Many schools require children to use apps on the cloud, and as a result privacy groups are asking the cloud providers to promise better privacy protection. On September 23, 2013 SafeGov.org issued a Report about EU data privacy for students which among other things that among other things stated that the:
…advertising-oriented cloud services may jeopardise the privacy of data subjects in schools, even when ad-serving is nominally disabled.
The Report identified these threats to student “… online privacy occasioned by the use of such services in the school environment include the following”:
Lack of privacy policies suitable for schools: By failing to adopt privacy policies specifically crafted to the needs of schools, cloud providers may deliberately or inadvertently force schools to accept policies or terms of service that authorise user profiling and online behavioural advertising.
Blurred mechanisms for user consent: Some cloud privacy policies, even though based on contractual relationships between cloud providers and schools, stipulate that individual data subjects (students) are also bound by these policies, even when these subjects have not had the opportunity to grant or withhold their consent.
Potential for commercial data mining: When school cloud services derive from ad-supported consumer services that rely on powerful user profiling and tracking algorithms, it may be technically difficult for the cloud provider to turn off these functions even when ads are not being served.
User interfaces that don’t separate ad-free and ad-based services: By failing to create interfaces that distinguish clearly between ad-based and ad-free services, cloud providers may lure school children into moving unwittingly from ad-free services intended for school use (such as email or online collaboration) to consumer ad-driven services that engage in highly intrusive processing of personal information (such as online video, social networking or even basic search).
Contracts that don’t guarantee ad-free services: By using ambiguously worded contracts and including the option to serve ads in their services, some cloud providers leave the door open to future imposition of online advertising as a condition for allowing schools to continue receiving cloud services for free.
Computerworld reported that a SafeGov.org spokeswoman stated:
We think any provider of cloud computing services to schools (Google Apps and Microsoft 365 included) should sign up to follow the Codes of Conduct outlined in the report.
The cloud privacy issues identified in this Report present no surprises. Even though the Report is focused on students in the EU, clearly the privacy issues impact students world-wide. What the cloud providers to do remedy the situation will be interesting to follow.