Google has not replied to the complaint, other than to say that they do not believe that their data collection practices violate the Student Privacy Pledge. It is not my responsibility to defend Google and their business practices. What I am interested in exploring is the increasingly cloudy area of data collection, mining, and use by large technology companies (Facebook, Google, Apple, Twitter, etc)
There have been dozens of lawsuits related to the collection and use of user data:
- Microsoft sued for collecting Windows phone locations (2011)
- Facebook sued for violating wiretapping laws with tracking cookies (2011)
- Apple sued over location tracking in iOS (2011)
- Google sued over data mining of student email (2014)
It would be fairly simple to conclude that "data collection / tracking / mining is bad and should be stopped". If only it was that easy. The services we have come to rely on are made better through the collection and use of personal information:
- If Facebook didn't know who your friends were, your stream would be chaos.
- If Siri didn't know what "home" or "call my wife" meant, she would be useless.
- If my Chrome preferences aren't saved and synced to all of my devices, I wouldn't like it as much.
There is a delicate balance at play here between the collection of personal information and the use and application of that information. Furthermore, the majority of the web-based services we use are free. The "cost" of use, is your data. If Facebook, Google, and Pinterest aren't able to collect and mine information on their users, they would be out of business.
So where does all this leave us? These companies have our information, and have the potential to misuse that information. How can we balance the personal nature of these products with privacy, safety and security? What is the responsibility of individuals in securing their information? As educators, how can we protect our students while educating them, and their parents, about the importance of digital citizenship?
I believe that individuals must carefully consider their own tolerance and concerns related to personal information that is collected by technology companies. I have four reasonable requirements for the companies that I allow to collect my personal information:
1. Tell me what you are doing
I expect that technology companies will tell me when personally identifiable information is being collected. Not every time, but at least the first time. It is the responsibility of the user to be aware of these notices and take action as appropriate (see expectations 2, 3, and 4 below)
2. Let me review and adjust my settings at any time
I expect the ability, at my discretion, to review and adjust settings related to the collection of my personal information. These settings should be easily found and adjust, not hidden under layers configurations.
3. Let me review collected data and delete it at my discretion
If I change my mind, I expect to be able to remove collected data - permanently.
4. Protect my data
I expect companies that store my personal information will protect it with industry standard security protocols. I also expect that these organizations will not sell or make personally identifiable information available to others without my consent.
This is what I expect from Google, Apple, Microsoft, Facebook, Twitter, etc.
In exchange for the services that I use and rely on, I understand that my data will be used to serve targeted advertisements and offers. That's the deal. If I don't like it, I can stop using the service.