clock menu more-arrow no yes

When Personalized Learning Gets Too Personal: Google Complaint Exposes Student Privacy Concerns

Google says it does not serve any ads anywhere based on student browsing habits.

Anthony Souffle/Chicago Tribune/TNS via Getty Images

Few educators debate the merits of personalized learning. The proliferation of low-cost laptops and tablets married with services provided by Google, Apple and Microsoft have given teachers the tools to track the individual progress of students and customize lesson plans.

But when does personalized learning get too personal?

That’s the question behind a United States Federal Trade Commission complaint filed last week by the Electronic Frontier Foundation accusing Google of collecting and using personal student information for non-education purposes and in violation of its K-12 Student Privacy Pledge.

Though Google has said that it did nothing wrong and remained “firmly committed” to keeping student information private and secure, the accusation exposes the escalating tension between school systems entrusted with safeguarding the privacy of kids and the innovators pushing the boundaries of modern education.

“There is a broad consensus that technology has the potential to improve education and make it more personalized, but it is never going to come to pass if we don’t set higher standards for student and data security.”

“There is a broad consensus that technology has the potential to improve education and make it more personalized, but it is never going to come to pass if we don’t set higher standards for student and data security,” said Tyler Bosmeny, chief executive of Clever, a San Francisco company whose software helps school districts manage education apps. “When I talk to district administrators, this is one of the top issues on their minds.”

The EFF’s charges are just the latest in a series of complaints that tech companies have crossed the line. The FTC intervened when ConnectEDU, a popular college and career planning site, proposed selling the company’s assets — which included 20 million student records, including names, dates of birth, email addresses and telephone numbers. The company, which had raised $28 million from backers including Allen & Co., filed for bankruptcy court protection last year. The FTC sought to block the sale, saying it would violate the company’s own privacy policy. Instead, the judge ordered ConnectEDU to notify its users of a sale and let them delete their data.

Privacy advocates and parents protested inBloom, a data analytics company that planned to collect a staggering amount of personal details on public school students in New York State — from test scores to disciplinary records to special education assessments to whether students qualified for free lunches. The company had hoped to draw together all the available information about each student to customize lessons for them. The Bill and Melinda Gates Foundation, which backed the $100 million education technology startup, along with the Carnegie Corp., shut down the venture after 15 months. Critics warned that school officials would be ill-equipped to monitor how outside vendors would use such sensitive data.

Google agreed last year to stop scanning the Gmail accounts of millions of students using its Google Apps for Education, a collection of software for creating documents, spreadsheets and presentations and storing school projects. Although the technology giant said it wouldn’t place ads within Apps for Education, it could potentially have used that information to target ads to students elsewhere online. Google has said it never used student data to target ads anywhere.

“There is a great tension between how software is tracking the outcomes and the learning that students are doing and what happens to that data,” said Betsy Corcoran, chief executive and co-founder of EdSurge, an education technology news site that also sponsors conferences. “Who owns the data? Who is responsible for making sure that data is not abused in some way?”

“Who owns the data? Who is responsible for making sure that data is not abused in some way?”

California state lawmakers have raced to keep up with the problems created by these new classroom tools with laws designed to safeguard student data. The California Student Online Personal Information Protection Act, which takes effect Jan. 1, will prohibit the operators of websites, online services and apps from using student data for targeting advertising or creating individual profiles except for school purposes. It restricts the sale or disclosure of student information and mandates that this sensitive data be protected.

Hailed by some as landmark legislation, the California law known by the acronym SOPIPA has a significant loophole: These privacy protections do not follow the student when they wander beyond the digital school perimeter to general websites, online services or mobile apps. That could open the door to Google serving targeted ads to students once they leave its education apps, the EFF warned in a letter to one Northern California school district — though the federal Children’s Online Privacy Protection Act prevents sites from gathering information about children under the age of 13 without first obtaining a parent’s consent.

Not My Daughter

Concerns about what data is being collected and how it is being used drove the EFF to investigate what Google was doing with data compiled through its Apps for Education program, after one parent complained. Jeff W., worried that his 9-year-old daughter would be tracked online, contacted the EFF after his daughter’s school began mandating the use of Chromebooks in the classroom. His concerns only grew when the district created a Google account for his daughter that included her real name and date of birth. The complaint was a tipping point for the digital rights group, which had received numerous inquiries from other parents concerned about the use of Chromebooks and other technologies in the classroom.

“Google is such a big company. They have huge reach. They’ll get more information on my daughter individually,” said Jeff W., a Navy veteran who asked that his full name be withheld for fear of retaliation. “Once you’re logged on to their hardware, the game’s on. They have a lot of potential for collecting information.”

The EFF complaint accused the search giant of tracking everything student users do across Google’s services whenever they’re logged in to their Google Apps for Education accounts. It monitors what students search for online, which results they click on or what videos they watch on YouTube — whether they’re doing school work or not, the complaint alleged. Google said personal data is used to provide the education services themselves, so students can communicate using email or collaborate on assignments through Google Docs. It doesn’t use these student personal profiles for ad targeting on its education apps, which are ad-free.

When students use the Chrome browser, which comes installed on Chromebook laptops, a feature called Chrome Sync is turned on by default and automatically collects and stores the user’s entire browser history — not just visits to Google-owned sites, such as YouTube or Google Maps, according to the EFF complaint. Google said this tracking allows students to find all their apps, bookmarks and frequently visited Web pages — even if they’re sharing devices in a classroom. Google says it strips out information about individual users collected from millions of users of Chrome Sync (which is available to any user of Google’s browser) to improve search.

The EFF contends that such data collection goes beyond what’s needed for educational purposes, to serving Google’s own interests — including improving its products or targeting ads outside of Google’s education apps. Google said in a blog post that it does not use a student’s personal data or browsing history to target ads in or out of the Google Apps for Education environment. The FTC ultimately will sort out the competing claims.

Craig Bates, coordinator of instructional technology at Talladega County Schools, an Alabama school district that just deployed about 3,000 Chromebooks this year to its students, said he’s convinced that Google has honored its commitment to protect student privacy and refrain from mining that data for advertising purposes. Students also understand they’re working on computers that have been furnished by the district, using the district’s credentials and networks, even when at home, he said. They know the district will monitor every site they visit and the materials they access — if only to keep them safe.

“Your right to privacy is limited.”

“Your right to privacy is limited,” said Bates. “Even this year, I’ve had a few emails that came to me through monitoring services, [alerting me to] students going to sites about suicide. That allows me to say to a counselor or a principal, ‘This is what has been observed. You’ve got to make sure you speak to this child.'”

In a letter to the district, an EFF attorney wrote on Jeff W.’s behalf to express his qualms about the Roseville City School District allowing a commercial data company like Google to recruit users with its educational software. The message the district is sending pupils like his daughter, the letter argues, is that the school was willing to exchange a student’s personal information in exchange for “free services.”

“They’re fundamentally an advertising company — that’s how they make money,” said Jeff W. of Google. “Either they’re collecting information now, or planting the seeds and getting the information later. The scary part, as a parent, is how much?”

This article originally appeared on Recode.net.

Sign up for the newsletter Sign up for The Weeds

Get our essential policy newsletter delivered Fridays.