Updated 2/4/2018: Based on requests, I am providing a version of this information under creative commons licence that districts can copy and add their district specific settings and provide to their community.
Updated on 12/19/2017 based on feedback and corrections from Kim Nilsson
This is a question that comes up quite frequently. There are significant differences between the consumer Google accounts that are familiar to many parents, and the G Suite for Education accounts that are used in schools. Two significant differences are in the My Account settings and in Google search results.
Schools may also find it helpful to refer to Google’s suggested Notice template for schools when gathering parent or guardian consent and to this page for the privacy practices for specific Google services
User Data Collection settings in User Dashboard and My Account
The Google Dashboard allows the user to see and manage the data in their Google Account. The “My Account” link under the user profile provides users the ability to review their account settings, and view and manage collected data. There are additional settings and activity views under the more-activity page. There are significant differences in the data collected between consumer Gmail and G Suite for Education accounts. Additionally, G Suite for Education administrators must manually enable non-education Google services. If a service (e.g. Google + or Blogger) is not enabled by the G Suite Admin, the user see will the following message and will be unable to access the service.
The following table compares the differences in the My Account settings between consumer and G Suite accounts.
Consumer Accounts | G Suite for Education Accounts | |
Services/Tools | ||
Security Checkup | Available | Available |
Privacy Checkup | Available | Available |
Find Your Phone(details) | Available | Available |
Signing in to Google | ||
Sign in with your Phone | Available | Feature requires the following to be enabled by the G Suite Admin
Web & App Activity Google Now for iOS and Android Also requires the Google app for mobile be installed |
Change Password | Available/User Editable | Available (See Note 1) |
2-step verification | Available | Available (See Note 2) |
Account recovery options | ||
Recovery eMail | Available/User Editable | Available if enabled by Admins (See Note 1)
Note This feature is not an option if domain is using Single Sign-On (SSO) or G Suite Password Sync. It also doesn’t work for users under the age of 18. |
Recovery Phone | Available/User Editable | See above |
Security Question | Available/User Editable | See above |
Device Activity & Notifications | ||
Recent security events | Available | Available |
Recently used devices | Available | Available |
Apps with access to your account
these are 3rd party services that the USER has given permission to access their account |
Available/User Editable | Available/User Editable |
Saved passwords | Available/User Editable | Requires the Chrome Sync service to be enabled by the G Suite Admin for the user(G Suite Core). |
Allow less secure apps | Available/User Editable | This setting is managed by the district Admin. |
Personal Info and Privacy | ||
Name | Available/User Editable | Editable by the G Suite Admin. Typically synced from a directory of student information system. There is a setting in the Admin control panel to allow/disallow users from editing their name |
NickName | Available/User Editable | Editable only if Google + is enabled by the G Suite Admin for the user. |
User Photo
Gmail setting |
Available/User Editable | Available/User Editable
There is a setting in the Admin control panel to allow/disallow users from editing their photo |
Phone | Available/User | Used with Hangouts, Google voice or an android device Present if the user has provided a phone # and is enabled (e.g. when verifying an installed mobile app) |
Birthday | Available/User Editable | Required for G+ service
There is a setting in the Admin control panel (Directory) to allow/disallow users from editing their birthday. For Education domains, birthday is never editable by end users except for in the Google+ upgrade flow, where it is always editable. Birthday is only shown to people the user connects with on Google. Private by default, sharing is controlled in the about me settings |
Gender | Available/User Editable | Required for G+ service
There is a setting in the Admin control panel (Directory) to allow/prevent users from editing their gender By default, gender isn’t shared with other people who use Google services |
About Me | Available/User Editable | Some information is restricted from editing |
Google + Settings | Available/User Editable | Data and setting is user editable only if G+ is enabled for user by the G Suite Admin. This is not permitted for users under 13
There is an Admin option to automatically create G+ profiles for users |
Shared Endorsements | Available/User Editable | Data and setting not present in G Suite for Education. Google does not use shared endorsements for G Suite accounts. G Suite Users will see a message saying “The setting you are looking for is not available for your account” |
Blocked Users | Available/User Editable | The Blocked Users option appears if ANY of the following services are enabled for the user by the G Suite Admin:
-Core: Hangouts -Non-Core: Google+, Photos, Maps, YouTube See here for details |
Location Sharing | Available/User Editable | OFF by default
Requires Location History service. This is a non-core service which is off by default and must be enabled by the district Admin |
Search Settings | Available/User Editable | OFF by default
Editable, but SafeSearch is frequently managed by district DNS settings, chromebook policies, content filters or other means and not editable in those cases Additionally, Google does not display ads or collect search data from Google searches from users that are signed in to a G Suite for Education account |
Manage your Google activity | ||
Activity controls | ||
Web & App Activity | Available/User Editable
OFF by default Web & App Activity stores your searches and other things you do on Search, Maps and other Google services, including your location and other associated data. |
OFF by default
Requires the Web and App activity service (including Chrome browsing history) This is a non-core service which is off by default and must be enabled by the district Admin. [As with all non-core services, schools are contractually required by the G Suite agreement to obtain parental permission for users under 18 for all non-core services] The screen has a setting: “Include Chrome browsing history and activity from websites and apps that use Google services” This additional setting cannot be enabled in G Suite for Education domains as indicated by the message “Based on your organization, this setting is disabled.”
