The ACLU recently concluded that school personnel fail to protect student privacy. http://www.educationnews.org/technology/aclu-says-massachusetts-schools-have-weak-data-privacy-policies/

We unknowingly produce data when consuming it on the Internet. Information inequality manifests as unknown unknowns (credit to Donald Rumsfeld). The business model for digital consumption puts data custodians in charge of data.

Because of FERPA deregulations, data custodians are much more than glorified janitors. As “school officials”/”authorized representatives,” they own the keys to the front door and can “free data” in ways we cannot control. In this dystopian relationship, we don’t even own a remote control to access our own data!

Data custodians are supposed to clean up platforms so they are secure. They are supposed to lock software backdoors so that malware cannot be introduced.

And we’re just supposed to trust self-regulation and privacy pledges! That’s like asking kindergarteners to peer-grade for spelling errors. How do we know whether data custodians really play by their rules?

Then there’s this little caveat in the privacy pledge:
Nothing in this pledge is intended to prohibit the use of student personal information for purposes of adaptive learning or customized education.

With artificial intelligence, a computer adaptively learns. Whether kids learn with algorithmic “customized” education (aka “teaching machines”/”robot teachers”) is another question. It may be possible algorithmic education rewires the brain and dismantles the capacity to apply and synthesize knowledge—especially for young, developing minds.

Are we prepared for the unknown unknowns of algorithmic education?

FERPA deregulations in 2008 and 2011 created a “free data” ecosystem with “free market” enterprise as the outcome. Where SOPIPA and its clones (including the Oregon Student Information Protection Act) fail is they are unenforceable.

Consider the conditional language:
“An operator shall (or may) not knowingly engage in any of the following activities…”

Switch that to: “An operator shall (or may) unknowingly engage in any of the following activities…”

Consider what I call the Google exemption clause:
“This section does not apply to general audience Internet websites, general audience online services, general audience online applications or general audience mobile applications, even if login credentials created for an operator’s site, service or application may be used to access those general audience sites, services or applications.”

Do we just trust software app developers and companies like Google? The Electronic Frontier Foundation maintains that Google violates its privacy pledge in an FTC complaint. SIIA says this is just “misunderstandings.” http://blog.siia.net/index.php/2015/12/some-misunderstandings-of-the-student-privacy-pledge/

The stakes are too high when EdTech data miners stake a claim on minors’ personal data. We have secrets. Are we entitled to a right to privacy? Should we © our identity to keep them private?

SOPIPA neither forbids nor entitles a parent either to access the operator’s output of the data or to order that it be sent to the tutoring service.