Since its back to school time, I thought it would be productive to discuss some digital privacy issues that parents and students should be thinking about. During this time of the year, student privacy is hot because back to school means filling out Family Educational Rights and Privacy Act (FERPA) forms. I filled one out over the weekend and I thought about what type of information I want to keep private and what was best for the school to share about my child (and our family) with other parents and the public. For each parent or guardian, this is a personal decision and there are no wrong answers. What may work for one family may not work for others.
On another note, be careful about what information you post about your children on various social media platforms. In particular, be mindful that neither Facebook nor Google are "friends" of children's privacy. Last year, it was uncovered in federal court that Google was scanning student emails for advertising purposes and I witnessed both Facebook and Google lobbying against stronger student digital data privacy laws in the state of Maryland. With Facebook's new found interest in the education market, parents should be particularly leery about allowing their children's data to be "friends" with Facebook's data mining machine.
The bottom line is that parents should discuss these and other digital privacy issues with their children as soon as they start utilizing digital devices. Its never too early to educate your kids about the virtual world that will affect their physical world.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
Showing posts with label Student privacy. Show all posts
Showing posts with label Student privacy. Show all posts
Tuesday, September 8, 2015
Thursday, April 30, 2015
U.S. Student Digital Data Privacy and Parental Rights Act of 2015 Introduced
On April 29, 2015, Representatives Luke Messer and Jared Polis introduced the bipartisan Student Digital Privacy and Parental Rights Act of 2015. According to The New York Times, "the bill would prohibit operators of websites, apps and other online
services for kindergartners through 12th graders from knowingly selling
students’ personal information to third parties; from using or
disclosing students’ personal information to tailor advertising to them;
and from creating personal profiles of students unless it is for a
school-related purpose."
The legislation is modeled after California's SB 1177, (the "Student Online Personal Information Protection Act") which Education Week hailed as a "landmark" student data privacy law. The federal Student Digital Privacy and Parental Act of 2015 is a positive piece of legislation that would help better protect the personal privacy and safety of students around the country. The fact that some members of the ed-tech industry are wary of the bill demonstrates the potential effectiveness of the legislation.
This bill is sorely needed because as Education Week reported last year, some ed-tech vendors such as Google have been caught intentionally misleading parents about their data mining and privacy practices. For example, exactly 1 year ago today, Google promised to stop scanning student emails and other digital content for advertising purposes.
Unfortunately, Google's promise to better protect personal student data has fallen woefully short since its troubling consumer privacy policy still covers its education offerings and this policy clearly allows it to data mine and profile students on its Google Apps For Education platform. For example, Google's promise to stop data mining students does not extend to Google + or YouTube since neither platform is considered a Google Apps "Core Service".
A former IT policy director at Cornell recently authored an eye opening research paper about Google's troubling profiling and data mining practices which is a must read for school administrators, parents, and educators. Unfortunately, Google is not the only ed-tech company with weak privacy policies and practices. Politico and others have also called out Khan Academy for its data mining and profiling practices of students.
Earlier this year, I advocated for my home state of Maryland to enact a similar student privacy bill which was also modeled after California's SB 1177. I was very troubled to witness Facebook and Google (here is a link to the hearing where you will see that the representatives of these companies were actively trying to thwart passage of robust student privacy protections) advocate for amendments to gut the bill's privacy protections for our children.
My hope is that Facebook, Google, etc... realize that their continued refusal to accept appropriate limits on student data collection, processing, and usage will continue to make parents suspicious about their motives for providing educational technology tools. These companies are two of the largest advertising entities in the world and their actions so far clearly demonstrate that they want access to personal student data for marketing purposes.
The following national education groups have already voiced support for the federal Student Digital Data Privacy and Parental Rights Act of 2015:
Its time for the entire ed-tech industry to support the Student Digital Data Privacy and Parental Rights Act of 2015. Embracing enhanced digital privacy protections for our students will signal to parents that the industry can be trusted to protect our children's personal information.
As a parent, I want my children to be able to utilize the latest and greatest digital education platforms; however, until stronger privacy laws are enacted I have little confidence that all school technology vendors will make my children's personal privacy and safety a priority. Therefore, I challenge Facebook, Google, and every other ed-tech company and organization that advocated to weaken Maryland's Student Data Privacy Act of 2015 to do the right thing and support this bill as drafted.
