Google announced in a company blog post April 30 that it will end its practice of scanning student emails for advertising purposes and will stop displaying ads to Google Apps for Education customers. This is a major victory for privacy advocates who have been calling on Google for years to keep its advertising interests separate from its education products.
As the announcement explicitly states, "Google cannot collect or use student data in Apps for Education services for advertising purposes." But Google also said that it is "making similar changes for all our Google Apps customers, including Business, Government and for legacy users of the free version."
Although the announcement is an important step, it raises questions about the company's practices in the past -- and for the future. Will Google stay committed to the "free" education space when it can no longer monetize student data?
Data mining government emails
As part of the announcement, Google said it will no longer collect or use data for advertising purposes from its Google Apps for Government customers. This admission raises some critical questions concerning Google's past privacy practices. For example, has Google been using government data collected from its Google Apps users for advertising purposes all along? What will happen to the data that was collected in the past? Will the company keep it or remove it from its servers?
[Big data raises serious privacy concerns for the Obama administration. Read White House Big Data Report: 5 Privacy Takeaways.]
What does this mean for federal CIOs?
The bottom line for federal CIOs is the importance of reading the terms of service and privacy policies for all services and devices. If the terms are not appropriate, federal CIOs should negotiate new conditions or look for alternative offerings.
This is particularly important when considering new offerings or developing BYOD policies. Under no circumstances should data be used for purposes that are not directly related to delivering the offering.
What about Android?
Google's Android operating system has grown to be the dominant mobile device platform in the market. Android phone and tablet customers include government workers, business users, and students. Google's terms of service cover these devices as well. The terms give Google broad rights to use all data that passes through an Android device to improve its search offering or develop new services.
This open-ended license is over-reaching for consumers, and it is definitely unsuitable for government, business, and education users. Mobile communications and content stored on or passing through mobile devices should remain private.
New era for privacy
With the collapse of InBloom last week and Google's announcement last week, privacy activism has been brought to the forefront. Simply put, privacy is having a real impact on how businesses operate and treat private user data in the cloud.
Google's announcement is a step in the right direction, but much more needs to be done to address government, business, and education users' expectation of privacy. Using cloud services and mobile devices should not result in a loss of privacy or a misuse of data. We hope that Google's announcement is the first of many steps toward restoring real privacy.
The NSA leak showed that one rogue insider can do massive damage. Use these three steps to keep your information safe from internal threats. Also in the Stop Data Leaks issue of Dark Reading: Technology is critical, but corporate culture also plays a central role in stopping a big breach. (Free registration required.)