Mississippi Attorney General Jim Hood has filed suit against Google for violation of the K-12 School Service Provider Pledge to Safeguard Student Privacy. The suit will work its way through the legal system and a judgement made based on its merit, but it is important to point out that the suit contains some important misunderstandings about the student privacy pledge.
The complaint alleges that Google violated the student privacy pledge because it collected information about students who are using general purpose services. The pledge, however, only applies to applications, services, or web sites “designed and marketed for use in United States elementary and secondary educational institutions.”
In addition, the complaint suggests that the pledge is violated because Google uses layered privacy policies (for its general purpose services and a more restrictive policy for its educational services) and educational websites related to its privacy policies (google.com/edu/trust). The pledge does allow for the use of layered policies and many privacy advocates and regulators have encouraged their use, and the use of additional educational tools for students, parents and teachers, as a manner of more clearly identifying the stipulations pertaining to student data.
As Google has worked with SIIA as a pledge signatory and provided services to schools around the country over the years, the company has striven to adhere to the high expectations of students, parents and educators. They have been consistent and transparent about their practices, including that student data is not used for the purpose of advertisements, that no ads are served in their education services, and that administrators can shut off access to non-education services at their discretion.
Enforcement of privacy promises is entirely legitimate and is an important element of the system of self-regulation the industry has adopted. But, it is also important to have a clear understanding of what the student privacy pledge actually says.