UPDATE May 1, 2015: The White House has announced that it supports the new bill. In a blog post, The White House stated: "[w]e are pleased to see Representatives Luke Messer (R-IN) and Jared Polis (D-CO) answer the President’s State of the Union call to enact new protections for K-12 students’ data to ensure that classrooms can embrace technology with confidence.
Introduced yesterday, The Student Digital Privacy and Parental Rights Act is an important bipartisan step, building upon existing momentum from industry leaders committed to ensuring educational data is not misused by providers or third parties, and carrying the strong endorsement of privacy advocates, the private sector, and associations representing parents and educators."
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
The legislation is modeled after California's SB 1177, (the "Student Online Personal Information Protection Act") which Education Week hailed as a "landmark" student data privacy law. The federal Student Digital Privacy and Parental Act of 2015 is a positive piece of legislation that would help better protect the personal privacy and safety of students around the country. The fact that some members of the ed-tech industry are wary of the bill demonstrates the potential effectiveness of the legislation.
This bill is sorely needed because as Education Week reported last year, some ed-tech vendors such as Google have been caught intentionally misleading parents about their data mining and privacy practices. For example, exactly 1 year ago today, Google promised to stop scanning student emails and other digital content for advertising purposes.
Unfortunately, Google's promise to better protect personal student data has fallen woefully short since its troubling consumer privacy policy still covers its education offerings and this policy clearly allows it to data mine and profile students on its Google Apps For Education platform. For example, Google's promise to stop data mining students does not extend to Google + or YouTube since neither platform is considered a Google Apps "Core Service".
A former IT policy director at Cornell recently authored an eye opening research paper about Google's troubling profiling and data mining practices which is a must read for school administrators, parents, and educators. Unfortunately, Google is not the only ed-tech company with weak privacy policies and practices. Politico and others have also called out Khan Academy for its data mining and profiling practices of students.
Earlier this year, I advocated for my home state of Maryland to enact a similar student privacy bill which was also modeled after California's SB 1177. I was very troubled to witness Facebook and Google (here is a link to the hearing where you will see that the representatives of these companies were actively trying to thwart passage of robust student privacy protections) advocate for amendments to gut the bill's privacy protections for our children.
My hope is that Facebook, Google, etc... realize that their continued refusal to accept appropriate limits on student data collection, processing, and usage will continue to make parents suspicious about their motives for providing educational technology tools. These companies are two of the largest advertising entities in the world and their actions so far clearly demonstrate that they want access to personal student data for marketing purposes.
The following national education groups have already voiced support for the federal Student Digital Data Privacy and Parental Rights Act of 2015:
- AASA, the School Superintendents Association
- International Society for Technology in Education
- National Association of Elementary School Principals
- National Association of Secondary School Principals
- National Education Association
- National PTA
- State Educational Technology Directors Association
Its time for the entire ed-tech industry to support the Student Digital Data Privacy and Parental Rights Act of 2015. Embracing enhanced digital privacy protections for our students will signal to parents that the industry can be trusted to protect our children's personal information.
As a parent, I want my children to be able to utilize the latest and greatest digital education platforms; however, until stronger privacy laws are enacted I have little confidence that all school technology vendors will make my children's personal privacy and safety a priority. Therefore, I challenge Facebook, Google, and every other ed-tech company and organization that advocated to weaken Maryland's Student Data Privacy Act of 2015 to do the right thing and support this bill as drafted.
UPDATE May 1, 2015: The White House has announced that it supports the new bill. In a blog post, The White House stated: "[w]e are pleased to see Representatives Luke Messer (R-IN) and Jared Polis (D-CO) answer the President’s State of the Union call to enact new protections for K-12 students’ data to ensure that classrooms can embrace technology with confidence.
Introduced yesterday, The Student Digital Privacy and Parental Rights Act is an important bipartisan step, building upon existing momentum from industry leaders committed to ensuring educational data is not misused by providers or third parties, and carrying the strong endorsement of privacy advocates, the private sector, and associations representing parents and educators."
