Privacy | Features
- By Dian Schaffhauser
In late January when Google announced that it was replacing 60 different privacy policies across its multiple sites and services with a single one, you might have thought Congress had taken up SOPA and PIPA again. That's how loud the outrage was from much of the social galaxy, as reflected in this Gizmodo headline: "Google's Broken Promise: The End of 'Don't Be Evil.'" Other observers, such as Forbes "privacy pragmatist" Kashmir Hill, questioned what the big deal was; after all, she wrote, Google wasn't changing much other than how it targets ads to users and creates new innovative services: "Using information from Gmail to suggest more appropriate YouTube videos or reminding an Android smartphone user that they have a Google calendar appointment in a half hour on the other side of town doesn’t strike me as the work of Lucifer."
At the same time Google has rewritten its terms of service, which explain the legal terms referred to in the policy and lay out how it will treat the material, such as YouTube videos, submitted by users.
Besides legal clarity the company said it hopes to use the new policy in order to "create one beautifully simple, intuitive user experience across Google." If, for example, you've been sending emails in Gmail to your spouse about fuel efficiency and different types of engines, watching YouTube videos about how to negotiate with car salesmen, and you're logged in and search on "Jaguar," Google wants the ability to deliver search results focused more on the car and less on the animal. Likewise the company wants to be able to show you ads about car dealerships and not include ads about a safari in Africa.
Behind the scenes, the data accumulated through your use of Picasa, Google Plus, Mobile, and Alerts will finally be put to some better use than keeping the storage experts on the data center staff gainfully employed. "I think it's exciting because we're going to be able to improve the services that we already offer our users," company spokesman Tim Drinan noted. "Because of all the information they've already provided, we'll now be able to connect it more consistently."
Getting Outside the Box (of Google Apps for Education)
When a school signs up for Apps for Education, a free service, what it's really getting is the core productivity suite: Gmail, Calendar, Docs, Sites, Video Search, and Groups.
Most schools tend to keep the official services to email and documents. Likewise, they don't expose their users to Google advertising. That's an additional control that Google makes available specifically in Google Apps for Education.
The Question about FERPA
Still, schools are in a wait-and-see attitude regarding the latest change. "To date this seems to have minimal impact for educational customers," said Wendy Woodward, director of Technology Support Services for Northwestern University. "We will continue to monitor any service changes that may impact the services that are provided to our community and take action as required."
Steve McDonald, Rhode Island School of Design's general counsel, says FERPA as it relates to Google's new use of data is the big area of concern for him. The Family Educational Rights and Privacy Act protects the privacy of student records by giving parents certain rights regarding their children's education records, rights that transfer to the student when he or she reaches the age of 18.
Under FERPA, said McDonald, a school can outsource the processing of education records, which may include email, since that's frequently from or to a student. But that outsourcing can only happen if the service provider is subject to the same terms the school is subject to. That's why the standard agreement for Apps for Education explicitly states that Google will be considered a "school official and will comply with FERPA" for the purposes of being able to work with education records.
Under the agreement, Google can use the student data for email; the company can scan it for spam or viruses. What they can't do, said McDonald, is data mine the information.
When McDonald was negotiating the agreement with Google for Google Apps for Education for his school, he put the question: "Are you going to data mine it?" Their reply: "Oh, we're not serving ads--don't worry about it.'" His response to Google: "We understand that; but are you data mining it and correlating it through cookies that aren't part of that, because that would be the same problem. You'd be using our data for your own benefit. Under FERPA you can't do that."
"Which would suggest to me," he added, "that they do plan to get in and data mine all that stuff. That would be a problem. If we're providing the information, that's a problem."
What McDonald said he fears is that a student will log into a school account and access non-core services that don't fall under the Apps for Education agreement, and then Google will use that as a backdoor route to also reach in and look at the FERPA-protected data as well.
"It may be they're doing that. It may not be they're doing that," he said. "I just haven't seen a definitive answer on that."
First, users can remain logged in but use many of the existing privacy controls built into the services. For example, said Drinan, "You can view your search history at google.com/history if you have an account. You can delete individual items you've searched for or your entire history, or you can pause the collection of your search history temporarily or permanently. The same thing is true with YouTube video history. A preferences manager lets you turn off ad personalization entirely or edit the interests that you receive ads about. You can have your Google Chats off the record. You can use incognito mode in Chrome. There are many, many tools already available for privacy."
Second, users can set up multiple accounts. "If you never want your jaguar videos associated with your jaguar searches, just create a separate account to use with your YouTube videos," Drinan said.
Third, users can stick with the services that are public--YouTube, search, Google maps. "You don't have to be signed in to use them," Drinan said.
Ultimately, the company asserted, privacy isn't a policy; it's a practice, and the more intuitive that practice, the more likely it is users will participate in setting their own levels of privacy comfort.
"It boils down to, do users actually have control over their privacy and information? The answer is yes," Drinan said. "Do they have less under the new policy? No. Because we're not collecting any new information, and we're not sharing the information with anybody new. We're only taking the information you've shared with us and connecting it better to serve you."
Some observers still aren't persuaded. Getting students to dig into Google services to configure privacy settings will probably never be easy. Also, it may be that users don't want Google to better target their unique needs. "They said, 'Hey, this is great, because we can tell you're going to be late for a meeting based on your location and your calendar and your traffic in your area.' They thought that was a good thing," McDonald said. "It seemed kind of scary to me."