2 min read
Senator Al Franken has sent a letter to Google CEO Sundar Pichai asking some questions about Google's data collection practices. His letter raises some excellent questions, but there are two specific use cases that are left out that also need to be addressed. In a post from May 2015, I described some of the issues with how Google structures their terms for Google Apps for Education; these questions build on that post.
- If a student is logged into their GAFE account and accesses a non-GAFE service provided by Google, can data collected via the non-GAFE service be shared with ad and data brokers, like Doubleclick or Quantcast?
- If a student is logged into their GAFE account and accesses a 3rd party service that is integrated with GAFE, what student data can be accessed by that 3rd party vendor?
The focus on targeted advertising is important, but ultimately is too narrow. Targeted advertising is a visible manifestation of data collection and user profiling. While the presence of targeted ads let us know that some services are tracking users, larger potential harms accrue when people are invisibly profiled, with their data being shared with different brokers and combined with data sets from different sources. This should not happen within an educational context where students are legally required to attend.
It's also worth noting that while these specific questions focus on Google, comparable abuses of student data occur in many ecosystems that have a business plan based on 3rd party integrations.