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
Tuesday, January 20, 2015
Kids Digital Privacy and Cyber Security Highlighted in State Of The Union
During President Obama's State of the Union Address this evening the importance of children's digital privacy and cyber security was highlighted. According to The White House Medium account, the President's official prepared address stated,
"No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids. We are making sure our government integrates intelligence to combat cyber threats, just as we have done to combat terrorism. And tonight, I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyber-attacks, combat identity theft, and protect our children’s information. If we don’t act, we’ll leave our nation and our economy vulnerable. If we do, we can continue to protect the technologies that have unleashed untold opportunities for people around the globe."
Since more of our personal information is being housed in digital cloud based platforms, the President's comments are a welcome development. When the President's State of the Union Address is combined with his recent historic speech at the FTC that discussed the need for stronger student privacy laws, I am optimistic more attention will be paid to these very important issues in the near future.
Copyright 2015 by Shear Law, LLC All rights reserved.
"No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids. We are making sure our government integrates intelligence to combat cyber threats, just as we have done to combat terrorism. And tonight, I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyber-attacks, combat identity theft, and protect our children’s information. If we don’t act, we’ll leave our nation and our economy vulnerable. If we do, we can continue to protect the technologies that have unleashed untold opportunities for people around the globe."
Since more of our personal information is being housed in digital cloud based platforms, the President's comments are a welcome development. When the President's State of the Union Address is combined with his recent historic speech at the FTC that discussed the need for stronger student privacy laws, I am optimistic more attention will be paid to these very important issues in the near future.
Copyright 2015 by Shear Law, LLC All rights reserved.
Monday, January 12, 2015
President Obama Proposes The Student Digital Privacy Act
In a very positive development, President Obama earlier today proposed The Student Digital Privacy Act. According to The New York Times, the Act would "prohibit technology firms from profiting from information
collected in schools as teachers adopt tablets, online services and
Internet-connected software".
During the President's speech today at the FTC, he stated, "Our children are meeting and growing up in cyberspace", and "here at the FTC, you’ve pushed back on companies and apps that collect information on our kids without permission"... and "we need our kids privacy protected."
The President's speech appears to indicate that he is aware that Google and others have abused access to personal student data. For example, in March of 2013, Google admitted to Education Week that it was data mining student emails for advertising purposes. Soon after this was uncovered, a media firestorm erupted and subsequently Google allegedly changed its practices. Therefore, when the President mentioned, "[b]ut we’ve already seen some instances where some companies use educational technologies to collect student data for commercial purposes, like targeted advertising" was he referring to Google?
President Obama stated, "I want to encourage every company that provides these technologies to our schools to join this effort. It’s the right thing to do. And if you don’t join this effort, then we intend to make sure that those schools and those parents know you haven’t joined this effort. So, this mission, protecting our information and privacy in the Information Age, this should not be a partisan issue. This should be something that unites all of us as Americans."
I applaud the President and his team for recognizing the importance of student digital privacy and his willingness to make the issue an important part of his legislative agenda during his final two years in office. As a parent, I want my children to be able to utilize the most advanced digital learning tools available. However, our kids should not have to compromise their personal privacy and/or safety to utilize new digital technologies.
While I am optimistic about the opportunity for stronger student privacy protections to become law, I know there is a lot of work ahead. Therefore, it is imperative for students, parents, teachers, school administrators, privacy advocates, and education technology vendors to work with regulators, lawmakers, and the President to enact a thoughtful and forward thinking bill into law.
Copyright 2015 by Shear Law, LLC All rights reserved.
During the President's speech today at the FTC, he stated, "Our children are meeting and growing up in cyberspace", and "here at the FTC, you’ve pushed back on companies and apps that collect information on our kids without permission"... and "we need our kids privacy protected."
The President's speech appears to indicate that he is aware that Google and others have abused access to personal student data. For example, in March of 2013, Google admitted to Education Week that it was data mining student emails for advertising purposes. Soon after this was uncovered, a media firestorm erupted and subsequently Google allegedly changed its practices. Therefore, when the President mentioned, "[b]ut we’ve already seen some instances where some companies use educational technologies to collect student data for commercial purposes, like targeted advertising" was he referring to Google?
President Obama stated, "I want to encourage every company that provides these technologies to our schools to join this effort. It’s the right thing to do. And if you don’t join this effort, then we intend to make sure that those schools and those parents know you haven’t joined this effort. So, this mission, protecting our information and privacy in the Information Age, this should not be a partisan issue. This should be something that unites all of us as Americans."
