Quite a few media outlets have excitedly reported on Google’s announcement last week that ads and ad scanning will now be removed from the company’s education apps for schools. If these articles were to be believed, we should all be dancing in the streets with joy over some miraculous U-turn by the company on its combative attitude to privacy protection.
Sadly, this is not the case. The media excitement has been premature and largely misplaced. If you peel the story back a couple of layers, the scenario that emerges is extremely worrying.
The media excitement has been premature and largely misplaced. If you peel the story back a couple of layers, the scenario that emerges is extremely worrying.
In a company blog published last week, Google’s director of education services announced that from now on scanning and ad placement will not be enabled. Proclaiming a commitment to the protection of children’s privacy, the blog explained that the new measures were essential to trust.
This change of directions of course implies that the company had in the past compromised that trust by intruding on privacy, but let’s come back to that issue later.
Here’s the announcement that we “should” have read on the Google blog:
“Google is committed to protecting the privacy of children and young people, so we will no longer scan, analyse, process or store any data relating to them for any purpose whatever. It’s the right thing to do”
But that’s not what Google said. Instead, the company announced that it will disable content scanning only on Gmail “for advertising purposes“. That’s a far cry from a global commitment to protect privacy.
Google must answer a number of unresolved questions about just how far its proclaimed commitment to children’s privacy extends.
Equally unclear is precisely what Google really means when it says that “Google cannot collect or use student data in Apps for Education services for advertising purposes.”
It’s also noteworthy that the definitions are left hanging. It is unclear what Google even means by the terms “student data” and “advertising purposes.” Data protection regulators may wish to pursue this rather significant loose end.
It’s also reasonable to ask what Google intends to do with all of the student data it has collected so far through Gmail in GAFE. If the company truly is concerned about student privacy, then the company should either permanently discard the scanning data from private email communications that it has been collecting from students over the past seven years, or explain how it intends to segregate that data. This is a critically important issue.
It’s not unreasonable to also demand that the company should then commission an unaffiliated third party audit of its systems to confirm that it has taken these actions. These audits aren’t cheap of course, often coming in at hundreds of thousands of dollars (or three minutes of Google’s ad revenue), but what price can you put on trust, eh Google.
It’s time for Google to be completely transparent and provide a comprehensive accounting of all of its past and present scanning and targeted advertising practices, particularly with regard to student data.
Google may have answers to some or all of these questions. But ordinary users – as well as schools, regulators, legislators, and businesses – will never know them if Google’s reluctance to provide meaningful information about its privacy practices persists. It’s deeply concerning, for example, that last week’s statement by Google on a critical student-privacy issue consisted of a mere three sentences. Unsurprisingly therefore, Google’s announcement has resulted in more questions than answers.
This pattern has been played out time and again: Google commits a privacy violation, attempts to downplay its significance through vague public statements and blog posts and then comes clean only after Google can no longer hide the truth because of litigation or pressure from national media attention. The company then purports to make a privacy protective change that is announced in the most narrow and ill-defined way, doing little to truly advance privacy concerns.
It’s time for Google to be completely transparent and provide a comprehensive accounting of all of its past and present scanning and targeted advertising practices, particularly with regard to student data. The privacy and security of young people deserves nothing less.