EFF Files Complaint To FTC Alleging Google Using Chromebooks To Gather And Collect Student Information (Updated)

Today’s elementary and high school classrooms are trading in pencil and paper for a more digital solution that comes in the form of Chromebooks and iPads. With this continuing trend, the Electronic Frontier Foundation (EFF) started a campaign called “Spying on Students,” which aims to educate parents and school administrators about the potential dangers of these devices in the classroom. Google has been accused of endangering students’ privacy, and the EFF filed a report against the search giant to the Federal Trade Commission.

The EFF examined two of Google’s products -- the Chromebook and the cloud-based Google Apps for Education. The main issues comes from the Chrome web browser. By default, the Sync feature on Chrome is on when a school-supplied Chromebook is used, and the software doesn’t ask permission from the students or their parents.

According to the EFF, this allows Google to “track, store on its servers, and data mine for non-advertising purposes, records of every Internet site students visit, every search term they use, the results they click on, videos they look for and watch on YouTube, and their saved passwords.” In addition, the administrative settings provided by Google for these school-based Chromebooks allow the information to be shared to third-party sites.

But it doesn’t stop once the Chromebook is turned off. Because they log in to the Chromebook with their Google account, the data gathered can still carry over to any device where the student logs in with his or her Google username.

The EFF said that the alleged intrusion in privacy violates the Student Privacy Pledge, of which Google is a co-signer. The pledge dictates that companies “not collect, maintain, use or share student personal information beyond that needed for authorized educational/school purposes, or as authorized by the parent/student,” as well as prohibiting the sale of student information.

However, the same pledge also allows Google to obtain student personal information that is authorized by the school, teacher, parent or student. Granted, the company must disclose in a contract or privacy policy what types of personal information is collected, the purpose for the collection, and if it’s used by or shared with a third party.

By having the Sync option on by default in each new Chromebook, Google seems to break these rules, by not offering students a choice in the matter and collecting their information from the moment they log in to the device.

However, it’s taking some steps to remedy the problem. Google told the EFF it’s working on disabling the setting on school-provided notebooks that activates the Chrome Sync feature so that information isn’t shared with other Google services. In terms of Google Apps for Education, the company said that the service doesn’t show ads when a user opens one of the apps in the bundle (such as Google Docs, Gmail or Talk). However, a few popular apps, such as YouTube, Google Maps and Blogger, can show ads because they’re not part of Google Apps for Education.

Despite Google’s efforts, the EFF believes that the preventative measure isn’t going far enough in protecting the privacy of students. For now, the group posted two blog posts that teach parents and students how to adjust the privacy settings on their Google accounts and Chromebooks. We contacted Google for comment on the filing, and will update accordingly.

Update, 12/2/2015, 2:42pm PST: Google responded to the EFF's claims with a post by Jonathan Rochelle, the director of Google Apps for Education on the Google for Education blog. The company said it's confident that "our tools comply with both the law and our promises, including the Student Privacy Pledge, which we signed earlier this year," and also pointing out that The Future of Privacy Forum and The Software and Information Industry Association (co-authors of the Student Privacy Pledge) criticized the EFF's claims.

Google also reiterated the function of its classroom services. For Google Apps for Education, specifically its core services such as Gmail, Drive, Docs, and Hangouts, the personal data is used to provide the actual services so that students can communicate through Gmail or collaborate on a project with Google Docs. In addition, there are no ads in any of these services, and student data isn't used for advertising purposes.

In terms of Chrome Sync, Google stated that the feature is used so that students can quickly get to work on any system where they have to log in with their Google account, creating a personalized experience on any device. The company did state that certain data is collected from Chrome Sync, but information regarding individual users is removed before it's analyzed by the company in order to improve its services. Administrators, students and teachers can also disable Chrome Sync entirely, or hand-pick which information to sync with the feature.

Finally, apps that are not part of the Google Apps for Education suite, such as YouTube, Google Maps, and Blogger, can be blocked by schools so that they're inaccessible. Rochelle wrote, "We are committed to ensuring that K-12 student personal information is not used to target ads in these services, and in some cases we show no ads at all," citing Google Search as an example where no ads are shown when a student is logged in.


Rexly Peñaflorida II is a Contributor at Tom’s Hardware. He writes news on tech and hardware, but mostly focuses on gaming news. As a Chicagoan, he believes that deep dish pizza is real pizza and ketchup should never be on hot dogs. Ever. Also, Portillo’s is amazing.

Follow Rexly Peñaflorida II @Heirdeux. Follow us on Facebook, Google+, RSS, Twitter and YouTube .

  • thekyle64
    WHAT!!! Google knows what students watch on YouTube that's crazy!, it's like they own YouTube or something
  • hammereditor
    They own everything, including your life.
  • firefoxx04
    No really? Google only become one of the biggest companies in the world by collecting data!!! They dont charge for ANY of their services unless you are a business and people still wonder how they get so much money.
  • Achoo22
    That the policy states "educational/school purposes" instead of just "educational purposes" is evidence that Google is aware schools are using these devices as portable monitoring systems. Public schools are extensions of government control, subject to whatever whim current political fancy dictates. Witness: fingerprint and DNA collection and distribution, forced pledging/praying, etc. Google backtracking on a self-imposed directive isn't exactly new, either. The "do no evil" company doesn't think it's evil to rewrite hypertext links after clicking, such that the links you see on their webpage (printed or in tooltips) are not the links you actually click. I mean, seriously... they go to tremendous effort to masquerade tracking links as benign links. That, to me, is obviously, patently, the behavior of an Internet predator. And it's just one more example of Google's shady side.
  • ZolaIII
    Well if students are using the Web browser based OS & they don't know to use: security options, secure protocols & secure apps that actually tells us how pore their education is. Most of those Cromebuck's can run Linux where freedom lies anyway along with much more possibilities of use.
  • Avus
    They can use pen and paper and find stuff with print encyclopedia.These have no ads and secure protocols to worry about.
  • Chris Droste
    this sounds more like a complaint filed on behalf or ill-trained educators, thinking that just because it's cheap and simple it's not automatically doing a TON OF STUFF in the background to enhance user experience and having no clue how to properly tailor that configuration for the institutions' specific needs. is Google dancing a privacy/data collection line? What company isn't these days? also, i don't believe that "default on" means "malicious contempt for privacy" It's like showing me a pair of jeans that, by default are unzipped, then trying to sue LeviStrauss for deliberating exposing my private bits without consent. Unless they can prove that ChromeOS or their "educational use apps package" still mines PERSONALLY IDENTIFIABLE INFORMATION of the student when all the sync/save/retention options are turned off, I think this is a rather strange argument that's more akin to in-fighting than a watchdog catching a bad guy.
  • FranciscoRS
    Let me guess, the EFF is a foundation owned by Apple and/or Amazon and/or Microsoft. I have to call bullshit on this one guys, sorry.