I applaud the President and his team for recognizing the importance of student digital privacy and his willingness to make the issue an important part of his legislative agenda during his final two years in office. As a parent, I want my children to be able to utilize the most advanced digital learning tools available. However, our kids should not have to compromise their personal privacy and/or safety to utilize new digital technologies.
While I am optimistic about the opportunity for stronger student privacy protections to become law, I know there is a lot of work ahead. Therefore, it is imperative for students, parents, teachers, school administrators, privacy advocates, and education technology vendors to work with regulators, lawmakers, and the President to enact a thoughtful and forward thinking bill into law.
Copyright 2015 by Shear Law, LLC All rights reserved.
Tuesday, October 7, 2014
Significant Tech Players Absent from Student Privacy Pledge
According to The
New York Times, the enactment of a new California
student privacy law (SB 1177) that restricts
how "education technology companies can use the information they collect
about elementary through high school students" has led "a group of
leading industry players...[to] pledg[e] to adopt similar
data protections nationwide." Some
of the companies that have agreed to sign the pledge include: Amplify, Edmodo,
Houghton Miflin Harcourt, and Microsoft.
• Not sell student information
• Not behaviorally target advertising
• Use data for authorized education purposes only
• Not change privacy policies without notice and choice
• Enforce strict limits on data retention
• Support parental access to, and correction of errors in, their children’s information
• Provide comprehensive security standards
• Be transparent about collection and use of data
Apple, Pearson, Khan Academy, and Google's absence from this initiative is very concerning. Several weeks ago, Apple took a shot at Google regarding Google's privacy policies and data mining/profiling practices. This occurred soon after email evidence was uncovered that appear to indicate major improprieties during the contracting process that awarded both Apple and Pearson multi-million dollar educational technology contracts in the Los Angeles Unified School District.
Google's lack of transparency on student privacy issues and its refusal to participate in an industry backed student privacy initiative that was created by two organizations it supports should be of great concern to any parent whose school has adopted Google Apps For Education. According to Google's Apps For Education website, it has a massive footprint in the education space. More than 30 million students, faculty members, and staff utilize its platform.
Unfortunately for education users, their privacy is still governed by Google's standard Consumer Privacy Policy that allows for all emails and metadata collected to be data mined to create user profiles for non-educational commercial purposes. The Consumer Privacy Policy that covers Google's educational offerings is the same one that a German data protection authority (privacy regulator) recently ruled violates EU data protection (privacy) laws. Shouldn't U.S. school children be afforded the same privacy protections as German citizens?
As a parent, lawyer, and user of Apple, Pearson, Khan Academy, and Google's products/services, I am very troubled by their refusal to sign an industry created Pledge to better protect student privacy. If these companies are not willing to change their data collection and usage practices, their privacy policies, and agree to the sign the Pledge can we trust them with our children's most personal information?
The Pledge is a
positive step in the right direction. Representatives
Jared Polis of Colorado and Luke Messer of Indiana worked with the Future of
Privacy Forum and the Software & Information Industry Association on this important
bipartisan matter. According to Studentprivacypledge.org,
The Pledge will make clear that school service providers are accountable to:
• Not sell student information
• Not behaviorally target advertising
• Use data for authorized education purposes only
• Not change privacy policies without notice and choice
• Enforce strict limits on data retention
• Support parental access to, and correction of errors in, their children’s information
• Provide comprehensive security standards
• Be transparent about collection and use of data
This
initiative is an acknowledgement that some education technology providers are intentionally
putting student privacy and safety at risk due to invasive and non-transparent data
mining and student profiling practices. Education
Week and Politico's
in-depth investigative reports on the industry demonstrates the need for greater
accountability, transparency, and regulatory enforcement to protect our children.
Apple, Pearson, Khan Academy, and Google's absence from this initiative is very concerning. Several weeks ago, Apple took a shot at Google regarding Google's privacy policies and data mining/profiling practices. This occurred soon after email evidence was uncovered that appear to indicate major improprieties during the contracting process that awarded both Apple and Pearson multi-million dollar educational technology contracts in the Los Angeles Unified School District.
Politico's
student data mining report found that Khan Academy students allegedly trade
their privacy for free tutoring. Only
after Politico
"inquired about Khan Academy’s privacy policy, which gave it the right to
draw on students’ personal information to send them customized advertising,"
was the policy "completely rewritten."
