School districts around the country are adopting devices like Chromebooks and iPads for use by students, putting an unprecedented number of K-12 students’ data on computers, tablets, and in the cloud. More than 30 million students, teachers, and administrators use Google Apps for Education (GAFE), and that number is rapidly growing. It’s great to see technology embraced in the classroom, but some of these devices can jeopardize students’ privacy as they navigate the Internet—including children under the age of 13.

This FAQ provides an entry-point to learn about school-issued technology and the ramifications it can have for student privacy.

Are there benefits to having technology in schools?

Absolutely. Students use school-issued devices to access class information through online portals, take tests online, access online textbooks, and watch teacher-created videos. They play educational games and collaborate on projects. They conduct research online, take photos of assignments, and text and video-conference with peers about schoolwork. Used responsibly, these devices are a powerful aid to education, and studies (like those cited here, for iPads) have provided evidence that they can substantially improve performance on tests of reading proficiency, math literacy, scientific understanding, and more. Mobile devices can extend student learning beyond the school day, allow students to review materials at any time, improve student-teacher and teacher-parent communication, personalize learning, and increase student engagement.

What types of cloud services and devices are schools having students use?

The answer varies from school to school, so the best way to find out what your school is using is to contact your school's administrators. Schools may issue Google Chromebooks, Apple laptops, Windows laptops, and tablets such as the iPad or Microsoft Surface. Last year, Google Chromebooks accounted for about a third of mobile digital devices sold to schools. Schools may also use different types of software, such as Google Apps for Education, Microsoft in Education, or other cloud-based services.

EFF is researching the types and prevalence of technology used at schools. If you are a parent, school administrator, or teacher and you know of schools issuing devices or using cloud services, please let us know by taking our survey.

What is Google Apps for Education (GAFE)?

GAFE is a group of services marketed to classrooms and school districts. It includes Google’s “core services” like Gmail, Calendar, Talk/Hangouts, Drive, Docs, Sheets, Slides, Sites, Contacts, and the Apps Vault. It also includes Google Classroom, a “blended learning platform” that allows assignments to be created, distributed, and graded digitally. It does not include other Google-owned apps and services like YouTube, Blogger, Google Maps, Google Books, or any of the other services on this page.

What data does Google collect about students?

When students log into Google, whether through Chromebooks or through GAFE, Google collects a huge variety of personal data by default: search history and which results students click on, videos they search for and watch on YouTube, usage data and preferences, Gmail messages, G+ profiles and photos, docs, and other Google-hosted content and content that flows through Google’s systems.

Additionally, if students use Chrome (the only browser available on Chromebooks), Google also collects the following information by default: browsing history, bookmarked URLs, passwords, website form entries, and which extensions are installed—and Google stores this information in the cloud (rather than locally on the Chromebook itself).

How well is students’ private personal data protected?

Right now, not well enough. This data can be used to create a profile of students, and Google’s only assurance is that this profiling in GAFE (including in students’ individual Google Docs and Google Drive accounts) won’t be collected or used “for any advertising purposes.” Furthermore, there is no guarantee that Google won’t collect students’ data for targeted advertising once students navigate outside of GAFE.

According to Google, K-12 GAFE users “don't see ads when they use Google Search and are signed in to their Apps for Education accounts,” and that GAFE services “don't collect or use student data for advertising purposes or create ads profiles.” The company also claims not to collect or use any information from GAFE accounts’ accompanying Google Drives, Docs, Sheets, and so on, at least for advertising purposes.

However, Google collects and uses a huge assortment of data from students, including literally every piece of information that flows through Google’s systems—inside and outside of GAFE—for other purposes. This could mean building a profile of a student’s personal contacts and social networks, manipulating (in Google’s view, “optimizing”) the order in which search results are presented, logging the bus route a student looks up in Google Maps to get to the mall after school, or incorporating a student’s personal photos stored in their Google Drive to build a face-recognition database. It’s also possible that Google does not use student data for any of these purposes—but unfortunately, Google has refused to articulate the reasons for its overbroad data collection, or justify the educational necessity of this data hoarding.

Most concerning, this data is all stored in the cloud by default, because school-issued Chromebooks are set up to auto-sync by default. These practices violate the Student Privacy Pledge (which Google signed) not to collect (much less use) any student personal information “beyond that needed for authorized educational/school purposes.”

