In a complaint to the US Federal Trade Commission (FTC), the Electronic Frontier Foundation (EFF) said the alleged practice broke both Google promises and trade rules.
It said Google products used in schools sent data to the company without first seeking parental permission.
Google said its tools complied with the law.
Google provides schools with Chromebooks and its Google Apps for Education (GAFE) products – a suite of cloud-based productivity tools.
It promises not to serve adverts on the apps and says that “users own their data, not Google”.
The products are designed to be a safe place for students to learn.
No adverts appear on the core apps in the suite:
According to the EFF, the Chromebooks are enabled by default with a feature to synchronise the Chrome browsers installed on them.
No express consent was sought, it alleged.
“This allows Google to track, store on its servers, and data mine for non-advertising purposes records of every internet site students visit, every search term they use, the results they click on, videos they look for and watch on YouTube, and their saved passwords,” it said in a statement.
In its complaint to the FTC, the EFF added that Google “uses [the data] for its own purposes such as improving Google products”. And it said Google used the data it collected to target adverts on the non-core apps.
EFF lawyer Nate Cardozo said the alleged practice contradicted the Student Privacy Pledge, to which Google is a signatory, and, therefore, represented a “violation of FTC rules against unfair and deceptive business practices”.
He said: “Minors shouldn’t be tracked or used as guinea pigs, with their data treated as a profit centre. If Google wants to use students’ data to ‘improve Google products,’ then it needs to get express consent from parents.”
‘Private and secure’
The EFF added Google had told it it would “soon disable a setting on school Chromebooks that allows Chrome Sync data, such as browsing history, to be shared with other Google services”.
It said: “While that is a small step in the right direction, it doesn’t go nearly far enough to correct the violations of the Student Privacy Pledge currently inherent in Chromebooks being distributed to schools.
“EFF’s filing with the FTC also reveals that the administrative settings Google provides to schools allow student personal information to be shared with third-party websites in violation of the Student Privacy Pledge.
“The ability to collect and potentially share student information follows children whenever they use Chrome to log into their Google accounts, whether on a parents’ Apple iPad, friend’s smartphone or home computer.”
A Google spokeswoman said: “Our services enable students everywhere to learn and keep their information private and secure.
“While we appreciate EFF’s focus on student privacy, we are confident that these tools comply with both the law and our promises, including the Student Privacy Pledge.”
An FTC spokesman has not responded to a request for comment.