December 2, 2015 | By Jeremy Gillula

Google’s Student Tracking Isn’t Limited to Chrome Sync

Many media reports on (as well as at least one response to) the FTC complaint we submitted yesterday about Google’s violation of the Student Privacy Pledge have focused heavily on one issue—Google’s use of Chrome Sync data for non-educational purposes. This is an important part of our complaint, but we want to clarify that Google has other practices which we are just as concerned about, if not more so.

In particular, the primary thrust of our complaint focuses on how Google tracks and builds behavioral profiles on students when they navigate to Google-operated sites outside of Google Apps for Education. We’ve tried to explain this issue in both our complaint and our FAQ, but given its significance we think it’s worth explaining again.

To understand what’s going on, you first have to understand that when it comes to education, Google divides its services into two categories: Google Apps for Education (GAFE), which includes email, Calendar, Talk/Hangouts, Drive, Docs, Sheets, Slides, Sites, Contacts, and the Apps Vault; and everything else, which includes Google Search, Blogger, Bookmarks, Books, Maps, News, Photos, Google+, and YouTube, just to name a few.

Google has promised not to build profiles on students or serve them ads only within Google Apps for Education services. When a student goes to a different Google service, however, and they’re still logged in under their educational account, Google associates their activity on that service with their educational account, and then serves them ads on at least some of those non-GAFE services based on that activity.

In other words, when a student logs into their educational account, and then uses Google News to create a report on current events, or researches history using Google Books, or has a geography lesson using Google Maps, or watches a science video on YouTube, Google tracks that activity and feeds it into an ad profile attached to the student’s educational account—even though Google knows that the person using that account is a student, and the account was created for educational purposes.

This is our biggest complaint about Google’s practices—that despite having promised not to track students, Google is abusing its position of power as a provider of some educational services to profit off of students’ data when they use other Google services—services that Google has arbitrarily decided don’t deserve any protection.

Of course, that’s not to say that Google’s use of Chrome Sync data for non-educational purposes isn’t a problem. While we agree that Chrome Sync is an incredibly useful service, we don’t think students should be guinea pigs in Google’s efforts to improve its products without explicit parental opt-in—even if their data is anonymized and aggregated. The Student Privacy Pledge website clearly says that service providers will “use data for authorized education purposes only”—and anonymized or not, using Chrome Sync data for anything other than the Chrome Sync service itself does not constitute an educational purpose.

While our FTC complaint is focused on Google, rest assured that we’re not limiting our campaign to one company. In the coming weeks and months we intend to continue investigating the practices of other cloud-based education services. And if you’re a parent or teacher with first-hand knowledge of other cloud-based education services, you can help us out by filling out our survey so we can gather more information to decide where to focus next!


Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

.@zeynep Agreed. While key mgnt choices are complex & security critical, it may be unfair to call them backdoors. https://www.eff.org/deeplinks...

Jan 23 @ 6:52pm

EFF is on @CREDOMobile's January ballot! Your votes help us get more of the $150K+ donation pool. https://www.credodonations.co...

Jan 23 @ 5:22pm

Trump's nominee for Attorney General, Sen. Jeff Sessions, wants the government to be able to "overcome" encryption: https://www.eff.org/deeplinks...

Jan 23 @ 4:47pm
JavaScript license information