Here’s from a rival services blog:
Dutch education ministers Robbert Dijkgraaf and Dennis Wiersma have just reported in a parliamentary letter that there are many privacy concerns about current Google services. Consequently, the Dutch education sector will not be able to use modified versions of the Chrome browser and Chrome OS in its current state.
Interestingly, Germany had banned the use of Office 365.
For years there has been a discussion in Germany as to whether schools can use the Microsoft Office 365 software in compliance with data protection. In August 2017, the Hessian Data Protection and Freedom of Information Officer (HBDI), after extensive review of Microsoft’s Germany cloud, was the only German data protection supervisory authority to comment on this. In its statement at the time, the HBDI found that Office 365 can be used by schools in compliance with data protection in the Germany cloud, insofar as the tools provided by Microsoft (e.g. role and authorization concept, logging, etc.) are properly applied by schools. In August 2018, Microsoft informed the public that contracts were no longer offered for the Germany cloud and that sales of this product were discontinued. Since then, a large number of teachers and school management staff, but also school authorities, have asked the HBDI about the use of Office 365 in the European cloud. In addition, Office 365 has been massively promoted into the school landscape in recent months by individual school authorities, regardless of the unresolved data protection issues.(Tranlsated from German).
In consequence, the data commissioner reasons that the data processing by Microsoft is illegal. In addition, this can not be helped by asking parents for consent to data processing. This would not satisfy the particular protection rights of children in regards to article 8 of the General Data Protection Regulation (GDPR).
This is classical EU. Blocking everything it deems against “privacy”. There are numerous other touch points (and huge attack surfaces) to track individuals, but these are exercises in futility. Do they encourage companies to conform to local regulations? I have no idea beyond the staple “spokespersons comments”. The only way to confirm is through public audits of data ingress and egress.
Stop using Gmail though. My personal recommendation is for Fastmail.