The Pledge is a
positive step in the right direction. Representatives
Jared Polis of Colorado and Luke Messer of Indiana worked with the Future of
Privacy Forum and the Software & Information Industry Association on this important
bipartisan matter. According to Studentprivacypledge.org,
The Pledge will make clear that school service providers are accountable to:
• Not sell student information
• Not behaviorally target advertising
• Use data for authorized education purposes only
• Not change privacy policies without notice and choice
• Enforce strict limits on data retention
• Support parental access to, and correction of errors in, their children’s information
• Provide comprehensive security standards
• Be transparent about collection and use of data
This
initiative is an acknowledgement that some education technology providers are intentionally
putting student privacy and safety at risk due to invasive and non-transparent data
mining and student profiling practices. Education
Week and Politico's
in-depth investigative reports on the industry demonstrates the need for greater
accountability, transparency, and regulatory enforcement to protect our children.
Apple, Pearson, Khan Academy, and Google's absence from this initiative is very concerning. Several weeks ago, Apple took a shot at Google regarding Google's privacy policies and data mining/profiling practices. This occurred soon after email evidence was uncovered that appear to indicate major improprieties during the contracting process that awarded both Apple and Pearson multi-million dollar educational technology contracts in the Los Angeles Unified School District.
Politico's
student data mining report found that Khan Academy students allegedly trade
their privacy for free tutoring. Only
after Politico
"inquired about Khan Academy’s privacy policy, which gave it the right to
draw on students’ personal information to send them customized advertising,"
was the policy "completely rewritten."
Google's
refusal to sign the Pledge is most troubling because it may indicate it is still
scanning student emails for advertising purposes and it creates student
profiles for non-educational commercial purposes. Soon after Education Week reported that Google
was scanning student emails for advertising purposes, Google publicly
announced it would stop
the unethical and illegal practice; however, it refused to state whether it was
creating student profiles for commercial and/or other non-educational purposes.
When
Education
Week contacted Google last week about its position on California's new
student privacy law, Google declined to clarify whether it scans student email
messages sent using its Apps for Education
platform to build student user profiles that may be utilized for
non-educational commercial purposes. Google's
refusal to emphatically deny it scans student emails to create student user
profiles may indicate that it is violating the 2011
FTC-Google Buzz Agreement, and/or its 2013
multi-state Attorney Generals Street View Project Agreement.
As
The
New York Times stated, "although the pledge is not legally binding,
companies that violate their own public representations on privacy could be
subject to enforcement actions by the Federal Trade Commission." Google's refusal to sign the industry backed
Pledge appears to be an acknowledgement that if it signs the Pledge it will be
in violation of Article 5 of
the FTC Act regarding unfair and deceptive trade practices. In 2012, Google paid
a $22.5 million dollar record FTC fine for misleading users about its privacy
practices regarding the scandal known as the Apple
"Safari Hack" because it had violated its 2011 agreement not to mislead
consumers about its privacy promises.
Google's lack of transparency on student privacy issues and its refusal to participate in an industry backed student privacy initiative that was created by two organizations it supports should be of great concern to any parent whose school has adopted Google Apps For Education. According to Google's Apps For Education website, it has a massive footprint in the education space. More than 30 million students, faculty members, and staff utilize its platform.
Unfortunately for education users, their privacy is still governed by Google's standard Consumer Privacy Policy that allows for all emails and metadata collected to be data mined to create user profiles for non-educational commercial purposes. The Consumer Privacy Policy that covers Google's educational offerings is the same one that a German data protection authority (privacy regulator) recently ruled violates EU data protection (privacy) laws. Shouldn't U.S. school children be afforded the same privacy protections as German citizens?
When will Google come clean and be transparent about its past and present student data collection practices? Some questions that Google still needs to answer include:
•How long was (is) Google scanning
student emails for advertising and/or other non-educational commercial purposes?
•Were the parents or legal guardians of students who had their emails
scanned for advertising/commercial profiling purposes provided notice and did the parents or legal
guardians respond by giving written consent to allow their children's personal
information to be utilized for advertising and/or other non-educational commercial
purposes?
•How many students had their
emails scanned for advertising and/or non-educational commercial purposes?
•Has Google deleted all the emails and associated metadata that was scanned
for advertising and/or other non-educational commercial purposes? If so, when?
•Is Google data mining students to create user profiles? If so, why and how many students is it profiling?
As a parent, lawyer, and user of Apple, Pearson, Khan Academy, and Google's products/services, I am very troubled by their refusal to sign an industry created Pledge to better protect student privacy. If these companies are not willing to change their data collection and usage practices, their privacy policies, and agree to the sign the Pledge can we trust them with our children's most personal information?
Copyright 2014 by Shear Law, LLC All rights reserved.
