Google has rejected the Electronic Frontier Foundation's concerning claims with regard to how it collects and uses data when child students use school-issued devices, like Chromebooks, and Google's own Google Apps for Education (GAFE) core and non-core services.
Key among the EFF's complaint is the Google Sync service used by the Chrome web browser, and how Google utilizes student's information when using non-Core (or "consumer") services, including YouTube, Maps and Books.
We'll now take a look at the EFF's allegations about Google's practices, and the response from the Search giant, based on the information available publicly at this time.
EFF's Spying on Students campaign
The FTC complaint has arisen as a result of a noble cause, which is the EFF's "Spying on Students" campaign. Its goal is simply to raise awareness about privacy risks associated with devices and software provided by schools to children as young as 7 years old.
As part of this program, the EFF examined Chromebooks sold to schools by Google, and also examined its GAFE Core services (including email, Calendar, Talk/Hangouts, Drive, Docs, Sheets, Slides, Sites, Contacts and the Apps Vault) and non-Core services as used by students.
A potential risk raised by the EFF is that Google Sync is enabled by default on Chromebooks sold to schools, and the EFF didn't hold back when asserting what this allows Google to collect.
"This allows Google to track, store on its servers, and data mine for non-advertising purposes, records of every Internet site students visit, every search term they use, the results they click on, videos they look for and watch on YouTube, and their saved passwords," the EFF asserts.
"Google doesn't first obtain permission from students or their parents and since some schools require students to use Chromebooks, many parents are unable to prevent Google's data collection."
Additionally, the EFF also indicates that Google serves ads to students when using non-GAFE services but while still logged in to the student account, and that Google is tracking activity on these services (Google News, Maps, Books, YouTube etc.) and applying it to an ad profile attached to the account, regardless of the fact that its a student account.
The Student Privacy Pledge
The reason the EFF has reached out to the Federal Trade Commission is it finds Google is violating the Student Privacy Pledge, which it signed earlier this year. The pledge amounts to a legally enforceable document that commits Google to refrain from collecting, using or sharing student's personal information, unless it is needed for legitimate educational purposes.
"Despite publicly promising not to, Google mines students' browsing data and other information, and uses it for the company's own purposes. Making such promises and failing to live up to them is a violation of FTC rules against unfair and deceptive business practices," said EFF Staff Attorney Nate Cardozo.
"Minors shouldn't be tracked or used as guinea pigs, with their data treated as a profit center. If Google wants to use students' data to 'improve Google products,' then it needs to get express consent from parents."
The EFF wants the FTC to investigate the claims and force Google to stop using students' personal information for its own purposes, and mandate that all information previously collected be destroyed.
Google rebuffs EFF, clarifies its use of personal information
Jonathon Rochelle, director of Google Apps for Education, responded to the EFF's complaint by insisting that Google's services comply with both the law and the commitment it made by signing the Student Privacy Pledge. Rochelle insists that Student's personal data in the GAFE Core services is only used to provide the service itself, while no ads are shown and the data is not used for advertising purposes.
As for non-Core (or "consumer") services such as YouTube, Rochelle clarifies that it is up to schools whether students can even access these services with the GAFE accounts.
"We are committed to ensuring that K-12 student personal information is not used to target ads in these services, and in some cases we show no ads at all. In Google Search, for example, we show no ads when students are logged in," Rochelle insists.
He also insists that Chrome Sync is only used to enable account holders to log into any Chromebook or Chrome browser and find all of their important stuff, like apps, extensions, history, and so on. Applied to the classroom, this means that shared devices can still provide a personal experience once a student logs in to a personal account.
In GAFE accounts, personally-identifiable data is used only to allow students to access their own data across devices. Google's systems also compile data from millions of users of Sync, with personally-identifiable information removed, to improve its services. As an example, Rochelle posits how millions of users encountering an error on a webpage could alter its search result rankings.
GAFE users' Chrome Sync data is not used to target ads to individual students.
It is worth noting that co-authors of the Student Privacy Pledge, The Future of Privacy Forum and The Software and Information Industry Association, have been critical of the EFF's interpretation of the pledge. The FTC's interpretation will be a lot more important.
Sources & Recommended Reading:
- Google Deceptively Tracks Students' Internet Browsing, EFF Says in FTC Complaint: www.eff.org
- EFF's FTC complaint document: www.eff.org
- Google's Student Tracking Isn't Limited to Chrome Sync: www.eff.org
- The facts about student data privacy in Google Apps for Education and Chromebooks: googleforeducation.blogspot.ie
- Future of Privacy Forum Statement Regarding Electronic Frontier Foundation Student Privacy Complaint: fpf.org
- Some Misunderstandings of the Student Privacy Pledge: blog.siia.net
- Google+: Google for Education (Image Source): plus.google.com
Written by: James Delahunty @ 3 Dec 2015 11:51
