The issue of consumer consent has taken center stage since the U.S. District Court in California accused Google of violating the federal Wiretap Act by scanning emails for targeted advertising. However, an unfolding story reveals that this same privacy policy also applies to Google’s education, business, and government cloud offerings. A recent exposé in Education Week highlights how Google, as part of its sworn testimony, admitted to mining student data to serve its own purposes, which includes using student data to show targeted ads to minors. While this revelation could suggest that Google is in violation of the Family Educational Rights and Privacy Act (FERPA), the fact that Google mines data from all of its services should not be a surprise. Why? Because, as Google states, when consumers use its services, they are consenting to its privacy policy, which gives Google the right to use and combine the personal information it collects to improve its services, develop new products, and display more relevant search results. This subsequently works to fund advertising.

With Google’s advertising business generating over 90 percent of its total revenue, advertising is the main service the company seeks to advance by gathering personal data from its users. As stated in court documents, Google’s business model relies on the collection of personal data, which can be monetized through ads in order to provide free services such as search and Gmail. While consumers do not have to purchase Google’s services, users do consent to the use of their data, in turn, “paying” for Google’s services with their information. This is a popular consumer business model, and the foundation for other leading online platforms such as Facebook and Twitter. The California case demonstrates that while Google claims to give notice and consent to collect personal information, Google’s customers are unaware that this same model also applies to Google’s seemingly more secure services in schools and businesses.

As a paying Google Apps for Business customer, I can verify that my business is bound by the same privacy policy used by consumers and education customers alike. In other words, by using Google Apps for Business, I have given Google permission to use all my corporate data, user profiles, location information for workers, documents stored in Drive, photos and corporate emails to improve its products, improve search, develop new products and show more relevant ads to employees. Bottom line: read your privacy policies, people! Business managers must read the terms of service and privacy policies for all their cloud services and understand the consent parameters. Ultimately, businesses must know that a consumer-oriented privacy policy could still apply, even if you are paying for a business cloud service.

A more troubling fact is that the same rules apply to Google Apps for Government. Numerous government agencies – including the GSA, the National Archives and the National Oceanic and Atmospheric Administration – have opted to use Google Apps for Government in the same way that schools use Google Apps for Education. Google’s admission to mining student data for advertising leaves me to conclude that this same data collection practice and monetization model applies to federal workers who use Google Apps for Government. I encourage all government workers using Google Apps to carefully examine their privacy policies. Don’t assume that because you are a government worker, your data is not being used for non-government purposes.  Your government agency may have given Google consent to your information without realizing the implications.

Which brings me to the final point of consideration – questioning the very act of providing consent. In the California case, Google maintains that users consent to data collection practices. That position may be defensible when talking about individual consumers, but what choice do students and employees have when their institution requires them to use that service?  If your school, business or government agency has signed up for an online service that mines user data for its own financial benefit, have you really been given explicit consent to the collection of your personal data? Just read your privacy policies, people! If you don’t think a privacy policy is appropriate, then say something to your management or IT staff. Students, businesses and government agencies should be able to use online and cloud services without compromising their institutional and private data. After all, that is what we should expect from a real privacy policy.

Doug Miller is an expert at edu.SafeGov.org, an online IT forum dedicated to promoting safe and secure online solutions for educational institutions. He has worked in the enterprise and government IT space for over 25 years. For the past 9 years, Doug has been the principal consultant with Milltech Consulting, a company focused on business and technical consulting in the areas of interoperability, migration and competitive strategy. Doug was formerly the CEO and co-founder of Softway Systems, the creators of the Interix UNIX subsystem and migration solution for Windows.