Google's
refusal to sign the Pledge is most troubling because it may indicate it is still
scanning student emails for advertising purposes and it creates student
profiles for non-educational commercial purposes. Soon after Education Week reported that Google
was scanning student emails for advertising purposes, Google publicly
announced it would stop
the unethical and illegal practice; however, it refused to state whether it was
creating student profiles for commercial and/or other non-educational purposes.
When
Education
Week contacted Google last week about its position on California's new
student privacy law, Google declined to clarify whether it scans student email
messages sent using its Apps for Education
platform to build student user profiles that may be utilized for
non-educational commercial purposes. Google's
refusal to emphatically deny it scans student emails to create student user
profiles may indicate that it is violating the 2011
FTC-Google Buzz Agreement, and/or its 2013
multi-state Attorney Generals Street View Project Agreement.
As
The
New York Times stated, "although the pledge is not legally binding,
companies that violate their own public representations on privacy could be
subject to enforcement actions by the Federal Trade Commission." Google's refusal to sign the industry backed
Pledge appears to be an acknowledgement that if it signs the Pledge it will be
in violation of Article 5 of
the FTC Act regarding unfair and deceptive trade practices. In 2012, Google paid
a $22.5 million dollar record FTC fine for misleading users about its privacy
practices regarding the scandal known as the Apple
"Safari Hack" because it had violated its 2011 agreement not to mislead
consumers about its privacy promises.
Google's lack of transparency on student privacy issues and its refusal to participate in an industry backed student privacy initiative that was created by two organizations it supports should be of great concern to any parent whose school has adopted Google Apps For Education. According to Google's Apps For Education website, it has a massive footprint in the education space. More than 30 million students, faculty members, and staff utilize its platform.
Unfortunately for education users, their privacy is still governed by Google's standard Consumer Privacy Policy that allows for all emails and metadata collected to be data mined to create user profiles for non-educational commercial purposes. The Consumer Privacy Policy that covers Google's educational offerings is the same one that a German data protection authority (privacy regulator) recently ruled violates EU data protection (privacy) laws. Shouldn't U.S. school children be afforded the same privacy protections as German citizens?
When will Google come clean and be transparent about its past and present student data collection practices? Some questions that Google still needs to answer include:
•How long was (is) Google scanning
student emails for advertising and/or other non-educational commercial purposes?
•Were the parents or legal guardians of students who had their emails
scanned for advertising/commercial profiling purposes provided notice and did the parents or legal
guardians respond by giving written consent to allow their children's personal
information to be utilized for advertising and/or other non-educational commercial
purposes?
•How many students had their
emails scanned for advertising and/or non-educational commercial purposes?
•Has Google deleted all the emails and associated metadata that was scanned
for advertising and/or other non-educational commercial purposes? If so, when?
•Is Google data mining students to create user profiles? If so, why and how many students is it profiling?
As a parent, lawyer, and user of Apple, Pearson, Khan Academy, and Google's products/services, I am very troubled by their refusal to sign an industry created Pledge to better protect student privacy. If these companies are not willing to change their data collection and usage practices, their privacy policies, and agree to the sign the Pledge can we trust them with our children's most personal information?
Copyright 2014 by Shear Law, LLC All rights reserved.
Tuesday, September 30, 2014
New California Law Bans Google From Data Mining and Profiling Students For Profit
California has enacted the Student
Online Personal Information Protection Act (SOPIPA or SB 1177) that better protects the personal privacy of students.
According to the bill's Legislative Counsel's Digest, "[t]his bill would prohibit an operator of an
Internet Web site, online service, online application, or mobile application
from knowingly engaging in targeted advertising to students or their parents or
legal guardians, using covered information to amass a profile about a K–12
student, selling a student’s information, or disclosing covered
information..."
One of new law's staunchest supporters is Common Sense Media's CEO and founder James Steyer. On October 14, 2013 Common Sense Media sent an open letter and publicly sounded the alarm regarding the need to better safeguard the personal privacy of our children's school created digital data. According to The New York Times, the organization sent a letter to 16 educational technology vendors to start a conversation on how to better protect student privacy. The New York Times reported that Google declined to comment on Common Sense Media's public call for stronger privacy safeguards for students.