Can student data be used for advertising?

According to Google, “K–12 Google Apps for Education users don't see ads when they use Google Search and are signed in to their Apps for Education accounts,” and “Google Apps for Education services don't collect or use student data for advertising purposes or create ads profiles.” These services include email, Calendar, Talk/Hangouts, Drive, Docs, Sheets, Slides, Sites, Contacts, and the Apps Vault. Once a student leaves GAFE and Google Search, however, their data may be collected, profiled, and stored indefinitely (even if a student is still logged into their GAFE account). Although Google promises not to combine the protected GAFE information with data from students’ activity outside of GAFE, it makes no assurances that students’ activity data outside of GAFE won’t be mined for advertising or other purposes, even when they’re working on school assignments.

The legal landscape isn’t particularly clear-cut. According to the Center for Democracy and Technology, “federal law provides K-12 students and parents with few protections from third parties’ collection and use of student data,” particularly when that data is digitally gathered or stored. Individual states may have stricter laws protecting the privacy of student data and preventing its use in advertising. For instance, California’s statewide Student Online Personal Information Protection Act (SOPIPA), which goes into effect January 1, 2016, prohibits students’ information from being used for advertising purposes. This includes personal data like name, birthday, and behavioral data like search activity.

However, SOPIPA does not apply to websites, online services, and applications outside of GAFE, even if a student’s Google login information is required to access them. For example, a student accessing YouTube with their school-assigned Google account may reveal personal information that can be used to build profiles and target advertisements—all because YouTube isn’t a GAFE service protected under SOPIPA. In other words, once students navigate outside of GAFE to the Internet at large, Google is no longer considered an educational service provider, and the stronger student privacy regulations imposed specifically on educational service providers no longer apply to the company.

Can these devices track students online?

Yes. Unfortunately, just because students aren’t seeing ads doesn’t mean their data is not being collected for other purposes, or that their activity isn’t compiled into profiles. It also doesn’t mean they aren’t being tracked online. GAFE services may not collect data for advertising, but student accounts may still be tracked as soon as those students leave the GAFE product suite—for example, by Google’s very own DoubleClick cookies, which are present on more than half of the Internet’s top 10,000 websites, including YouTube, NBC News, Flickr, CNN, Ask.com, BBC, Dictionary.com, NYtimes.com, and the Washington Post. And of course, student data can be tracked, collected and used for building profiles, even for advertising, in any Google service not considered a core GAFE service—including YouTube, Blogger, Google Maps, Google Books, or any of the other services on this page.

Obviously, it would be impractical (if not outright impossible) for all online service providers to differentiate students from adult Internet users as they navigate the wider web. However, it is troubling that the very same vendors that market hardware and software to schools are now using those products to collect sensitive student data—particularly when this collection has no legitimate educational benefit to the students, their teachers, or their schools.

Are there privacy risks associated with devices other than Chromebooks?

Yes. In Wayzata, Minnesota, for example, a student named Nathan Ringo had his Internet privileges for the entire term revoked for “hacker talk” after warning his peers about the overbroad privacy waivers students would agree to if they signed up for school-issued iPads. After extensive searching, he could find no information about what information the district and Apple could gather, and under what circumstances that data could be retained, used, or shared. “They can gather anything,” he said, “but they don’t say what they actually have gathered.” As of mid-2014, Apple had sold more than 13 million iPads directly to schools (K-12 and university). Please fill out our survey to help EFF understand which devices merit further research.

Why are parents concerned about this technology?

Parents have reached out to EFF with concerns about woefully inadequate, overreaching, or inappropriate technology policies in their districts, and sometimes a lack of policies altogether. By putting students’ private information on the web, we take many risks that go far beyond subjecting students to tracking for advertising purposes. We normalize a world where students are expected to thoughtlessly hand over their personal data to companies and rely on proprietary software. We also put their personal privacy in the hands of third parties who may not protect it, despite the laws that are already in place. When used responsibly, the mobile digital devices issued by schools are a boon to education—but that responsibility should not be entirely left up to the software and hardware vendors that sell schools products for students.

How can we make this technology safer for schools already employing it?

