The Electronic Frontier Foundation, a digital rights activist group has recently been pushing companies such as Google to better protect student privacy as part of its Spying on Students Campaign. One of their main focuses has been on technology and software used in K-12 classrooms which students are often required to use and may collect personal data.
The Electronic Frontier Foundation filed a complaint on December 1st with the Federal Trade Commission against Google for collecting information on school children, arguing that Google violated their agreement to the Student Privacy Pledge. According to the EFF, the Student Privacy pledge is a legally enforceable document in which companies providing services to K-12 schools agree to safeguard students’ personal data. Those who sign agree to not sell student information, not behaviorally target advertising, use data only for authorized educational purposes, and be transparent about data collection and use of data among other things.
The EFF says that Google has violated their agreement by enabling their “Sync” feature by default on Chromebooks sold to schools. According to the EFF’s press release, this feature allows Google to track, store, and data mine for non-advertising purposes, student information including: sites visited, search terms, links clicked, videos watched, and saved passwords. I many cases use of these computers is required for class work and the EFF argues Google had not obtained permission from students or their parents to collect this information
Google responded in a blog post by Jonathan Rochelle, Director of Google Apps for Education, arguing that they had not violated any laws or their agreement to the Student Privacy Pledge. According to Google’s blog, The Future of Privacy Forum and The Software and Information Industry, co-authors of the Privacy Pledge, felt that Google had not violated the agreement and the EFF misinterpreted the requirements of the pledge. Google says that it’s Apps for Education Core Services only collect information to be used within the scope of education and not for advertising, and it Chrome Sync feature is optional, and any aggregated data used to improve Google Services is anonymized.
On January 13, Senator Al Franken, ranking member of the Senate Judiciary Subcommittee on Privacy, wrote a letter to Google CEO Sundar Pichai expressing his concerns over how student data was being used and secured. Franken writes “There may be a discrepancy in how Google treats student data obtained through its core Google Apps for Education—product that are deemed educational – versus how Google treats student data obtained through other services”. Franken also considers an opt-in regime in which students would be able to share their information with Google upon parental consent.
According to the EFF in 2015, the Data Quality Campaign found that 46 states introduced 182 bills and passed 28 new laws to protect student privacy. The go on to mention that the Elementary and Secondary Education Act failed to include any significant new student privacy protections.