Google's troubling behavior and policy reversal appears to have been the spark that ensured SB 1177 was passed by the state legislature and signed into law. In addition, Google's unfair and deceptive trade practices demonstrate the need for greater accountability and enforcement to ensure that our children's personal privacy and safety are not compromised for corporate profit. While the enactment of SB 1177 is a positive development, it is time for students, parents, school administrators, lawmakers, privacy advocates, and regulators to start holding Google accountable for its illegal student data mining and usage.
Copyright 2014 by Shear Law, LLC All rights reserved.
One of new law's staunchest supporters is Common Sense Media's CEO and founder James Steyer. On October 14, 2013 Common Sense Media sent an open letter and publicly sounded the alarm regarding the need to better safeguard the personal privacy of our children's school created digital data. According to The New York Times, the organization sent a letter to 16 educational technology vendors to start a conversation on how to better protect student privacy. The New York Times reported that Google declined to comment on Common Sense Media's public call for stronger privacy safeguards for students.
Google's
refusal to comment on Common Sense Media's open letter to the educational
technology industry followed an earlier sidestep to the Rhode
Island School of Design's questions
about its privacy protections for students who utilize Google's Apps For
Education service by allegedly equating "not serving ads" to "no student
data mining". While Google may not
be serving behavioral based ads to students through its school offerings at
this point, this does not mean it is not data mining personal student information
for other non-educational purposes.
Common
Sense Media's concerns about a lack of
strong privacy protections for students were validated with the release of
Fordham University Law School's Privacy
and Cloud Computing Study. According to the Huffington
Post, the Fordham Study "found that only one-fourth of [school] districts
tell parents about these services [new cloud based technologies] and one-fifth
of districts don't have policies explicitly governing their use [of the data
collected]. Many contracts between districts and technology vendors don't have
privacy policies, and less than 7 percent of the contracts restrict vendors
from selling student information. The agreements rarely address security,
according to the Fordham research."
These findings were very disturbing and further confirmed the importance
of Common Sense Media's call to strengthen student privacy laws.
Education
Week's March 2014 investigative report
regarding the federal Google Gmail wiretap lawsuit uncovered that Google
"scans and indexes" student emails for advertising purposes. At that time, Google refused to answer
whether it was building user profiles of students based upon its access to
their school work. This troubling
admission and refusal to be fully transparent about its student data collection
and usage practices set off such a huge firestorm that on April
30, 2014, Google announced it would
allegedly discontinue the practice of scanning student emails for
advertising purposes.
In
response to Google's alleged policy change, privacy law scholar Prof. Joel
Reidenberg of Fordham told Education
Week, Google's measure is "a positive step,"....... [however] "he
identified two "significant problems" with it: Google can
change this policy at any time, and, the scanning disclaimer is associated with
advertising purposes only. There may be other commercial uses that they are
exploiting student data for,...."... "such as selling information to
textbook publishers, or test-preparation services." Prof. Reidenberg's statements were prescient
because subsequently Politico
investigated the educational technology industry and validated his concerns
that student data may be utilized by vendors for "other commercial
uses".
More
than 93%
of Google's 2013 $55 billion dollars in revenue was derived from advertising. While this is slightly lower than 2009's
97% figure, it demonstrates that Google's primary business for years has
been data acquisition and mining to create user profiles for advertising
purposes. Google's advertising business
has propelled it to become the 2nd
most valuable company in the world.
While becoming the most valuable advertising/data mining company in the history
of the world, Google has on multiple occasions intentionally cut corners and violated
the personal privacy and safety of its users.
During the past several years, privacy regulators around the world have fined
Google tens of millions of dollars for its illegal practices.
The
2011 FTC-Google
Buzz Agreement banned Google from making future privacy misrepresentations. Unfortunately for users, Google wasted no
time in breaching this agreement because in 2012 it paid
a $22.5 million dollar record fine for misleading users about its privacy practices
regarding the scandal known as the Apple
"Safari Hack". In 2013,
Google entered into a
multi-million dollar privacy violation settlement with 38 states regarding
its Street View Project's data collection practices. In Septemberof 2014, Germany's
Hamburg data protection (privacy) regulator ruled that "Google is ordered to take the necessary
technical and organizational measures to guarantee that their users can
decide on their own if and to what extend their data is used for
profiling."
