The Electronic Frontier Foundation has filed a complaint with the Federal Trade Commission against Google for violation of the K-12 School Service Provider Pledge to Safeguard Student Privacy. The FTC will assess the complaint on its merits and make a judgment one way or the other. But, it is important to point out that the complaint contains some important misunderstandings about the student privacy pledge.
First, the complaint alleges that Google violated the student privacy pledge because it collected information about students who are using general purpose services. The pledge, however, only applies to applications, services, or web sites “designed and marketed for use in United States elementary and secondary educational institutions.”
The complaint also alleges that Google violated the pledge by collecting personal information such as browser histories and bookmarks. However, this information is collected at the direction of the school as part of a student’s educational experience. The pledge was never intended to prevent the collection of personal information as part of students’ educational experience.
Another violation alleged in the complaint is that Google collects and uses aggregated and anonymized information. As many privacy advocates and regulators have argued, aggregation and anonymization are important privacy enhancing tools. As a way to encourage the use of these tools, the pledge applies only to personal information that identifies particular students and is maintained at the individual level.
Last, the complaint suggests that the pledge is violated because school administrators are free to authorize the collection of additional student information. But the pledge is intended to allow administrators to make judgments about the use of student information for educational purposes.
FTC enforcement of privacy promises is entirely legitimate and is an important element of the system of self-regulation the industry has adopted. But, it is also important to have a clear understanding of what the student privacy pledge actually says.
Mark MacCarthy, Senior Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology. Follow Mark on Twitter at @Mark_MacCarthy.