"EFF bases this petition on evidence that Google is engaged in collecting, maintaining, using, and sharing student personal information in violation of the 'K-12 School Service Provider Pledge to Safeguard Student Privacy' (Student Privacy Pledge), of which it is a signatory,” alleged the EFF in its initial FTC complaint.
Google takes such allegations very seriously, and has thus responded to every claim brought forth by the EFF. “While we appreciate the EFF’s focus on student data privacy, we are confident that our tools comply with both the law and our promises, including the Student Privacy Pledge, which we signed earlier this year,” said Jonathan Rochelle, the Director of Google Apps for Education.
With respect to Google Apps for Education Core Services (GAFE), Rochelle asserts that all student data stored is “only used to provide the services themselves” and that student data isn’t used for advertising purposes, nor are ads served to students.
Rochelle takes the most time to explain how Chrome Sync works, and how it is in clear compliance with Google's commitment to protecting student data privacy. He contends that students are allowed to login with their own personal account credentials in an effort to help them enjoy a “personalized experience on any device they share with their classmates.” Rochelle also explains that personally identifiable data on students is removed, and only aggregated data of its millions of users is utilized to help improve its services.
“For example if data shows that millions of people are visiting a webpage that is broken, that site would be moved lower in the search results,” explains Rochelle. “This is not connected to any specific person nor is it used to analyze student behaviors.”
It’s also noted that Chrome Sync can be disabled at the administrator level, by students or educators. In addition, other Google services like Maps, YouTube and Blogger can be locked down by administrators if they don’t want their pupils accessing them.
For its part, the EFF said in a new blog post today acknowledging that it understands the benefits of Chrome Sync, but it is not backing down from its claims. “We don’t think students should be guinea pigs in Google’s efforts to improve its products without explicit parental opt-in—even if their data is anonymized and aggregated,” wrote the EFF’s Jeremy Gillula. “The Student Privacy Pledge website clearly says that service providers will ‘use data for authorized education purposes only’—and anonymized or not, using Chrome Sync data for anything other than the Chrome Sync service itself does not constitute an educational purpose.”
Gillula also doubles down on his criticism of student tracking in Google services outside of GAFE, stating:
In other words, when a student logs into their educational account, and then uses Google News to create a report on current events, or researches history using Google Books, or has a geography lesson using Google Maps, or watches a science video on YouTube, Google tracks that activity and feeds it into an ad profile attached to the student’s educational account—even though Google knows that the person using that account is a student, and the account was created for educational purposes.
This is our biggest complaint about Google’s practices—that despite having promised not to track students, Google is abusing its position of power as a provider of some educational services to profit off of students’ data when they use other Google services—services that Google has arbitrarily decided don’t deserve any protection.
Google obviously disagrees with this assessment and is at least trying to set the record straight. For now, it’s up to the FTC to decide if Google has stepped over the line with its services aimed at students.