When Education Week contacted Google regarding its position on SB 1177, "Google...declined
to clarify whether it scans student email messages sent using its wildly
popular Apps for Education tool suite in order to build profiles that might be
used for commercial purposes other than targeted advertising...." Google's refusal to emphatically deny it scans
student emails to create user profiles for non-educational purposes may
indicate that it is violating the 2011 FTC-Google Buzz
Agreement, and/or its 2013 multi-state Attorney
Generals Street View Project Agreement.
While
the EU generally appears to be moving in the right direction regarding enforcing its data protection laws against Google, the company so far has not been held accountable in the United States for violating the personal privacy of millions
of students who utilize its school provided services. When will Google be required by a regulatory
authority or a court of law to answer the following questions relating to its
student data collection and usage practices?:
1. How long has Google been scanning the
emails of students for advertising/potential advertising purposes (List dates)
and which school and how many students by school were affected by this
practice?
2. Has Google deleted the information it collected under the policy of scanning student emails for advertising/potential advertising purposes? If so, when?
2. Has Google deleted the information it collected under the policy of scanning student emails for advertising/potential advertising purposes? If so, when?
3. Why was
Google scanning student emails for advertising/potential advertising purposes?
4. Does
Google scan student emails or other student content for any purpose other than
virus checking/spam filtering? If yes,
for what other purposes?
5. Does Google
create user profiles and/or combine multiple data points on students for any
purpose other than to deliver school contracted services? If yes, what data points is Google collecting,
why is it collecting these data points, and when will Google delete these data
points?
Google's troubling behavior and policy reversal appears to have been the spark that ensured SB 1177 was passed by the state legislature and signed into law. In addition, Google's unfair and deceptive trade practices demonstrate the need for greater accountability and enforcement to ensure that our children's personal privacy and safety are not compromised for corporate profit. While the enactment of SB 1177 is a positive development, it is time for students, parents, school administrators, lawmakers, privacy advocates, and regulators to start holding Google accountable for its illegal student data mining and usage.
Copyright 2014 by Shear Law, LLC All rights reserved.
Wednesday, April 30, 2014
Google To Stop Scanning Student Emails, But Troubling Privacy Policies Continue
Google announced earlier today that it will stop automatically scanning student and teacher emails sent through Google Apps for Education and will no longer use the platform to deliver any advertising.
This is a positive development for student privacy and means that if the media questions and reports on troubling and illegal corporate practices positive change may occur. I initially blogged about this issue on January 24, 2014. At that time I stated, "[I]t does not appear that students, parents, and/or teachers have been informed and provided consent that would enable their digital interactions and the content sent and received on school contracted Gmail services to be utilized for advertising purposes."
Soon after I wrote about this tremendous threat to student privacy, I spoke to Education Week about this huge privacy and safety risk to our children. I told Education Week that I saw “major FERPA violations” in Google’s activities and suggested that the Education Department should investigate the company. The Federal Trade Commission, which is responsible for monitoring deceptive business practices, should also take note and....[t]he personal safety of students are at risk when commercial entities obtain access to student data and act upon the information."
While I believe this is a good first step for protecting student privacy, why did it take Google years to make this change? Absent multiple lawsuits and the investigative reporting from Education Week would Google have changed its practices? Will Google also turn off its scanning and behavioral advertising functions for its other services such as YouTube, Google Plus, etc...in a school setting? Will Google also change its Android and Chromebook policies to better protect student privacy? Will Google change its Terms of Service and Privacy Policies that govern all of its education offerings? Will Google revise all of its school contracts to reflect this announcement?
Will Google delete all of the personal and highly monetizable personal information that it has been collecting on students, parents, teachers, and their families? Since Google has been caught misrepresenting its practices once again should we as President Regan stated when describing the Soviet Union trust but verify? Who will do the verifying? The U.S. Department of Education, state departments of education, state attorney generals, the FTC? What about better protecting non-student users such as consumers?
Google's announced impending policy change appears to be an admission that it was violating Article 5 of the FTC Act that bans "unfair and deceptive acts". According to a 2011 FTC Consent Decree related to the Google's Buzz matter, it appears the FTC has wide latitude to investigate what appears to be an intentional privacy violation and fine Google accordingly. Under the consent agreement, it appears that Google may be fined up to $16,000 for each violation. Since Google has publicly stated that it has 30 million users, Google's legal liability may reach into the billions of dollars. For example, 30 million x $16,000 for each violation is a fine of $480,000,000,000. Will the FTC open an investigation to determine if Google violated its consent decree?
