Google Workspace’s Privacy Policy Is Changing. Are You Ready?

Robinson+Cole Data Privacy + Security Insider

Google’s Workspace for Education will require school admins to independently approve all integrated third-party applications students use. Users under 18 cannot use their Google accounts to access third-party applications without consent configured in user settings. Access will terminate automatically on October 1, 2023. Google Workspace for Education’s Terms of Service does not cover third-party applications and may collect user information according to their privacy policies. Enabling third-party applications is as easy as having the account admin click “Confirm.” However, the legal requirements may not be as simple. Schools with students K-12 and any extracurricular, daycare, and other childcare organizations may need parental consent before allowing their children to access these services.

Privacy laws, including the Children’s Online Privacy Protection Act (COPPA), California’s Online Privacy Protection Act (CalOPPA), and the Family Educational Rights and Privacy Act (FERPA) restrict how organizations collect, process, and sell children’s data without parental consent. Additionally, third-party applications have historically been risky in terms of privacy practices. For instance, the Federal Trade Commission (FTC) famously fined a coloring book application for mining children’s data in violation of COPPA, and the Mozilla Foundation routinely calls out applications with substandard privacy practices in their Privacy Not Included series (which we’ve enjoyed before.)

K-12 schools and any other organization with users under the age of 18 may consider taking this opportunity to audit the third-party applications used by their students. Often, organizations add these applications on an as-needed basis without going through a regular review process. While handy in the moment, this ad-hoc approach may allow apps with substandard privacy practices to creep in. With children’s data – and hefty fines – at stake, wise institutions may take the time to be proactive rather than reactive.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide