These decisions signal a broader trend toward digital sovereignty in European public institutions. Organizations in both public and private sectors should monitor these developments and evaluate whether their reliance on US-based cloud services creates compliance risks, particularly for processing sensitive personal data.