In August, the Danish data protection agency banned the use of Google's products in the municipality of Helsingør.
If this ban is upheld, the use of Google Classroom in 40+ municipalities will be illegal.
The agency has allowed Helsingør to continue using the product until supplying further information in January, since postponed some times.
Now, the interest organization "KL - Local Government in Denmark"[1] are arguing[2] that if Google's say that they need students' personal data to "enhance" the product and "innovate" it, then the Danish municipalities should provide that data.
These data, that Google may use to "enhance" its product includes IP address, email address, location, passwords, metadata, bookmarks, and ... files created by the students.
In the article in the medium Radar I refer to (i.e. [2]) a professor of administrative law argues that this is probably against the Danish school law. I also imagine it must violate the GDPR, but IANAL.
But basically, Google are taking the municipalities hostage (who, I might add, have bought *individually* from Google - they haven't negotiateed as a block) by claiming that they *need* that data to operate - a claim that must certainly be false.
Best Carsten
[1]: https://www.kl.dk/english/
[2]: https://radarmedia.dk/eksperter-kommuners-nye-argumenter-i-chromebook-sag-er...