Update January 19, 2015: Public pressure works! A few days after this article was first published here on Medium, Google’s name quietly appeared on the signatories page of the pledge. So far they have made no statement about their change of heart, which became known on a Friday before a three day holiday weekend (traditional burial ground for news you don’t want to shout from all the rooftops). Frankly they moved faster than I had expected. But I’m glad to see it all the same. Their movement on the student privacy issue in the past 12 months has been significant, and they as well as the privacy advocacy community which pushed them to it are to be congratulated. Going forward of course our watchword will be “Trust, but Verify!”.
Why Google is ignoring Obama’s challenge to sign the Student Privacy Pledge
The pledge isn’t compatible with the search giant’s data-obsessed, ad-driven business model
Several months ago a group of privacy advocates and education software providers, with prominent support from the Obama administration, overcame their differences and agreed to a Student Privacy Pledge. The 12 commitments of this pledge make for a remarkably strong document that places important limits on how children’s data can be used by commercial firms. It comes at a time when interest and investment in education technology are booming as never before. Among the pledge’s key commitments:
· Student information to be collected for educational purposes only
· No use of student information for targeted advertising
· No profiling of students except for authorized educational purposes
· Only collect information actually needed for education purposes, only as authorized by the school or parents, and only retain for as long needed
The White House informs us that the pledge has now been signed by over 75 companies, including tech giants Apple and Microsoft alongside many smaller firms. One imagines that some of these firms needed (like recalcitrant schoolchildren) to have their ears pulled a little. But they signed, no doubt mindful of President Obama’s blunt warning to non-signers that “if you don’t join this effort, then we intend to make sure that those schools and those parents know you haven’t joined this effort”. Yet still we learn that there are several conspicuous holdouts, among which Google and Pearson. The reasons behind these firms’ reticence are worth examining.
Pearson refused a journalist’s request to comment on the pledge, but proceeded to explain that it wasn’t “in the business of selling personally identifiable student data or permitting its use for targeted advertising”. Translation: Pearson will respect those parts of the pledge, but reserves the right to violate others — perhaps the commitment not to profile, or not to use information for purposes beyond those authorized?
As for Google, the Wall Street Journal speculates that the search giant is reluctant to sign the pledge because it fears the FTC will actually force it to honor this commitment. It is indeed true that the FTC holds companies to their promises. It has already dinged Google more than once for failure to honor self-regulatory commitments. The 20 year FTC consent decree signed by Google in 2011 after the Buzz social network fiasco specifically charged the firm with violating promises it made in accepting the U.S.-EU Safe Harbor agreement. More recently the FTC hit Google with a $22.5 million fine in the so-called SafariGate case for violating an ad industry code of conduct it had publicly adhered to.
But I believe there are two more specific reasons for Google’s refusal to sign the Student Privacy Pledge. These reasons are a little more technical, so allow me a few words to unpack them. For general background I also suggest my longer article “The Natural History of Gmail Data Mining”.
First — while Google said last April it would end its practice of scanning student content for ad targeting purposes in what it calls the “core services” of Google Apps for Education (chiefly Gmail and Google Docs), it has made no such commitment for what its GAFE user agreement defines as “non-core” services — notably YouTube and Google+. Schools that use GAFE can choose whether or not to expose their pupils to these non-core services, but many do. And if they do, then all bets are off regarding data mining, user profiling and ad targeting. Google’s terms of service and privacy policy make unambiguously clear that in these circumstances it retains the right to target kids with ads, and indeed it does so energetically. So that is a very sound reason for it to not sign the pledge, albeit one it may not wish to boast about.
Second — apart from Google Apps for Education, there is the question of Chromebooks in schools. These devices are very attractively priced “browser-only” laptops that run GAFE and other web services through Google’s (excellent) Chrome browser. Tens if not hundreds of thousands of Chromebooks are already in American schools, and they are certainly the fastest growing device category in the education market today. However, Chromebooks as currently configured by Google are incompatible with the Student Privacy Pledge. They require all users (student or teacher) to have a Google account, and their use is explicitly subject to Google’s controversial privacy policy, which authorizes user profiling, data mining and targeted ad-serving. So Chromebooks are another reason for Google not to sign the pledge.
In short, the Student Privacy Pledge is exceedingly inconvenient for Google’s data-obsessed, ad-driven business model. However, all need not be lost. Google has already backed down once before on matters of student online privacy, most notably when it abandoned data mining in GAFE last spring (at SafeGov we would argue that this move was spurred in large measure by our global series of parent surveys on the issue of student privacy, which demonstrated that parents overwhelmingly oppose such practices). We can continue to hope that Google will do the same now for the Student Privacy Pledge, if parents and privacy advocates keep up the pressure.
