Google States in Lawsuit Users Have No Legitimate Expectation of Privacy

The Guardian recently reported that consumer interest group Consumer Watchdog uncovered a digital privacy case that may better protect the privacy of school provided student digital accounts.  Fread v. Google was filed on April 29, 2013, by two university students who allege that Google unlawfully and intentionally intercepts electronic communications (emails and other data collected by the service) from their school provided Google Apps For Education accounts.  The lawsuit claims that Google's cloud based school service is utilizing user data in a manner that violates the Electronic Communications Privacy Act of 1986.  

To better understand Google's Apps for Education program it is essential to read the agreement that Google requires schools to execute to obtain the service.  Google generally offers this program to secondary or post-secondary schools for free (there may be maintenance and/or other costs associated with implementation and/or operation of the service).  While the default setting for the U.S. Google Apps for Education service is one that does not allow for Google to serve ads, it is troubling that the agreement provides schools the ability to data mine their students with the “click of a mouse” in the Admin Console.  

Why has Google provided schools the ability to behavioral advertise to students based upon their school emails, attachments, uploaded videos and related digital activity?  Does the agreement include the ability to behavioral-advertise so cash strapped schools may negotiate an advertising revenue share with Google in the future when they need an easy-to-implement new income stream? 

Since Google provides schools the ability to turn on and off the behavioral advertising function for its school based services it makes me wonder what Google is doing behind the scenes with student content.  Is Google’s Apps for Education service a Trojan Horse to data mine and erode our children’s personal privacy and safety?  How is this service able to so easily go in and out of data mining mode with just a "flip of a switch" by a school administrator?  Why isn't Google more transparent regarding its data mining capabilities for the services it offers to schools?  Does this indicate that Google believes that students don’t have an expectation of privacy when utilizing its school branded services?

It appears that Google presumes that its Apps For Education users don't have an expectation of privacy.  To defend its practices, in its motion to dismiss Fread, Google directly quotes from a 1970's case, Smith v. Maryland, 442 U.S. 735, 743-744 (1979), "a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties".  This case was decided before the widespread adoption of cell phones, email, the cloud, and other digital technologies. 

In U.S. v. Jones, 132 S. Ct. 945 (2012), the most recent major privacy case the Supreme Court has decided, Justice Sotomayor in referencing Smith's central premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties, stated "[t]his approach is ill suited in the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks."  Justice Sotomayor's statement clearly diminishes the central tenet of Smith and her philosophy has resonated recently with state lawmakers and courts around the country. 

State legislatures and the courts are moving towards recognizing that one has an expectation of privacy in the digital age.  For example, at least 13 states have enacted legislation in the past 15 months that protects employees and students from generally being required to provide access to their 3rd party created personal digital accounts.  Earlier this year, Texas enacted HB 2268 that requires law enforcement to obtain a warrant before accessing one's personal email accounts or cloud content.  In addition, a federal district court in Minnesota recently stated that students have an expectation of privacy regarding their personal electronic accounts.  These news laws and court rulings demonstrate that our courts and legislatures firmly acknowledge that we have an expectation of privacy despite third parties storing our content. 

Google's actions speak louder than its words. In 2010, Google listed its privacy principles and they included:  "Develop products that reflect strong privacy standards and practices; Make the collection of personal information transparent; and Give users meaningful choices to protect their privacy".  If Google practiced its privacy principles it would be more transparent about how it processes student data and it would strictly prohibit data mining in its Google Apps For Education Agreements. 

Fread raises some important issues about student privacy in the digital age.  It demonstrates the need for school technology providers to make their users' personal privacy a top priority. Unfortunately, it appears that absent court guidance and/or Department of Education rules that ban the data mining of school sanctioned digital accounts, some cloud providers may continue to put profits ahead of the need for privacy in an educational setting.  Until technology providers are legally banned from data mining school provided digital accounts, students and parents/guardians must be informed of the risks associated with utilizing school provided digital services that may erode personal privacy and put our children's safety at risk.

Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.