Since Google's troubling consumer privacy policy governs almost all of its services, more pressure needs to be exerted onto Google to better protect the personal privacy and safety of all of its users. Multiple EU data protection authorities have already either fined Google for its illegal and inherently dangerous privacy policy that clearly violates data protection laws across Europe and/or opened investigations into its troubling "evil behavior".
While Google creates some great products and services, it has consistently refused to do the right thing when it comes to protecting the personal privacy and safety of its users. Is this announcement being done to ward off an FTC investigation into its privacy practices and to stop more potential litigants from joining the Gmail scanning lawsuit(s)?
My hope is that now that Google plans on changing its student data collection and utilization practices in its Apps For Education platform, it will also do the same for its other school offerings. The bottom line is that Google and other companies that create user/people profiles for advertising and other purposes need to not only become more transparent but stop practices that erode the public's privacy and put them in harm's way.
Copyright 2014 by the Law Office of Bradley S. Shear, LLC. All rights reserved.
This is a positive development for student privacy and means that if the media questions and reports on troubling and illegal corporate practices positive change may occur. I initially blogged about this issue on January 24, 2014. At that time I stated, "[I]t does not appear that students, parents, and/or teachers have been informed and provided consent that would enable their digital interactions and the content sent and received on school contracted Gmail services to be utilized for advertising purposes."
Soon after I wrote about this tremendous threat to student privacy, I spoke to Education Week about this huge privacy and safety risk to our children. I told Education Week that I saw “major FERPA violations” in Google’s activities and suggested that the Education Department should investigate the company. The Federal Trade Commission, which is responsible for monitoring deceptive business practices, should also take note and....[t]he personal safety of students are at risk when commercial entities obtain access to student data and act upon the information."
While I believe this is a good first step for protecting student privacy, why did it take Google years to make this change? Absent multiple lawsuits and the investigative reporting from Education Week would Google have changed its practices? Will Google also turn off its scanning and behavioral advertising functions for its other services such as YouTube, Google Plus, etc...in a school setting? Will Google also change its Android and Chromebook policies to better protect student privacy? Will Google change its Terms of Service and Privacy Policies that govern all of its education offerings? Will Google revise all of its school contracts to reflect this announcement?
Will Google delete all of the personal and highly monetizable personal information that it has been collecting on students, parents, teachers, and their families? Since Google has been caught misrepresenting its practices once again should we as President Regan stated when describing the Soviet Union trust but verify? Who will do the verifying? The U.S. Department of Education, state departments of education, state attorney generals, the FTC? What about better protecting non-student users such as consumers?
Google's announced impending policy change appears to be an admission that it was violating Article 5 of the FTC Act that bans "unfair and deceptive acts". According to a 2011 FTC Consent Decree related to the Google's Buzz matter, it appears the FTC has wide latitude to investigate what appears to be an intentional privacy violation and fine Google accordingly. Under the consent agreement, it appears that Google may be fined up to $16,000 for each violation. Since Google has publicly stated that it has 30 million users, Google's legal liability may reach into the billions of dollars. For example, 30 million x $16,000 for each violation is a fine of $480,000,000,000. Will the FTC open an investigation to determine if Google violated its consent decree?
Since Google's troubling consumer privacy policy governs almost all of its services, more pressure needs to be exerted onto Google to better protect the personal privacy and safety of all of its users. Multiple EU data protection authorities have already either fined Google for its illegal and inherently dangerous privacy policy that clearly violates data protection laws across Europe and/or opened investigations into its troubling "evil behavior".
While Google creates some great products and services, it has consistently refused to do the right thing when it comes to protecting the personal privacy and safety of its users. Is this announcement being done to ward off an FTC investigation into its privacy practices and to stop more potential litigants from joining the Gmail scanning lawsuit(s)?
My hope is that now that Google plans on changing its student data collection and utilization practices in its Apps For Education platform, it will also do the same for its other school offerings. The bottom line is that Google and other companies that create user/people profiles for advertising and other purposes need to not only become more transparent but stop practices that erode the public's privacy and put them in harm's way.
Copyright 2014 by the Law Office of Bradley S. Shear, LLC. All rights reserved.
Subscribe to:
Posts (Atom)