According to the Electronic Frontier Foundation (EFF), Google is spying on the private lives of millions of innocent American school children. In a complaint submitted last week to the Federal Trade Commission (FTC), EFF alleges that Google not only is spying on children, but that it has violated its public statements and thus the FTC should take enforcement action against the company.
{mosads}EFF claims that Google has violated the terms of the Student Privacy Pledge, a set of commitments proposed by the Future of Privacy Forum, a privacy advocacy group, and the Software & Information Industry Association, a trade association of tech companies, and subsequently signed by over 200 organizations, and endorsed by the White House. Specifically, EFF claims that Google violated the policy in three ways: first, by collecting and using student data from its non-educational services (e.g., YouTube, Maps, Blogger, etc.) in ways unrelated to authorized educational purposes; second, by enabling the “Chrome Sync” feature on all of its Chromebooks, including those sold to schools, which allows users to access their personalized preferences, bookmarks and search history from any computer; and third, by allowing school administrators to change settings that allow student information to be shared with Google and third-party websites.
First things first. This complaint is completely without merit.
This is not just my opinion. Both authors of the Student Privacy Pledge have denounced the EFF’s allegations. The Future of Privacy Forum bluntly stated, “We don’t believe the complaint raises any issues about data use that are restricted by the Student Privacy Pledge.” Perhaps more charitably, the Software & Information Industry Association chalked up EFF’s complaint to “some important misunderstandings about the Student Privacy Pledge.” In other words, EFF is both wrong and confused.
The simple fact is that Google does not use any personal data about students to deliver targeted ads. That’s right — it does not do this for the services that are part of its educational package (e.g., Gmail, Calendar, Classroom, Drive, etc.), and it does not do this for the services that are not part of its educational package. The company could not be more explicit on this point. For its education services, Google says, “There are no ads in these [services], and student data in these services is not used for advertising purposes.” For its non-education services, Google says, “We are committed to ensuring that K-12 student personal information is not used to target ads in [Google] services, and in some cases we show no ads at all. In Google Search, for example, we show no ads when students are logged.”
Of course, Google does collect student data to enable its services to function and to improve them. The company aggregates and anonymizes student data to analyze certain patterns, such as to determine if a particular webpage is broken and should be moved to a lower search result. All of this is allowed by the Student Privacy Pledge. In fact, de-identified data is exempt from the pledge, which (rightly so) only applies to identifiable student information (i.e., “when it is both collected and maintained on an individual level and is linked to personally identifiable information”).
If this were just a case of EFF spouting off populist nonsense, it would be easy to dismiss. Unfortunately, these types of baseless attacks on companies trying to deliver much-needed technology to U.S. schools could have serious consequences. First, it could scare off tech companies from providing solutions to students and make school administrators second-guess attempt to use technology in the classroom. The Gates Foundation-backed tech nonprofit InBloom was forced to shut down in the wake of similar attacks on its efforts to protect student data. Given the potential of personalized learning tools to help more children learn how to read, write and do math, this would be a serious setback for the U.S. educational system. Second, it could drive companies away from voluntary pledges, out of fear that they will be unfairly taken to task, and result in fewer actual privacy protections for students.
As I have written before, the FTC’s decisions and actions send important signals to the private sector about what it should be doing. When the FTC goes after companies for making a typo in a privacy notice, this teaches them to hire more lawyers. When the FTC goes after companies whose products cause consumer harm, this teaches companies to engineer better products. The question the FTC should always consider is: Does it want companies to hire more lawyers or more engineers?
The good news is that this situation is a teachable moment. The FTC should publicly and vocally dismiss this allegation, and take EFF to task for filing its baseless complaint. Do it for the children.
Castro is vice president of the Information Technology and Innovation Foundation, a think tank focusing on a host of critical issues at the intersection of technological innovation and public policy.