Privacy & Security

Google Acknowledges Data Mining Student Users Outside Apps for Education

By Benjamin Herold — February 17, 2016 5 min read
  • Save to favorites
  • Print

Online-services giant Google has acknowledged that it collects and data-mines for some commercial purposes a wide range of personal information on student users who log in through its popular Apps for Education service, then venture to the company’s search engine and other products.

What kinds of student-data-privacy concerns are raised by that revelation, included in a letter from Google to U.S. Senator Al Franken last week?

Depends who you ask.

“This is the first time that Google has admitted that it is in fact spying on children in schools,” said Joel Reidenberg, a law professor and privacy expert at Fordham and Princeton universities, in an interview. “They are appropriating [students’] educational login to be able to track students when they use the [account] for non-Apps for Education purposes.”

Industry representatives, on the other hand, argued that Google is doing nothing wrong, the company should be applauded for its increased transparency, and that it appears to be making a good-faith effort to navigate tricky technical waters faced by many large technology companies who provide both commercial and educational products and services.

“I think they’re within their right to improve their products by using student information,” said Brendan Desetti, the director of education policy for the Software & Information Industry Association, a Washington-based trade group.

A Google spokesperson did not immediately respond to a request for further comment.

Google Scrutinized on Student-Data-Privacy

The new information about Google’s practices is the latest in a stream of controversies surrounding the Mountain View, Calif.-based company’s handling of student information. In 2014, the company found itself in hot water after Education Week reported that it had acknowledged “scanning and indexing” student email messages sent using Google Apps for Education, or GAFE. Google officials say the company has since stopped that practice.

But in December, privacy-advocacy group the Electronic Frontier Foundation filed a complaint against Google with the Federal Trade Commission, alleging in part that the company was using information collected from GAFE users who venture to other Google services in ways that violate the volunteer Student Privacy Pledge. That complaint prompted Franken last month to demand answers.

Google’s response to the senator’s request was sent on February 12 and signed by Susan Molinari, the company’s vice president for public policy and government relations in the America’s. It includes the following description of what types of information the company collects from student users who venture outside of Apps for Education to use the company’s other services:

If a school permits access to one of Google's additional services outside the GAFE core
services, such as Google Maps, Google collects the information described in our Privacy Policy. The information we collect in these services is similar to that collected from any other Google user, and includes: Information the user gives us, including personal information like name, email address, or telephone number. Device information (such as your hardware model, operating system version, unique device identifiers, and mobile network information including phone number). Log information, including user entries like maps queries, the network's IP address, and device event information such as crashes, system activity, hardware settings, browser type, browser language, the date and time of the request and referral URL.

If any of that information is associated with a student’s Apps for Education account, according to the letter, some additional protection for that student kicks in—namely, that Google will not use the information to target ads to that child.

In describing how the company does use such information when it is collected, however, Google’s letter does reference other commercial purposes:

Google may use the data from additional services outside of the GAFE core services for the purposes described in our Privacy Policy, which include, for example, product improvement and product development. We make further commitments for GAFE users in our GAFE Privacy Notice, including a commitment not to use personal information from K-12 GAFE users to target ads. In other respects, the additional services outside of the GAFE core services work for students just as they do for any other user.

Privacy advocates and industry representatives are likely to interpret such uses of those data in different ways, said Desetti of the Software & Information Industry Association.

“I think it really comes down to what we mean by ‘commercial purposes,’” he said. “Ultimately, it will be the FTC who really makes that determination.”

Also a challenge: regulating what happens when students jump back and forth between an educational service and a commercial product.

State and federal laws and the voluntary Student Privacy Pledge now signed by Google and more than 200 other companies cover only that information collected within an educational service, said Brenda Leong, senior counsel and director of operations with the Future of Privacy Forum, a Washington think tank with industry ties that is the prime mover behind the pledge.

“We feel that Google’s actions and response are consistent with observing those requirements,” Leong said in an interview.

A ‘Thorough’ Response From Google

Among the other issues Google’s letter addresses:

  • What kind of information is collected on students within Apps for Education and how it used (personal, device, and login information, but only to provide those educational services).
  • Whether Google has ever used personal information to target ads to students (still unclear)/
  • Whether it is possible for the company to require parent to opt-in to the types of data collection described above (the company puts the burden on schools).
  • Whether Google shares or sells student information (only under exceptional circumstances commonly cited by most companies).

In a statement, Senator Franken called the company’s response “thorough,” but said there are issues he hopes to further clarify.

“I’m still concerned about what Google does with the information it collects and processes from students who are browsing outside websites—like YouTube—while logged into Google’s education service,” Franken said. “I’m also still interested in whether or not Google can provide parents and students with stronger privacy protections.”

The company’s letter stressed that it is up to schools to grant access to students to venture outside of GAFE and to secure parental consent for allowing them to do so.

Reidenberg, the Fordham privacy professor, took particular issue with that stance.

“Number one, school administrators are generally not informed that this is what Google does,” he said. “Second, we have very strong public policies trying to get schoolchildren online for educational purposes and Internet research. If administrators follow those [policies], and kids are logged into Apps for Education, this is letting Google spy on them.”

Photo: The Google sign at the company’s headquarters in Mountain View, Calif.--Marcio Jose Sanchez/AP-File

See also:

for the latest news on ed-tech policies, practices, and trends.

A version of this news article first appeared in the Digital Education blog.

Commenting has been disabled on effective Sept. 8. Please visit our FAQ section for more details. To get in touch with us visit our contact page, follow us on social media, or submit a Letter to the Editor.


This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Teaching Webinar
What’s Next for Teaching and Learning? Key Trends for the New School Year
The past 18 months changed the face of education forever, leaving teachers, students, and families to adapt to unprecedented challenges in teaching and learning. As we enter the third school year affected by the pandemic—and
Content provided by Instructure
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Curriculum Webinar
How Data and Digital Curriculum Can Drive Personalized Instruction
As we return from an abnormal year, it’s an educator’s top priority to make sure the lessons learned under adversity positively impact students during the new school year. Digital curriculum has emerged from the pandemic
Content provided by Kiddom
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Equity & Diversity Webinar
Leadership for Racial Equity in Schools and Beyond
While the COVID-19 pandemic continues to reveal systemic racial disparities in educational opportunity, there are revelations to which we can and must respond. Through conscientious efforts, using an intentional focus on race, school leaders can
Content provided by Corwin

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide — elementary, middle, high school and more.
View Jobs
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
View Jobs
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
View Jobs
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.
View Jobs

Read Next

Privacy & Security Spotlight Spotlight on Lessons Learned: Digital Safety
In this Spotlight, review ways you should be approaching student and system data, discover how others teach digital safety, and more.
Privacy & Security Quiz Quiz: How Much Do You Know About Protecting Students During Remote Learning?
Quiz Yourself: What should you know about storing video content involving students?
Privacy & Security Spotlight Spotlight: Online Student Safety
In this Spotlight, assess possible digital vulnerabilities, learn how students may be partaking in digital self-harm, and more.
Privacy & Security Hackers Post 26,000 Broward School Files Online After District Doesn't Pay Ransom
Hackers who demanded up to $40 million from the Broward School District have now published nearly 26,000 files stolen from district servers.
Scott Travis, South Florida Sun-Sentinel
3 min read
Image shows a glowing futuristic background with lock on digital integrated circuit.
iStock/Getty Images Plus