Hi, my employer is sponsoring an academic research on parenting and flexible working. A lot of sensitive questions are asked and the university researcher has circulated these questions on Google Forms to all employees. I am really anti-Google when it comes to privacy (got rid of every Google link years ago and currently use GOS, etc.) so I raised this concern with the HR team. They were sympathetic with my view and have encouraged me to send my view to the university. However, I don’t want to go down the rant, and want to provide constructive feedback. So, first thought I would to consult with privacy focused members of this list. Here are my questions:
a) are there independent research papers out there that demonstrate (rather than speculate) that Google Forms is not fully respecting privacy and is not fully GDPR compliant?
b) are there more robust, privacy and GDPR compliant alternatives I could recommend? I’ve done quick searches on the web and alternatives like JotForm and AidaForm seem to be more privaci and GDPR focused. Anyone used these before?
Am I being too anal about this …?
So this is pretty good.
https://measuredcollective.com/is-google-forms-gdpr-compliant/
It’s a list of things you need to do in order to make the use of Google forms gdpr compliant.
One thing they don’t touch on is the use of personal accounts to collect data. People tend to use Google forms because it’s easy to set up using their personal account, but that essentially removes any company oversight from the collection and data processing. This makes it much harder to satisfy the data controller requirements.
Of course if it’s an external contractor gathering the data and processing it independently, your company is likely to dismiss all this as not their problem.
If it’s real academic research it will have had to go through ethics approval, and this should include data handling, and gdpr compliance.