Skills like touch-typing, researching on the Internet, and seeking out reputable information sources online are important skills to learn in any school. But real technological literacy also means knowing how to use the Internet without sacrificing safety and privacy. Parents and teachers should help kids learn how to set secure passwords, understand (and regularly delete!) cookies, and install tracker blockers. They should encourage students to use Incognito mode in Chrome when browsing the web outside of GAFE. Students with Chromebooks and other devices can install HTTPS Everywhere and Privacy Badger, both of which are free extensions that help preserve privacy online. To learn more, visit our Surveillance Self-Defense Guide.

What can Google do to improve the privacy protections for students using Chromebooks and GAFE in schools?

As more and more schools issue Google Chromebooks and utilize GAFE, Google is uniquely positioned to protect the privacy of students. Here are some basic steps Google should take to proactively safeguard student privacy:

  • Google should not collect data on students (those using GAFE accounts) when that collection has no legitimate educational purpose. This includes behavioral data on student accounts, especially when they navigate outside of GAFE’s core services.
  • Google can and should commit to treating data generated by GAFE accounts on all Google-owned services with a higher level of protection; the data should only be used to provide services directly to students. Additionally, Google should offer a privacy setting that allows all student tracking and data collection not related to GAFE to be turned off.
  • Google should change the default privacy settings on Chromebooks to better protect student privacy. Right now, Chromebooks purchased by schools have Chrome’s Sync feature turned on by default—which auto-syncs students’ browsing history, settings, and more to the cloud, where it is datamined by Google for purposes unrelated to education.
  • Google should be more transparent. Google should provide school districts considering the adoption of Chromebooks and/or GAFE, as well as parents, clear, explicit notice about Google's data collection and use policies before contracts or consent forms are signed. School districts should have the ability to negotiate contract terms limiting Google's collection and use of student data according to their preferences. Google should provide district administrators, teachers, and parents a practical guide to changeable privacy settings associated with Chromebooks and GAFE. Google should create a single webpage—a "one-stop shop"—where any parent or member of the public can learn about data privacy in relation to Chromebooks and GAFE.

EFF has filed a formal complaint against Google with the FTC to address the company's overbroad collection of student data. You can learn more here and read the complaint itself here.

Can parents opt their kids out of these programs, or purchase their own devices for their students?

This is unclear. Some districts appear to have an opt-out policy, but others do not. We have heard of at least one district in which the school district “consented” to the technology on behalf of parents, despite the fact that FERPA (the federal Family Educational Rights and Privacy Act) requires written parental consent unless specific conditions are met, and despite the fact that Google itself says that it “contractually require[s] Google Apps for Education schools to get the parental consents that COPPA calls for to use our services.”

Our research also suggests that some districts may obtain the required parental consent, but without offering a BYOD (Bring Your Own Device) policy or other alternatives to using the assigned mobile digital device. In a 2013 survey, only 10% of schools allowed BYOD, despite more than 50% of parents surveyed (across all grade levels and in rural, suburban, and urban communities) saying they were in favor of policies at least permitting BYOD.

In Grand Haven Area Public Schools—a district in Michigan that enrolls more than 6,000 K-12 students across 12 schools—Chromebooks are mandatory. It is troubling that their policy states that students “should have NO expectation of privacy of materials found on any District Devices,” and that their devices—along with data like students’ email accounts—may be seized and reviewed “at any time.” They do require parental signatures for younger students, as required by COPPA, but warn that enrollment “will not be considered complete” for students whose parents don’t consent—effectively forcing parents to sign these forms if they want to enroll their children in any of the district’s 12 schools.

EFF is investigating this issue and would like to learn more about it. If you are a parent, school administrator, or teacher, please take our survey.

What laws are in place to protect student privacy?

There are two main federal student privacy laws in place: FERPA and COPPA.

COPPA, the Children’s Online Privacy Protection Act, requires commercial website operators to obtain “verifiable parental permission” to collect personal information from children under the age of 13 in the United States. Under COPPA, children younger than 13 cannot be required to give out more information than is “reasonably necessary” to participate in a website’s activities, and parents have the right to know what information is being collected about their children and how it is being used. Websites cannot collect, use, or disclose a child’s personal information (such as a name, address, phone number, email address, location, photo, or IP address) without parental consent.

