Possible Solutions
States have begun to take action to enhance digital privacy protections for students. For example, Kentucky recently enacted HB 232 bans ed-tech service providers from processing student data for any purpose other than providing, improving, developing or maintaining the integrity of the service. This type of prohibition is imperative in order for parents and students to feel comfortable using new digital learning tools. According to Politico, "in the past five months, 14 states have enacted stricter student privacy protections, often with overwhelming bipartisan support, and more are likely on the way."
Sens. Edward Markey (D-MA) and Orrin Hatch (R-UT) recently introduced a discussion draft legislation titled, "Protecting Student Privacy Act." According to the press release, "The draft legislation would ensure that students are better protected when data is shared with and held by third parties." While new federal legislation is a step in the right direction since uniformity across the country is preferred by most stakeholders, I believe an update to the terms "education records" and "personally identifiable information" to account for the increased capturing of student data in a digital format is needed to ensure that children are better protected from companies that put profits ahead of student privacy.
InBloom's demise and Google's recently exposed student data mining practices have brought greater attention to student privacy and the need for stronger regulations and laws that prohibit ed-tech providers from utilizing student data for commercial purposes which may include behavioral advertising, digital profiling and other exploitation. Ed-tech vendors must incorporate Privacy by Design into their platforms and commit to making student privacy a priority and not an afterthought. The bottom line is that students, parents, teachers, privacy professionals, lawmakers, state attorneys general, the FTC and the ed-tech industry must work together to ensure that student privacy is protected in the Digital Age.
17 June 2014
The Plight of Student Privacy in the Age of Ed Tech
![Default Article Featured Image_laptop-newspaper-global-article-090623[95].jpg](https://images.contentstack.io/v3/assets/bltd4dd5b2d705252bc/blt61f52659e86e1227/64ff207a8606a815d1c86182/laptop-newspaper-global-article-090623[95].jpg?width=3840&quality=75&format=pjpg&auto=webp)
Related stories
US President Trump signs state AI executive order, legal questions remain
Notes from the IAPP Canada: Facial detection digital ads cause stir, but why?
Employee monitoring in the US and Canada: What employers need to know
'Privacy, Please!' Lorrie Cranor on why she wrote a privacy book for 4-to-6-year-olds
COPPA 2.0, KOSA among 18 children's online safety bills advanced by US House subcommittee
Some privacy advocates have breathed a sigh of relief since hearing of the demise of
, an organization that was created in 2011 to store and aggregate a wide range of student information to be used by classroom educators. The merits of inBloom's mission can be debated until its advocates and detractors are blue or red in the face. Regardless of whether one is for or against inBloom, or its future progeny, the real win here is that student privacy is now part and parcel of the education technology (ed-tech) conversation.
Protecting the personal privacy of students has gained national attention due to the issues surrounding inBloom combined with several high profile
. Compounding the privacy challenges facing students is that the Family Educational Rights and Privacy Act (FERPA), which aims to protect the privacy of students and their families, has not been updated to account for the issues inherent in the Digital Age. The
, along with other privacy advocates, has alleged that the Department of Education actually weakened FERPA in 2011.
In fact, weakening student privacy protections at the dawn of the age of Big Data, the cloud, mobile apps and social media appears to have led to a situation where some companies
to schools and in return student information may be data mined for profit. A recent
"examination of hundreds of pages of privacy policies, terms of service and district contracts” found “gaping holes in the protection of children’s privacy.”
Earlier this year,
Education Week
reviewed the ongoing
, a case that began in 2010 seeking damages on behalf of Gmail and Google Apps for Education users and those whose messages were sent to Gmail based services and made some very startling discoveries. The most troubling was that
"scans and indexes the e-mails of all Apps for Education users for a variety of purposes, including potential advertising, via automated processes that cannot be turned off—even for Apps for Education customers who elect not to receive ads."
Google's admission in federal court and its confirmation to the media about its practices created such a huge media firestorm that within weeks after this information became public,
that it would no longer scan the e-mails of students who utilize Google Apps for Education for advertising purposes. While this announcement was a step in the right direction, why did it take an international media feeding frenzy for a change to a policy that should have never been implemented in the first place?
According to an
Education Week
report, in response to Google's about-face regarding its student e-mail scanning policy,
, "Google can change this policy at any time, and the scanning disclaimer is associated with advertising purposes only … ‘There may be other commercial uses that they are exploiting student data for’ … such as selling information to textbook publishers or test-preparation services."
New technology sometimes creates situations that were never imagined when FERPA was enacted 40 years ago. For example, when students utilize new digital learning tools offered through their schools is the metadata (the information associated with a student's use of the digital learning service) that may be created by student usage considered an "education record" and thus protected from being data mined for advertising purposes? According to
, “I don’t think it’s necessarily an easy decision, what is and what is not the ‘educational record’ ... It’s very contextual. A lot of metadata won’t fit as an educational record.” This uncertainty demonstrates the need for stronger privacy laws that better protects the personal privacy and digital emissions of students.
