The company whose new slogan is “do the right thing” has run afoul of student data privacy advocates. The Electronic Frontier Foundation (EFF) has filed a complaint with the Federal Trade Commission, charging Google with “deceptively” collecting children’s personal information including their search histories and saved passwords.
As part of its “ Spying on Students” campaign, the EFF found that:
Google’s “Sync” feature for the Chrome browser is enabled by default on Chromebooks sold to schools. This allows Google to track, store on its servers, and data mine for non-advertising purposes, records of every Internet site students visit, every search term they use, the results they click on, videos they look for and watch on YouTube, and their saved passwords.
The filing also alleges that “the administrative settings Google provides to schools allow student personal information to be shared with third-party websites.”
Google’s Chromebooks have become one of the hottest-selling devices in the K-12 market. By one estimate, schools and districts will purchase the majority of the estimated 7.3 million units that will be sold in 2015. Often, these Chromebooks are deployed to students without any input or consent from their parents.
Google is a signatory to the Student Privacy Pledge, a legally enforceable commitment that, among other stipulations, requires companies to “use data for authorized education purposes only” and “be transparent about collection and use of data.” The EFF notes that Google is not using the data for targeted advertising. But the San Francisco-based nonprofit’s Staff Attorney Nate Cardozo said in a statement: “If Google wants to use students’ data to ‘improve Google products,’ then it needs to get express consent from parents.”
The company has been slapped on the wrist before: in 2014 it was found to be mining emails of Google Apps for Education (GAFE) users for advertisement purposes. Google has since stated that no data will be scanned in this manner for K-12 GAFE users, although how student data is collected via non-GAFE services (such as YouTube and Google Maps) remains unclear. Google has stated that it will “soon” turn off the syncing feature, which the EFF says “is a small step in the right direction [but] doesn’t go nearly far enough to correct the violations of the Student Privacy Pledge.”
UPDATE (12/3/15): Jonathan Rochelle, Director of GAFE, has published a response stating that “we are confident that our tools comply with both the law and our promises, including the Student Privacy Pledge, which we signed earlier this year.” One of the main purposes for Chrome Sync, he notes, is to allow students to access their GAFE accounts on any Chromebook or Chrome browser within the school. The Future of Privacy Forum—one of the backers of the Student Privacy Pledge—stands behind Google, stating that “we do not believe [the EFF complaint] has merit.”