Zotero Google Docs Integration privacy concern

jfbeatty
My library wants to promote Zotero integration with Google Docs to our faculty and students. However, there has been a privacy concern raised.

The first time one tries to use Zotero in Google Docs, an alert comes up that "Zotero Google Docs Integration wants to access your Google Account. ... This will allow Zotero Google Docs Integration to: View and manage your Google Docs documents." Clicking on information button next to that last sentence indicates that this covers "Create new documents; View and modify existing documents; Share documents with other."

Can Zotero be more precise about just what data this involves? I believe the real concern is the possible exposure of private student information.

The person raising the question has read the Zotero privacy policy at https://www.zotero.org/support/privacy but felt it did not cover the particular case of Zotero Google Docs Integration.
  • adamsmith
    Zotero would not be able to change the message appearing in the alert -- that's provided by Google and Google's APIs doesn't provide more fine-grained messages/permissions. The warning displayed when installing the Zotero Chrome connector sounds even more ominous, btw., for exactly the same reason.

    Do I understand correctly that you'd be reassured if Zotero added a sentence about this to its own privacy policy?
  • dstillman
    The privacy policy outlines the data we collect and what we use it for. In this case, we don't collect any information, so there's not really much to say.

    The Zotero Connector needs permission to modify the document in order to generate citations, and as adamsmith says there's no finer-grained permission for us to use. The plugin doesn't do anything with other documents. This integration works entirely locally on your computer, so even for the documents you use the plugin with nothing is being sent to us.

    We can add a section to the privacy policy that explains the permissions prompts that are shown for the browser extensions and Google Docs.
  • jfbeatty
    Thanks for the quick responses. My colleagues here agree that adding a section to the privacy policy will be sufficient to reassure them.
  • dstillman
    We've added a section to the privacy policy about the permissions warnings for the Zotero Connector and Google Docs integration. Again, there's no new information here, because the privacy policy already documented the data we collect, and we're not collecting data in either of these cases. These prompts are just giving Zotero the permissions it needs to perform its advertised functions.
Sign In or Register to comment.