Google's decision to end its practice of scanning student emails for advertising purposes -- and to make "similar changes" for all Google Apps customers -- is a major victory for privacy but raises new questions.
Google announced in a company blog post April 30 that it will end its practice of scanning student emails for advertising purposes and will stop displaying ads to Google Apps for Education customers. This is a major victory for privacy advocates who have been calling on Google for years to keep its advertising interests separate from its education products.
As the announcement explicitly states, "Google cannot collect or use student data in Apps for Education services for advertising purposes." But Google also said that it is "making similar changes for all our Google Apps customers, including Business, Government and for legacy users of the free version."
Although the announcement is an important step, it raises questions about the company's practices in the past -- and for the future. Will Google stay committed to the "free" education space when it can no longer monetize student data?
Data mining government emails As part of the announcement, Google said it will no longer collect or use data for advertising purposes from its Google Apps for Government customers. This admission raises some critical questions concerning Google's past privacy practices. For example, has Google been using government data collected from its Google Apps users for advertising purposes all along? What will happen to the data that was collected in the past? Will the company keep it or remove it from its servers?
What does this mean for federal CIOs? The bottom line for federal CIOs is the importance of reading the terms of service and privacy policies for all services and devices. If the terms are not appropriate, federal CIOs should negotiate new conditions or look for alternative offerings.
This is particularly important when considering new offerings or developing BYOD policies. Under no circumstances should data be used for purposes that are not directly related to delivering the offering.
What about Android? Google's Android operating system has grown to be the dominant mobile device platform in the market. Android phone and tablet customers include government workers, business users, and students. Google's terms of service cover these devices as well. The terms give Google broad rights to use all data that passes through an Android device to improve its search offering or develop new services.
This open-ended license is over-reaching for consumers, and it is definitely unsuitable for government, business, and education users. Mobile communications and content stored on or passing through mobile devices should remain private.
New era for privacy With the collapse of InBloom last week and Google's announcement last week, privacy activism has been brought to the forefront. Simply put, privacy is having a real impact on how businesses operate and treat private user data in the cloud.
Google's announcement is a step in the right direction, but much more needs to be done to address government, business, and education users' expectation of privacy. Using cloud services and mobile devices should not result in a loss of privacy or a misuse of data. We hope that Google's announcement is the first of many steps toward restoring real privacy.
The NSA leak showed that one rogue insider can do massive damage. Use these three steps to keep your information safe from internal threats. Also in the Stop Data Leaks issue of Dark Reading: Technology is critical, but corporate culture also plays a central role in stopping a big breach. (Free registration required.)
Doug Miller is Vice President at SafeGov.org, an online IT forum dedicated to promoting safe and secure cloud solutions. He has worked in the enterprise and government IT space for more than 25 years. For the past nine years, Doug has been the principal consultant with ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Cybersecurity Strategies for the Digital EraAt its core, digital business relies on strong security practices. In addition, leveraging security intelligence and integrating security with operations and developer teams can help organizations push the boundaries of innovation.