FERPA, the Family Educational Rights and Privacy Act, is specifically aimed at student privacy, protecting children’s educational records (including report cards, transcripts, disciplinary records, contact and family information, and class schedules). Under FERPA, schools are required to obtain written consent from parents before disclosing students’ records or any personally identifiable information to any third parties, and parents have the right to review their minor children’s educational records. In an attempt to get around the written parental consent requirement, the contract that schools/districts sign with Google to use GAFE specifically says that Google will be considered a “School Official” under FERPA when it receives personal student information. However, a vendor will be considered a "school official" only if certain specific conditions are met. And FERPA does not strictly regulate how Google—even as a “school official”—can collect, store, or use this data.

Individual states may have their own student privacy laws, such as SOPIPA (the Student Online Personal Information Protection Act) in California. However, these laws are not enough on their own to keep children’s information secure online. The social networking website Xanga, for example, was fined $1 million in 2006 for allowing children to sign up for the service without obtaining parental consent, and the FTC fined Yelp $450,000 for similar violations in 2014. Google itself also collects far more student data than is “reasonably necessary.”

Read more in our Legal Analysis.

Doesn’t Google need to track students online to prevent them from accessing inappropriate content?

Absolutely not. First, there are laws in place to protect minors from accessing inappropriate content. CIPA—the Children’s Internet Protection Act—addresses online safety for children, and requires that schools receiving federal funding for technology place limits on that technology, including blocking and filtering visual depictions that are harmful to minors, such as obscene, pornographic, or harmful material. (This filtering is often overbroad, blocking out huge swathes of the Internet, an issue we’ve written about before.) Second, this type of content filtering is done at the network level—in other words, it’s controlled by the schools and districts that manage those networks, not by the devices that hook up to them. Content filtering is not Google’s job, nor it should it be. Third, tracking and content filtering are two separate issues: online activity does not need to be tracked from website to website, nor profiled, in order for schools to filter out inappropriate images.

Are there examples of schools turning on cameras and tracking the location of school-issued laptops?

Yes. In Pennsylvania’s Lower Merion School District, school administrators issued Apple laptops to students and then turned on the cameras remotely. School officials were able to capture nearly 56,000 images (about half webcam photographs and half screenshots) from dozens of student laptops.

One student, Blake Robbins, was photographed some 400 times during a two-week period, including some photos where he was sleeping in his bedroom.

The school was sued by students and eventually settled out of court. The FBI investigated whether the school district broke criminal wiretap laws but declined to bring charges.

As Forbes noted, “One of the biggest problems for Lower Merion was that school administrators did not disclose from the beginning to students and their parents that the school could remotely activate the laptop cameras and take photos.”

The ability of schools to turn on cameras depends on the specific software and hardware configuration of student devices. If you are a parent, school administrator, or teacher, please take our survey so that we can learn more about what’s being used in your district.

Do school children have to be a certain age before they are issued school technology?

No. We’ve heard of children as young as seven years old receiving school-issued Chromebooks. According to a report from Project Tomorrow, 41% of students in kindergarten through second grade have access to laptops and/or tablets (not necessarily issued by schools), 31% of middle and elementary school students use school-issued devices, and 25% of elementary (grade 3-5) students in Title I schools use school-issued devices.

I’m a parent with a child in school. Will the school tell me before issuing technology to my child?

We certainly hope so, but the answer varies from school to school. EFF has been contacted by multiple parents reporting that their children are receiving school-issued devices without affirmative consent from the parents.

What happens to student data when the students turn 18?

According to Google, when a student leaves school, their account is removed, and data from the “dead” GAFE account is not combined with or migrated to new Google accounts the same person creates later. Google then holds onto the data “as long as schools require” them to—the decision lies with the districts and schools.

I'm a concerned parent. What can I do if my school is considering this type of program?

We encourage you to work with fellow parents in your school district, as well as the PTA and school administrators, to advocate for policies that protect student privacy and security. Visit the Tips for Parents section for more advice.

I’d like to connect with other parents concerned about this issue. Where can I do that?

The Tips for Parents section offers pointers on connecting with parents locally, and the Find Allies section contains some helpful links to national networks of parents who care about student privacy.

Related Issues: