You are here

CIO News

Google complaint highlights continued privacy concerns

Nonprofit claims Google mines data to target advertising at students
Google rejects assertions that it has violated student data privacy rules.
Google rejects assertions that it has violated student data privacy rules.

Parents and educators hailed FERPA, COPPA and the Student Privacy Pledge as significant steps toward securing student data. But the Electronic Frontier Foundation believes that Google, a prominent player in edtech, is already violating those measures.

In December, the foundation, a nonprofit digital rights group based in San Francisco, filed a complaint with the Federal Trade Commission alleging that Google is using its ubiquitous access to educational devices to mine student data so it can better target advertising at students.

Google Apps for Education—a suite that includes Google Docs and Google Classroom—does not track personal student information. But the foundation says Google’s ancillary services, such as YouTube and Chrome, collect non-education data (such as browsing and search history) when students are logged in with their school account.

“Over the last couple of years we have been getting more and more inquiries from concerned parents because these devices and cloud services are being deployed [in schools] and a lot of times there’s no information sent home for the parents,” says Sophia Cope, staff attorney for the foundation. In many cases, parents cannot opt out of data collection.

“Google has promised one thing and done another,” she says. “We want them to not make such public promises for PR benefit … and we want them to change their practices to actually not collect student data without parental consent and use it for commercial purposes.”

Google rejects the assertions. “While we appreciate EFF’s focus on student data privacy, we are confident that our tools comply with both the law and our promises, including the Student Privacy Pledge, which we signed earlier [last] year,” Jonathan Rochelle, director of Google Apps for Education, wrote in a statement. The authors of the privacy pledge also have criticized the foundation’s interpretation and its complaint, Rochelle added.

Not enough?

The FCC is reviewing the filing and is expected to decide within the next few months whether to pursue the matter.

Regardless of the outcome, the complaint shows that Google and other major edtech companies have not done enough to allay concerns about student data safety, says Bill Fitzgerald, director of the privacy review program at Common Sense Media. The nonprofit organization advises children and parents on appropriate of use of media and technology.

The complaint reinforces the importance of district leaders to be vigilant about protecting student data, he adds.

“Privacy evaluations and security assessments are never actually finished,” Fitzgerald says. “It’s not the kind of thing you can just check off your list and put away. It’s the kind of thing you need to return to multiple times throughout the school year.”

Keep your data private

  • Privacy concerns can vary between communities. Communicate with parents in your district to understand what risks they feel are acceptable.
  • Data privacy is not solely a legal issue, nor solely an IT issue. Both teams should work together to ensure all needs are being met.
  • Teach students safe digital citizenship practices, such as not using their birthday in a password.
  • Source: “Information Security Primer for Evaluating Educational Software,” by Common Sense Media
Taxonomy: