Skip to main content

Privacy Group: Google “Spied” On Students Using Chromebooks & Apps For Education


The San Francisco-based non-profit Electronic Frontier Foundation (EFF) filed a complaint with the Federal Trade Commission (FTC) that says Google collected personal information and internet usage behavior of students using Chromebooks and Google Apps for Education beyond what is allowed for educational purposes in violation of the Student Privacy Pledge.

EFF says the Privacy Pledge is a legally binding and FTC-enforceable agreement. The organization further argues that Google’s conduct (unauthorized data collection) “constitutes unfair or deceptive acts or practices in violation of Section 5 of the Federal Trade Commission Act (15 U.S.C. § 45).” The organization has asked the FTC to investigate and issue an injunction against the activity, which Google told EFF would stop.

Below are EFF’s top-level factual allegations against Google:

  • Google collects, maintains, and uses records of essentially everything that student users of Google for Education do on Google services, while they are logged in to their Google accounts . . . This includes recording students’ browsing behavior on every single Google-operated site students visit regardless of its relation to schoolwork . . . Such data reveals highly personal information about students and is not necessary to deliver educational services.
  • The “Chrome Sync” feature is enabled by default on all Chromebook devices . . . For a non-educational user of Chrome Sync, the information collected about browsing history and bookmarks, along with information collected through Gmail and other Google applications, is used to create an individualized user profile for targeted advertising. Google asserts that it does not collect information from student users of Google for Education for advertising purposes . . .Google has acknowledged that it collects, maintains, and uses student information via Chrome Sync (in aggregated and anonymized form) for the purpose of improving Google products, similar to how Google uses browsing data collected within its own services
  • Google’s design choice permits school administrators to enable impermissible collection of student data, even if some parents make an informed choice to turn it off, thereby placing Chrome for Education outside the bounds of the Student Privacy Pledge.
  • In the same settings page where administrators can choose whether Google can collect a user’s passwords or browsing history, school administrators can also choose whether “websites are allowed to track the user’s [here, students’] physical location.” . . . Sharing a student’s physical location with third parties is unquestionably sharing personal information beyond what is needed for educational purposes . .

(Emphasis added.)

Taken together these Google data collection activities are “unfair and deceptive” practices under federal law because EFF says they violate the Student Privacy Pledge to which Google is a signatory. The Pledge is a statement that signatories will:

  • Not sell student information
  • Not behaviorally target advertising
  • Use data for authorized education purposes only
  • Not change privacy policies without notice and choice
  • Enforce strict limits on data retention
  • Support parental access to, and correction of errors in, their children’s information
  • Provide comprehensive security standards
  • Be transparent about collection and use of data

In its request for injunction and other relief, EFF asks the FTC to order Google to destroy the student data, notify parents and students of the prior data collection and prevent Google from capturing such data and usage behavior in the future:

  • Order Google to destroy ALL personal student information collected by Google, without student or parent authorization, that is not necessary for educational purposes associated with ALL Google for Education student accounts (browsing history, passwords, tabs, bookmarks, etc.)
  • Order Google to, prior to destroying any personal student information not necessary for educational purposes, provide all student account holders and, as is reasonably feasible, all parents, notice of Google’s previous collection and use of student personal information in violation of the Student Privacy Pledge;
  • Enjoin Google from collecting, maintaining, using, or sharing any personal student information not necessary for educational purposes (including in aggregated or anonymized form), without student or parent authorization, as long as it remains a signatory to the Student Privacy Pledge
  • Other remedies and relief at the FTC’s discretion

The FTC can impose fines to varying degrees but its greatest power is to enjoin or prohibit activities deemed deceptive or unfair. As a practical matter, Google’s exposure in this case is not so much about fines but about its brand reputation and image.

The perception of Google among school administrators, teachers and parents could be tarnished depending on how widely publicized the case is. Indeed, the data mining allegations could make schools think twice before adopting Chromebooks and Google educational or cloud services. While the latter could have some revenue implications, Google’s reputation and usage with the broader-public are unlikely to suffer.

Despite the allegations it’s not yet clear whether there was willful behavior on Google’s part or whether this was more a failure of internal communications and oversight.

via Marketing Land


Popular posts from this blog

6 types of negative SEO to watch out for

The threat of negative SEO is remote but daunting. How easy is it to for a competitor to ruin your rankings, and how do you protect your site? But before we start, let’s make sure we’re clear on what negative SEO is, and what it definitely isn’t.Negative SEO is a set of activities aimed at lowering a competitor’s rankings in search results. These activities are more often off-page (e.g., building unnatural links to the site or scraping and reposting its content); but in some cases, they may also involve hacking the site and modifying its content.Negative SEO isn’t the most likely explanation for a sudden ranking drop. Before you decide someone may be deliberately hurting your rankings, factor out the more common reasons for ranking drops. You’ll find a comprehensive list here.Negative off-page SEOThis kind of negative SEO targets the site without internally interfering with it. Here are the most common shapes negative off-page SEO can take.Link farmsOne or two spammy links likely won’…

Another SEO tool drops the word “SEO”

This guest post is by Majestic’s Marketing Director, Dixon Jones, who explains the reasons for their recent name change.
Majestic, the link intelligence database that many SEOs have come to use on a daily basis, has dropped the “SEO” from it’s brand and from its domain name, to become Since most people won’t have used Google’s site migration tool before, here’s what it looks like once you press the “go” button:

In actual fact – there’s a minor bug in the tool. The address change is to the https version of (which GWT makes us register as a separate site) but that message incorrectly omits that. Fortunately, elsewhere in GWT its clear the omission is on Google’s side, not a typo from the SEO. It is most likely that the migration tool was developed before the need for Google to have separate verification codes for http and https versions of the site.
The hidden costs of a name change
There were a few “nay sayers” on Twitter upset that Majestic might be deserting it…

Software Review Site TrustRadius Has A New Way to Treat Reviews Obtained Through Vendors

Online user reviews are the most powerful marketing technique for influencing purchase decisions. But do they accurately represent the views of most users?Today, business software review platform TrustRadius is announcing a new way — called trScore — to handle the bias introduced in reviews by users obtained through the vendor of the reviewed software product. The site says more than two million software buyers visit each year to check out its product reviews.To understand trScore, let’s first look at TrustRadius’ approach.The site says it authenticates all users through their LinkedIn profiles. It also requires users to answer eight to ten questions about the product, in order to weed out users having no familiarity. Additionally, a staff person reads every review before it is posted, and the site says about three percent of reviews are rejected for not meeting guidelines.As for the reviews themselves, TrustRadius puts them into two main buckets: independently-sourced reviews and ven…