Welcome to The Privacy Dad's Blog!

Jesper Graugaard's Fight Against Chromebooks in Danish Schools (2/2)

This is the second of a two-part interview. The first part was published last week and can be read here.

I learned about Danish parent activist Jesper Graugaard in April of 2023, when I was doing research for my article 'Should I Raise Privacy Concerns with the School?'

Jesper challenged the use of Google Chromebooks in his child's school in 2019, which led to a ban of Chromebooks in schools in the Elsinore Municipality and started a nation-wide discussion about the use of data-collecting platforms in education.

Second part of the interview

The Finnish office of Save The Children contacted me. They had decided to base their Legal Design Summit on my case and the Wired article. It was very inspiring to hear this. I was invited to explain and give the context to my case, and help build an understanding of the privacy and data issues that children and parents are facing today in Scandinavian public schools. I hope they can develop a toolkit to make parents and children more aware of their rights and how to file a case.

Other unexpected positive personal outcomes have been that I was honoured by the Danish foundation The Georgbruunske Foundation in 2022 for my digital fight. I can now officially call myself a 'Sympathetic Complainer'.

In 2023 I was nominated for the Danish digital freedom fighter 'Libre Prize'. I was nominated along with high profile individuals such as Max Schrems2 and David Heinemeir Hansson3. Of course its hard to beat the large-scale impact that Schrems has had, but being a 'dad' without a technical background sitting together with prestigious lawyers and tech people was not only a big honour–it drove home the importance of my case and the impact it has had so far.

But what has touched me most has been everyone who has reached out to me from all over the world. Parents, professors, data scientists, privacy experts and journalists have contacted me and helped me build a fantastic network. They have inspired me, and, more importantly, pushed me in the right direction, keeping me focused and eager to learn more. That kind of support and acknowledgement has been essential, as I was very much alone in this fight, and still am today.

So far, lobby organisations, lawyers, and NGO organisations, all with the power to affect change and help stop the commercialization and violation of children's privacy in schools, have not been able to make any significant impact, with the exception of the Danish Data Protection Authority. Most children's rights organisations and NGOs are spending their time and energy debating the negative side effects of screen time, mobile phones in schools and social media. Hardly anyone is addressing the principles of data harvesting and privacy.

You refer to yourself as a 'GDPR Activist' on your LinkedIn profile. What are your thoughts on Europe’s GDPR privacy law? In what ways has it worked, and in what ways, if any, does it fall short?

I try to keep a positive outlook. The EU as a collective has the power and potential to create change. Sadly Denmark is behind when it comes to understanding privacy. Recently Denmark supported the very controversial CSAM Act that would have forced telecommunications providers and tech companies to scan all users' digital communications for child abuse material. Thankfully it has been scrapped from the agenda, but Denmark strongly supported it, while knowing it would have breached privacy laws.

Do you think GDPR is a model that could work internationally?

That's a hard question to answer. I hope it can, but I am not specialist on digital laws.

What is it like being an activist? Have you or your family experienced negative consequences as a result of your activism? Has it changed your views about what it means to work?

I pursue the case in my spare time. I am not getting paid to do it, and that makes me free of any political and financial conflicts of interest. I keep focusing on the simple principle that my children have a right to digital privacy while in public school.

That is currently not the case. Data is being collected, a 'digital twin' or profile is being created, and when my children are of legal age they do not own the rights to their profile. They cannot change it, nor can they take it back. This must change. They should have the right to own and control their personal data when going to school.

One negative effect for me personally is that I quickly realised that I had to go public. Show my face in the media. That was a big step for me, as I am a private person.

I have also been publicly shamed in local media and social media groups by local politicians for bringing Elsinore to the attention of the world with the data privacy issue.

One could argue that providing students with affordable hardware and a mainstream operating system is more important than the data protection issue, especially given how important IT skills are. Do you see any alternative solutions for providing students with the necessary IT experience without compromising their data?

