Once the institution's board has accepted this agreement and taken control of the Chromebooks, Google will be a processor and the institution's board will be the processor responsible for processing personal data on Chromebooks (running ChromeOS) and in Chrome browsers (running Chromebooks). By accepting this agreement and implementing associated measures, you will mitigate privacy risks for students and staff when using Chromebooks running ChromeOS and the Chrome browser.
This agreement has been reviewed - on behalf of SURF and SIVON - and approved by a team of (external) privacy lawyers. Besides accepting this agreement, as an institution you need to take some additional measures to ensure safe use. You will find these measures in brief at the bottom of this article in the comprehensive guide.
Please note: these measures are in addition to the measures Google Workspace users were able to take at an earlier stage. Should you want to read back on these steps, check out this page.
The DPIA on Chromebooks, ChromeOS and Chrome browser is separate from the DPIA carried out on Google Workspace. You can read more about this in this article.
The Terms of Service in brief
- Commissioned by SURF and SIVON, Privacy Company conducted a study on privacy risks when using Chromebooks and Chrome browser on Chromebooks. View the full report here.
- Google is developing a processor version of ChromeOS specifically for education. This will be available in August 2023.
- Besides the introduction of the processor version, SURF and SIVON have made additional agreements to eliminate privacy risks. These agreements are in the 'improvement plan'.
- The board of the institution itself also needs to adjust a number of privacy-related settings. You can find these steps in the manual.
- Google will come up with a new processor agreement for all users in the Dutch education sector. Institutions will receive notification from Google about this as soon as possible. The Chrome OS and Chrome browser processor agreement has been checked and approved by SURF, SIVON and privacy lawyers on behalf of SIVON.
- The agreement applies to Chromebooks under management under a Workspace domain. You bring Chromebooks under management with the 'Chrome Education upgrade' licence.
- The processor agreement applies only to 'essential services' (see the annex 'List of Essentials Services').
- Optional services must be turned off by the admin.
- There is no need to install new software on the Chromebooks. The rollout of functionalities to enable the processor version are in Google's software updates.
As an institution board, what should you do yourself?
- Ensure that all Chromebooks you use are under management within your Workspace domain (called the 'education upgrade').
- Accept the agreement Google offers you (how/when).
- Turn off all optional services (see manual).
- Implement the remaining measures as described in the manual.
Note that de-activating 'optional services' involves switches. All switches will be implemented in August 2023. Existing Workspace users must deactivate 'optional services' themselves with the switches. For new Workspace users, the optional services are off by default ('privacy by design').
A full list of news releases can be found on this page.