The Empire Strikes Back: Google Refutes EFF Privacy Claims
The Electronic Frontier Foundation recently lodged a complaint with the Federal Trade Commission alleging that Google’s seemingly benign student Chromebook program is in fact a data privacy nightmare, in so many words. The complaint begins by noting that Google is a signatory to the Student Privacy Pledge, which is an industry-wide effort to provide data privacy protections for kindergarten to high school students. Then, it outlines the ways it believes it has identified Google, which thrives on data collection and usage,violating the pledge.
First, when students are logged in to their Google for Education accounts, student personal information […] is collected, maintained, and used by Google for its own benefit, unrelated to authorized educational or school purposes. Second, the “Chrome Sync” feature of Google’s Chrome browser is turned on by default on all Google Chromebook laptops – including those sold to schools as part of Google for Education – thereby enabling Google to collect and use students’ entire browsing history and other data for its own benefit […] And third, Google for Education’s Administrative settings, which enable a school administrator to control settings for all program Chromebooks, allow administrators to choose settings that share student personal information with Google and third-party websites in violation of the Student Privacy Pledge.
The last part would seem to be the most damning, as it introduces a human element of failure. Administrators are not known for their technical savvy, and thus might accidentally enable data sharing without the permission of the students involved or their parents. The full report for the FTC is worth a read, especially if one has children in a district where Google for Education has a foothold.
Following the report and widespread media coverage, Jonathan Rochelle, Director of Google Apps for Education shot back in a blog post, roundly denying the EFF’s claims.
While we appreciate the EFF’s focus on student data privacy, we are confident that our tools comply with both the law and our promises, including the Student Privacy Pledge, which we signed earlier this year. The co-authors of the Student Privacy Pledge […] have both criticized EFF’s interpretation of the Pledge and their complaint.
He refers here to Jules Polonetsky, Executive Director of the Future of Privacy Forum (which spearheaded the Student Privacy Pledge along with others), who said:
We have reviewed the EFF complaint but do not believe it has merit. […] We understand that any data collected is not used for behavioral advertising and all other data uses are aggregated and anonymous. […] We don’t believe the complaint raises any issues about data use that are restricted by the Student Privacy Pledge.
Rochelle also refers to Software and Information Industry Association Senior Vice President of Public Policy Mark McCarthy, who wrote in a blog post:
[…] this information is collected at the direction of the school as part of a student’s educational experience. The pledge was never intended to prevent the collection of personal information as part of students’ educational experience.
The rest of Rochelle’s post is dedicating to explaining how Google Apps for Education work, and seems to ignore the overwhelming majority of the FTC complaint – as did much of the media. As such, the EFF saw fit to double down on its claims, and make clear to those paying attention that they are not merely pointing out a singular feature of the Google program, but the behavior of the program as a whole. The new post says:
[…] the primary thrust of our complaint focuses on how Google tracks and builds behavioral profiles on students when they navigate to Google-operated sites outside of Google Apps for Education.
This much was lost as anxious reporters sought to get their articles done, but essentially the activity of Google Sync is secondary to the nature of Chrome OS as a whole. Chrome Sync is enabled by default on all Chromebooks, an interesting choice for a search provider which relies on user data to earn targeted advertising revenue – to the tune of billions per year. Nevertheless, Google’s “educational” Chromebooks are treated the same when they are not on Apps specifically part of the GAFE program.
[W]hen a student logs into their educational account, and then uses Google News to create a report on current events, or researches history using Google Books, or has a geography lesson using Google Maps, or watches a science video on YouTube, Google tracks that activity and feeds it into an ad profile attached to the student’s educational account […] [D]espite having promised not to track students, Google is abusing its position of power as a provider of some educational services to profit off of students’ data when they use other Google services—services that Google has arbitrarily decided don’t deserve any protection.
The saga will likely continue as the FTC mulls the complaint over. How Google’s educational program will be perceived in the future could very much hinge on this one complaint, in that Google could either be severely limited in its tracking abilities as regard students (despite supposedly volunteering to be as much) or it could be permitted to continue as is. With industry heavyweights already flocking to Google’s side, there is no telling what will happen. What’s for sure is that Google needs user data to maintain its business model, and if a new generation hands it over unwittingly before they’re even consumers, advertising of the future could be a very different thing indeed.
Images from Shutterstock and Google/Chromebook Pixel.