If there’s one place where Google’s low-cost notebooks running Chrome have caught on, it’s in schools: 3.4 million Chromebooks were shipped to the educational sector in 2014, with the majority of those ending up in the hands of students.
The Electronic Frontier Foundation claims that Google is using those laptops for collecting and data mining personal information from the school children who use them, in violation of both Google promises and FTC rules against deceptive business practices. The EFF filed the complaint with the U.S. Federal Trade Commission on Tuesday.
The EFF’s complaint centers around Google’s Chrome Sync feature, which can be found on desktop Chrome browsers as well as on Chromebooks. The feature allows users to ensure they’ve got the same browser setup regardless of which computer they’re on, and in order to sync settings across the Internet, Google needs to upload those settings to its servers. But according to the EFF, it also allows Google to store student browsing data on its servers, and it’s turned on by default on Chromebooks sold to schools.
From the EFF announcement:
While Google does not use student data for targeted advertising within a subset of Google sites, EFF found that Google’s “Sync” feature for the Chrome browser is enabled by default on Chromebooks sold to schools. This allows Google to track, store on its servers, and data mine for non-advertising purposes, records of every Internet site students visit, every search term they use, the results they click on, videos they look for and watch on YouTube, and their saved passwords. Google doesn’t first obtain permission from students or their parents and since some schools require students to use Chromebooks, many parents are unable to prevent Google’s data collection.
Google is a signatory to the Student Privacy Pledge, along with Microsoft and Apple, its primary competitors in the educational market. The pledge includes commitments to not use data gleaned from student computers to target advertising. Chromebooks in schools are usually paired with Google Apps for Education, a product that customizes services like Gmail and Google Drive for schools.
UPDATE (December 2, 5:30 pm) Google pushed back against the EFF complaint that its Chromebooks and apps violated student privacy in a blog post. “Students’ personal data in (Google Apps for Education) Services is only used to provide the services themselves, so students can do things like communicate using email and collaborate on assignments using Google Docs. There are no ads in these Core Services, and student data in these services is not used for advertising purposes,” wrote Jonathan Rochelle, a director at Google.
Google does not display ads or collect data in any of the core apps in the Google Apps for Education suite, including Gmail, Google Drive, Calendar, and Sites. Last year, Google stopped scanning student Gmail accounts over concerns that the practice violated wiretap laws.
Instead, the EFF’s complaint focuses on three possible violations of the Student Privacy Pledge. First, it believes that student personal information about use of noneducational Google services is collected. Second, that Chrome Sync is turned on by default, allowing Google to collect “students’ entire browsing history and other data.” Its last complaint relates to settings that allow system administrators to share “student personal information with Google and other third-party websites.”
However, the Future of Privacy Forum, one of the creators of the Student Privacy Pledge, doesn’t agree with the EFF’s conclusions. “We have reviewed the EFF complaint but do not believe it has merit. Chrome Sync is a setting within the control of the school IT administrator, and can also be changed by parents or students. This feature allows students to log in at home or at a library and have access to their school bookmarks, favorites and other settings,” Executive Director Jules Polonetsky wrote in a statement. “We don’t believe the complaint raises any issues about data use that are restricted by the Student Privacy Pledge.”
“While we appreciate EFF’s focus on student privacy, we are confident that these tools comply with both the law and our promises, including the Student Privacy Pledge,” a Google (GOOG) spokesperson said in a statement provided to Fortune.
In a blog post, the EFF says that Google told it that it plans to disable the settings that allow “Chrome Sync data, such as browsing history, to be shared with other Google services.” If Google is following the spirit if not the letter of the Student Privacy Pledge, many of the EFF’s complaints may be mollified by similar settings tweaks. Still, it’s hard to take minors’ privacy too seriously, especially since many students have no alternative to using school-issued computers.
For more on Google’s track record on privacy, watch this Fortune video:
Subscribe to Data Sheet, Fortune’s daily newsletter on the business of technology.