Note this is not the same as the LOCAL browser history that may be stored on a user’s computer |
YouTube Search History | Available/User Editable
ON by default |
Requires YouTube service which must be enabled by the Admin
[As with all non-core services, schools are contractually required by the G Suite agreement to obtain parental permission for users under 18 for all non-core services] This is enable ON by default if YouTube is enable and the user creates an account |
YouTube Watch History | Available/User Editable
ON by default |
Requires YouTube service which must be enabled by the Admin.
[As with all non-core services, schools are contractually required by the G Suite agreement to obtain parental permission for users under 18 for all non-core services] This is enable ON by default if YouTube is enable and the user creates an account |
Device Information
Device Information privately stores your contacts, calendars, alarms, apps, music, movies, books, and other content. It also stores the status of your devices – for instance, whether the screen is on, the battery level, the quality and duration of network connections like Wi-Fi and Bluetooth, touchscreen and sensor readings, and crash reports. Information is visible only to the user |
Available/User Editable
OFF by default When this setting is on, information may be saved from any device that uses your Google Account User can review and delete information |
Available/User Editable
OFF by default When this setting is on, information may be saved from any device that uses your Google Account User can review and delete information |
Location History | Available/User Editable | OFF by default
Requires Location History service which must be enabled by the Admin [As with all non-core services, schools are contractually required by the G Suite agreement to obtain parental permission for users under 18 for all non-core services] IF enabled by the admin, the default is off and it must be enabled by the user. User can review and delete data |
Voice & Audio Activity
Activity from “OK Google” |
Available/User Editable
OFF by default |
OFF by default
There is no Admin control for this feature Can be enabled by the user. User can review and delete recordings |
Review activity | ||
My Activity | Available
My Activity show all activity collected based on the user’s settings for the following -Web & App Activity |
Available data is YouTube watch and search data and depends on the non-core YouTube service which must be enabled by the Admin |
Timelines in Google Maps | Available/User Editable | Requires the non-core location history service which is disabled by default in G Suite for Education and must be enabled by the Admin |
Google Dashboard | Available/User Editable | Available
Allows view, manage, export and delete data for many google services |
Ads Settings | ||
Ads Settings | Available/User Editable | Disabled and not possible to enable for G Suite for Education accounts. The user will see the following message when going to the settings page
“Ads Personalization is turned off for this Google Account – The option to personalize ads in Ads Settings is turned off for this account. That means that Google doesn’t use any information associated with this Google Account to target ads while you’re signed in to this account.” |
Control your content | ||
Download Your Data | Available | Requires the non-core Google Takeout service to be enabled by the G Suite Admin
[As with all non-core services, schools are contractually required by the G Suite agreement to obtain parental permission for users under 18 for all non-core services] |
Transfer your content | Available | Requires Google Takeout service , as well as an additional Takeout checkbox setting and requires external sharing to be enabled by the G Suite Admin in the settings for Google Drive more info |
Assign an account trustee | Available | Not available for G Suite for Education accounts |
Account Preferences | ||
Payments | ||
Payment Center | Available | Requires the non-core Google Payments service to be enabled by the G Suite Admin
[As with all non-core services, schools are contractually required by the G Suite agreement to obtain parental permission for users under 18 for all non-core services] |
Subscriptions | Available | Requires the non-core Google Payments service to be enabled by the G Suite Admin |
Payment Methods | Available | Requires the non-core Google Payments service to be enabled by the G Suite Admin |
Language & Input Tools | ||
Language | Available/User Editable | Available/User Editable |
Input Tools | Available/User Editable | Available/User Editable |
Accessibility | ||
Screen Reader | Available/User Editable | Available/User Editable |
High Contrast Colors | Available/User Editable | Available/User Editable |
Your Google Drive storage
Informational only, total storage in account |
Available | Available (Note that G Suite for Education accounts have unlimited storage) |
Delete your account or services | ||
Delete Products | Available to delete Gmail, YouTube, Google +
Provides link to download data |
Deleting Gmail is not an end-user option. Accounts can only be deleted or suspended by G Suite admin. User can delete profile data for YouTube, Google +. Deleted data is removed from Google systems-more detail is here
Provides link to download data |
Google Search Advertising and Tracking
Another key difference between consumer Google accounts and G Suite for Education accounts is the data collection and use in Google Search for signed in users. The screenshot below shows a consumer account’s search results for the term “Lego”. The page shows two ads shown before the actual search results and a sidebar of results from Google’s shopping service.
By contrast, the following screenshot shows a G Suite for Education account’s search results for the term “Lego”. The results show no ads and the sidebar includes only the “info box” for the Lego company and no results from Google’s shopping service
Notes
1-Admins can enable this password recovery option see this. If the district is syncing passwords via GAPS or using SAML, the user may have similar capabilities
2-Users can opt-in to 2 step verification. Admin can also require 2 step verification for specific accounts see here for details.
Methodology
G Suite Accounts: Testing was conducted using a 4 newly created accounts from a non-production G Suite for Education domain (each account had a variety of services enabled from only minimal Core G Suite services, not including hangouts or groups to an account with all core and non core services enabled and
Gmail Accounts: Testing was conducted with two accounts one newly created and one in active use for several years.
1 thought on “Privacy Differences between Consumer Gmail and G Suite for Education”
Comments are closed.