Comment: The danger of private companies spying on British schoolchildren
By Jeff Gould
The recently revived debate over the UK's draft communications data bill and its so-called snoopers' charter raises justifiable concerns about government attempts to monitor citizens' internet browsing behaviour and email correspondence with the cooperation of private companies.
The collection of data and the subsequent potential to engage in profiling or mining of that information is indeed a powerful tool and not just for surveillance. Some of the world's most successful companies have built their business models around data mining users' online activity, generating billions in profits. It's clear that governments and companies alike are benefiting from citizens' willingness, or simply the necessity, to produce and share data.
But what about when private companies are profiting from data that isn't shared willingly – or at least isn't shared with the understanding that it will be mined to build profiles for purposes such as ad serving?
One key example of this is schoolchildren. Technology companies are moving rapidly to get tools like email and document creation services into schools. A recent survey of schools in the UK shows that use of such technology is expected to bring significant educational and social benefits. However, the same survey also reveals that schools have deep concerns that providers of these services will mine student emails, documents or web browsing behaviour to build profiles for commercial purposes, such as serving advertisements. Respondents equally object to the idea that serving online ads to children while in school should ever be an option. However, UK schools admit to a conflict of interest regarding student privacy – 47% say they might be tempted to trade student privacy for free or lower cost services.
When data mining is done for profit, the relationship between the data miner and the consumer is simply a market transaction. As long as both parties are free to choose whether and when they wish to engage in such transactions, there is no reason to forbid them or place undue obstacles in their path. But consumer protection laws in Britain, Europe and the United States have long recognised that transactions between large, powerful firms and isolated, often poorly-informed consumers can sometimes be unfair. A vast body of regulation has grown up to defend consumers from firms that misinform or deceive purchasers about the true value of the goods and services they peddle.
The European Union's data protection laws – although not, strictly speaking, part of consumer protection law – nevertheless serve a similar purpose. Such regulations apply even when the services offered are free – because of course nothing is really free. In the case of free internet services based on data mining, the price is paid in the coin of the user's readily-mined personal information.
How much or how little regulation is required to make the transactions between giant data mining firms and individual consumers fair? It all depends on which consumers we're talking about. For adults, the EU's data protection laws get it about right – data mining can only be conducted for specific and legitimate purposes, the user must be told exactly what those purposes are and what data will be used, and offered the opportunity to opt-out. For children acting under the informed supervision of their parents, a slightly stricter version of these rules is appropriate.
However, when neither children nor their parents can consent to, control or even properly understand the data mining that is taking place, these practices simply should not take place. In assessing data mining, UK schools have taken the proper measure of the risks and come out strongly against it. It seems clear, therefore, that a line needs to be drawn when companies in the business of data mining for profit are providing services (often under the guise of 'free') to more sensitive user populations like schoolchildren. British parents and education authorities should listen carefully to this message and take steps to see that the almost limitless power of data mining is not unleashed on children in school.
Jeff Gould is president of SafeGov.org. He has over 25 years’ experience in the technology industry, holding executive roles in Europe and the United States and has served as an advisor to leading technology firms, governments and institutional investors. At SafeGov, Jeff has worked extensively in the area of European, US and Asian online privacy regulations and interacts regularly with data protection regulators around the world.
The opinions in politics.co.uk's Comment and Analysis section are those of the author and are no reflection of the views of the website or its owners.