Getting a Chromebook in school is not providing any IT skills. Before giving a child a computer, they need to be given the opportunity to study IT as a subject. This is currently not the case in Denmark.

Here, there has been a debate over the past few years about implementing a subject called 'Technology understanding', but so far nothing has happened. In order to be a successful human being living in the digital age, we will need a far better understanding of technology, and it needs to be taught in the classroom.

Imagine if we had a subject in schools where children learned not only how to use digital technology, including coding, but were also taught the history and culture of information technology. Just like we teach the Second World War, or the political history of the 20th Century, we should also teach the history of the Internet, the first social media company, what data and data harvesting are, the history of Microsoft, the impact of the iPhone, when streaming began, what social impact YouTube has had, and so on.

Many of these aspects are left to parents to teach, and considering that most parents are not well-versed in information technology, we have fallen behind in terms of our knowledge and understanding of technology.

Today we spend an average of six hours a day on social entertainment online. When you add that to screen time in schools, it easily becomes six to eight hours a day spent in front of a digital device. That's a lot of your time and attention spent online.

What's even worse, a 2017 study of U.S. adults found spending six hours or more a day watching TV or using computers was associated with a higher risk for depression. And a study published last year found young people who spend seven hours or more a day interacting with screens are twice as likely to be diagnosed with depression or anxiety as those who use screens more moderately.4

But when it comes to being ready for the digital age, do we really need to compromise young people's data?

Final thoughts

Finally, let me state that I have nothing against the companies that sell digital services. This is not a fight against corporations. For me, it's a fight for privacy and digital rights.

As a modern digital society, we need to understand the basic needs for privacy and the legal rights we have to be private. The digital age makes these rights more complex and more delicate because the line between what is private and public is blurring, because digital services today have such extensive possibilities to collect data. This can make it extremely difficult to find the limit for when our private sphere is exceeded. But when our digital private sphere is exceeded, highly personal data is often collected, which we subsequently cannot withdraw, don't own, and which we no longer have rights over.

When you enter a school system as a child, such as in Denmark, the risk of data being collected and ending up with two large tech companies is extremely high. This means that we in Denmark are incredibly dependent on just two suppliers, who can change the conditions at any time without this necessarily being a breach of contract.

That's what happened when Google changed the designations and created a data link that meant that more than eight thousand children in Elsinore municipality got a profile on YouTube with their full name, grade level and school name. The municipality was not aware of this change until I discovered it. And that meant that the problem became nationwide, affecting almost 53 municipalities.

What is decisive for me is that we as a society become better at understanding both the immaterial and material value of data. Data is part of us, our identity, our personality, and we have a right to have these protected on an equal footing with other fundamental human rights. Especially when it comes to children in a school system. This is to ensure their future rights are not violated until they are old enough to give consent.

Unfortunately, at it stands today, it is the parents who have the right to consent until the child is 18 years old, but the parents do not have a professional basis on which to make these types of decisions. Parents send their children to primary school, uninformed about their children's rights, and uninformed about the data collection that takes place. This is because, unfortunately, they often do not understand or have not familiarized themselves with these concepts. It has become too complex.

We have to change that, that's what the Chromebook case is about.

That concludes the second part of my interview with Jesper Graugaard. I want to thank him for the time and effort he has put into answering my questions, especially while there are a lot of ongoing developments with his case.

I wish him all the best, and hope to be able to post progress updates here soon!

Information about Jesper and the Chromebook case in Denmark

Jesper Graugaard on LinkedIn

2022 Wired article

EDPB article

Laptop Magazine article

Version 2 articles on Chromebooks (in Danish)

Discussion: Reddit

Subscribe to my blog via email or RSS feed.

Back to Blog

  1. Jesper's announcement about the Legal Design Summit on his LinkedIn page

  2. Max Schrems Wikipedia

  3. David Heinemeier Hansson Wikipedia

  4. Source

#chromebook #digitalprivacy #parenting #school