The Electric Educator: Is Google violating student privacy rules?

Wednesday, December 2, 2015

Is Google violating student privacy rules?

On December 1 2015, the Electronic Frontier Foundation (EFF) announced that it was filing a formal complaint against Google with the Federal Trade Commission (FTC). The EFF is focusing on "Chrome Sync" which collects and stores user information. The fact that Chrome Sync is enabled on by default on Chromebooks used in K-12 classrooms was the primary concern cited in the EFF complaint. The EFF claims that such data collection practices violate the Student Privacy Pledge of which Google is a signatory.

Google has not replied to the complaint, other than to say that they do not believe that their data collection practices violate the Student Privacy Pledge. It is not my responsibility to defend Google and their business practices. What I am interested in exploring is the increasingly cloudy area of data collection, mining, and use by large technology companies (Facebook, Google, Apple, Twitter, etc)

There have been dozens of lawsuits related to the collection and use of user data:

It would be fairly simple to conclude that "data collection / tracking / mining is bad and should be stopped". If only it was that easy. The services we have come to rely on are made better through the collection and use of personal information: 
  • If Facebook didn't know who your friends were, your stream would be chaos. 
  • If Siri didn't know what "home" or "call my wife" meant, she would be useless. 
  • If my Chrome preferences aren't saved and synced to all of my devices, I wouldn't like it as much. 
There is a delicate balance at play here between the collection of personal information and the use and application of that information. Furthermore, the majority of the web-based services we use are free. The "cost" of use, is your data. If Facebook, Google, and Pinterest aren't able to collect and mine information on their users, they would be out of business. 

So where does all this leave us? These companies have our information, and have the potential to misuse that information. How can we balance the personal nature of these products with privacy, safety and security? What is the responsibility of individuals in securing their information? As educators, how can we protect our students while educating them, and their parents, about the importance of digital citizenship?

I believe that individuals must carefully consider their own tolerance and concerns related to personal information that is collected by technology companies. I have four reasonable requirements for the companies that I allow to collect my personal information: 

1. Tell me what you are doing
I expect that technology companies will tell me when personally identifiable information is being collected. Not every time, but at least the first time. It is the responsibility of the user to be aware of these notices and take action as appropriate (see expectations 2, 3, and 4 below)

2. Let me review and adjust my settings at any time
I expect the ability, at my discretion, to review and adjust settings related to the collection of my personal information. These settings should be easily found and adjust, not hidden under layers configurations. 

3. Let me review collected data and delete it at my discretion
If I change my mind, I expect to be able to remove collected data - permanently. 

4. Protect my data
I expect companies that store my personal information will protect it with industry standard security protocols. I also expect that these organizations will not sell or make personally identifiable information available to others without my consent. 

This is what I expect from Google, Apple, Microsoft, Facebook, Twitter, etc. 

In exchange for the services that I use and rely on, I understand that my data will be used to serve targeted advertisements and offers. That's the deal. If I don't like it, I can stop using the service.


  1. John,

    Your statement "In exchange for the services that I use and rely on, I understand that my data will be used to serve targeted advertisements and offers. That's the deal. If I don't like it, I can stop using the service...." is not applicable when data from a student is used by the provider of a free service to education.

    If the "promise" is that the GAFE or Classroom model will never be used for mining, where is the monetization opportunity for Google to continue the free service? At what point does Google say that there is a fee to continue to use the service?

    1. That statement was meant to apply more broadly to web-based service, not GAFE. For the Google Apps suite, Google is applying the long approach taken by Microsoft - provide heavily discounted (or free) software and services to schools now so that when the students grow up and start businesses, become CEO's, etc, they will be more inclined to use the paid versions of these services.

      GAFE is free because of the tremendous success of Google's consumer and business products. If the profitability of these services drops, GAFE could be at risk. Given that Google's (AKA Alphabet) stock price is currently $700+/share, I don't think there is an immediate risk of this happening.

    2. Understood, and I concur with the notion of the "loss leader" perspective - if profits that fund the initiative drop, the service could be at risk. I think schools function on longer perspectives where funding is concerned, and are not as nimble as business to drop a service when fees are introduced. Add to that the integration that schools need to interface with systems that support mandatory reporting for ongoing funding by regulation, and Google has the upper hand. Don't get me wrong, GAFE and Classroom are awesome functions, and Chrome/Chromebooks are very attractive at a unit price point. More concerned with the lack of Google to open the architecture and make a truly inter-operable platform at no cost. Or is Google/Alphabet going to lead in an open source approach to satisfying the requirements beyond classroom convenience, such as student information systems reporting mandated by state legislatures? What Google has offered up in their current API for developers is minimal at best.

    3. This comment has been removed by the author.

    4. "What Google has offered up in their current API for developers" is far more open than anything offered by Blackboard, Powerschool, Infinite Campus, Clever, or anyone else whose business model depends on contractual and legacy lock-in. While they are probably interested in keeping at arms-length from being an SIS-provider (for legal and PR reasons), their product APIs are actually quite rich, and the Classroom team has been very quick to put out APIs (less than 12 months after product launch, they have endpoints for rosters, classes, teachers, co-teachers, etc). If they are successful, this means that the larger product ecosystem surrounding GAFE will be radically richer and more interoperable than anything that has been created by the prior lock-in generation of platforms. Google is fundamentally an ecosystem broker... they create the ubiquitous operating system of the web, and then they charge on the click, or on the mediated relationship between value seekers and sellers inside a marketplace. In the EDU space, beyond the future value of converting millions to Google for Work, this may yet mean that they hold the keys (and can charge a %) to access to a marketplace of educational apps providers that districts, teachers, and students might be very interested in paying for. Once you have the roster of record for most classes, and you offer an easy integration point for 3rd party developers, you have won edu.

    5. Wow! Spoken with a monetization theme. Perhaps all I was alluding to was the IMS Global specifications for interoperability between registered vendors/providers to adhere to a common set of standards to allow for transparency between existing investments and new implementations. For EDU, and not the promise of future farmers, a common specification between systems is something that I don't see Google stepping up to as of yet. That may change. If you know EDU, you should know SCORM and SIF. Those have been established for years, and the efforts were to avoid commercializing education and get various players to play well in the sandbox. Hell's Bells, let Google try to rule all the elements to run everything. If they choose not to, at minimum they should open their architecture for data exchange beyond the minimal API's they have put forth to date. I would think they would make a bigger splash in EDU if they demonstrated some openness to what they have created. Otherwise, IMHO, prepare for branded competition. Since you mentioned Blackboard, Powerschool, etc. tell me how their monetization model is working out. Blackboard buys MoodleRooms, Powerschool is abandoned by Pearson and put up for sale, Infininte Campus is a sham model, etc.


Thanks for contributing to my blog. I enjoy being a part of the conversation and do my best to respond to comments and questions that are posted.