A recent decision by the Swedish Data Inspection Board may place Google Apps usage in jeopardy, at least insofar as it applies to government and educational institutions in Sweden. The Data Protection Authority is responsible for safeguarding Swedish consumer data by ensuring organizations comply with the Personal Data Act (PDF), which sets guidelines for how personal data is handled.
In the view of the Data Inspection Board (also known as the Data Protection Authority), the Personal Data Act conflicts with the agreement a Swedish town called Salem signed for Google Apps usage. According to the Data Inspection Board, certain flaws in the contract rendered it "too open-ended" on Google's behalf, potentially jeopardizing the data protection of public sector customers. Specifically, Google was said to have too much discretion over data usage, there were uncertainties over how Google uses collected data, and details were hazy over the subcontractors involved in data processing.
This decision doesn't mean Google Apps is suddenly banned from the Swedish public sector. It's being appealed by Sweden and may be changed down the road. On the other hand, if the decision is upheld and the same Google agreement applies elsewhere in that country, Google Apps might wind up ousted where applicable in Swedish schools and government.
Google's public response has been that they feel their agreement complies with Swedish law and they are confident this issue will be sorted out in their favor. Perhaps, but this topic may well open the door for similar challenges or rulings. Have you ever attended a meeting or function where the presenter asked "Are there any questions?" and the audience seemed to hold back, as if waiting for someone else to make the first move? I've seen situations where someone blazed the trail by asking a question and suddenly more questions began popping up like corn as the audience relaxed. Something like that might very well happen here. Expect a large amount of scrutiny to fall on Google now, both from government and businesses alike.
In essence, the concerns here come down to privacy. Privacy has been Google's Achilles heel for some time now, of course, and the situation is getting more complicated. The subject evokes a particularly strong reaction among companies and individuals alike, what with the seemingly never-ending string of headlines discussing spying both among the private and public sectors in the U.S. Privacy concerns are generally the most frequent comments to articles I've written for the Google in the Enterprise Blog, with a good amount of people declaring complete mistrust in Google's intentions and practices. There is a credibility gap at hand here, and the chasm is widening.
The debate has raged over cloud computing for years now, with proponents advocating lower costs, better efficiencies, and more value to organizations. Google's recent pitfalls have given cloud computing detractors significant ammunition for their cause. How Google addresses these issues will represent a major battle on the cloud computing front and quite likely determine the outcome of the war. It won't be enough to just reverse the decision in Sweden or pay the fines in France; Google has to speak loud and clear to consumers and businesses to convince them that privacy and security go hand in hand, and both are above reproach in their environment.
Perhaps their best bet is hiring a well-respected, easily recognizable spokesman who conveys absolute trust and honesty?
Scott Matteson is a senior systems administrator and freelance technical writer who also performs consulting work for small organizations. He resides in the Greater Boston area with his wife and three children.