Protecting kid’s privacy in the classroom and beyond

iKeepSafe, the Internet Keep Safe Coalition is an organization that provides resources for parents, educators and policymakers who teach youth how to use new media devices and platforms in safe and healthy ways. Their vision – to see generation’s of children grow up safely using technology and the Internet to become full digital citizens.

They invited me to submit my thoughts for their blog. You can read it here – Protecting kid’s privacy in the classroom and beyond

I invite you to take a look at their website. It contains valuable resources on digital safety for parents and educators.


Educational technologies are always changing and this poses a great challenge to parents and educators as our main interest is to keep children safe but encourage the technology we think shall best support our young learners. The effective and cautious use of data can improve student’s’ school experience. It can ensure that each student is receiving the personalized instruction they rightly deserve.

But there are challenges in maintaining a safe environment for children when using educational software. It is imperative that parents are informed and involved in the decisions to allow their children to have accounts at educational websites. Reading Terms of Service, while tedious and uninspiring, is important. Bill Fitzgerald has a great primer on how to“triage” Terms of Service and Privacy policies. We must continually work at improving best practices and helping parents, educators and school districts understand their rights as digital citizens. We need a system that encourages and supports parents and students to be advocates for their privacy. For in their educational careers students will trip, fall and get up – and they must know that no one will punish them for this. We must build bridges of trust between parents, educators and ed-tech companies. We all need to be smart and read terms of service and privacy policies and decide whether they make sense, comply with COPPA and work for our children.

So what works for our children? Recently, a class of 5th graders wrote persuasive essays and one of the lines (amongst the many brilliant ones) was “Kids have brains.” The topic – “Should 10 – 11 year old kids have a Facebook account?” I was fortunate to be invited to their class to talk about Facebook, online safety and what they thought of their privacy. Kids can be more perceptive than we give them credit for, and in this conversation I learned that they are very much aware of how their information can be used.

Most kids did not think it was ok for them to have a Facebook account. Some worried about how safe it was while others didn’t want their information out “there” forever. Some said they should be allowed to have an account but had strong feelings about their parents helping them navigate the online world. Certainly eye opening. Others didn’t think adults cared about their privacy. They were surprised to know of the laws passed and debates taking place around the country. But the majority agreed that it is important for the right people to know information about them as students. As one student said “it’s useful if my teacher next year knows about me and how I learn because then they can help me.” Kids get it but they want a voice in the decision making process.

Protecting student data and privacy is a challenge. Let’s be smart and work together;, we have an opportunity to shift the conversation with students at the center of the discussion. It is the only way to protect kids. We can’t afford not to do so.

What is the Student Privacy Pledge?

More and more, students are using technology in school, from learning apps to online forums to class websites. And understandably, there is growing concern as to the efficacy of the privacy measures in place and the adequacy of the laws protecting student information. In response to this concern, two weeks ago the Future of Privacy Forum (FPF) and the Software & Information Industry Association (SIIA) introduced the Student Privacy Pledge, which commits school service providers to the secure handling of data for K-12 students. But what does this really mean?

Basically the pledge holds accountable school service providers to the following –

  • Not sell student information
  • No behaviorally targeted advertising
  • Use data for authorized education purposes only
  • Not change privacy policies without notice and choice
  • Enforce strict limits on data retention
  • Support parental access to, and correction of errors in, their children’s information
  • Provide comprehensive security standards
  • Be transparent about collection and use of data

As of today, 32 school service providers made the pledge to keep data secure and private. You can see the list here. This pledge comes at a point where, according to trade group estimates, the pre-K – 12 education sector generates approximately $7.9 billion annually. Schools are increasingly adopting data driven technologies for learning apps and software; technology that needs student data to operate efficiently. The revenue generating numbers obviously create skepticism that the pledge is an empty set of words and a mere PR move by companies because it is not a legally binding document. But if companies violate their own public representations they could be subject to enforcement by the Federal Trade Commission under deceptive trade practices (Section 5 of the FTC Act). This is important. And though some might want to dismiss this, the FTC has charged companies with either deceptive or unfair practices. And even if there is no legal action against a company we know that a strong group of voices criticizing a company’s policies can create tremendous damage to a company’s reputation. Some call this “App Store death”. This pledge makes school service providers accountable for student’s data whether it is collected by the school and then passed to the vendor, or directly by the vendor via an app used by a student. By taking the pledge companies are making a public commitment to students, parents and schools to ensure the safe use of student information.

And while there is no substitute for a strong federal law, the pledge does address some of the weaknesses in FERPA. For example, the pledge applies to all student and personal data whether it is viewed as an “educational record” or not. It also applies whether the data is collected through the school or by the websites and the apps students use. It applies whether or not there is a formal contract with the school. The pledge promotes the transparency we have been asking for; transparency that is necessary to build trust amongst all stakeholders to ensure widespread participation. Parents and students have been stating, “don’t just say you are protecting student privacy, show us you are.” And as a parent, I encourage pledge signatories to do just that. For without it users will mistrust ed-tech products, hampering their adoption to the detriment of all.

I think the greatest value of the Student Privacy Pledge is that it establishes a common baseline of privacy principles that the ed-tech industry did not have before. Let’s use it to remind companies of the responsibility they have towards students, data and privacy. And while this does not create a uniform federal law or strengthen existing privacy laws, it provides a good framework for lawmakers and encourages dialogue between parents, ed-tech companies, schools and other stakeholders to ensure student data is safeguarded. As a parent, I appreciate a document stating a uniform commitment being issued by vendors in their role as stewards of student data.

I hope that this encourages other firms to sign on to the pledge to demonstrate their duty to be responsible data “citizens”. It is an interesting list of signatories. It is worth looking at who has and who has not signed on. And if not, why not?

The pledge goes effective January 2015 but it operates under a rolling admissions policy so companies can sign on to it at any time – no worries. If anybody needs a pen to sign on to the pledge, I have one you can borrow.

 

  The choice to provide parental consent in education is not that simple

 

All parents want to keep their children safe and protecting their privacy falls under this premise. So when we talk about student data, a parent’s first reaction is “let me decide if I want my child’s information to be used by the school or not”; essentially deciding whether to opt out of data collection for school use. At first glance, the option of choice is obvious – let parents decide what data is collected about their children and what ought to remain private. But when we look at the issue more deeply we see it is not that simple. Not all data are created equal. If parents opt out, it can prevent schools from efficiently managing the day-to-day operations of such administrative tasks as dispensing free lunch to students and organizing bus routes. Furthermore, how will teachers help students learn without access to their histories, including detailed information about their special needs affecting their school performance?

We need to critically look at the implications of our choices and recognize that we cannot address privacy in education in a vacuum. The issues of equity and discrimination in our schools today cannot be addressed without adequate information. We must be able to clearly determine whether we are truly serving our students. How can parents be assured that our schools are addressing these issues if they have incomplete data sets? Providing parents with consent forms for every data collection issue in school runs the risk to protect some but not all. And we shouldn’t ask parents to be privacy auditors either. What if a parent cannot understand a complex school contract or simply does not have time to read it? We risk excluding students from beneficial educational programs and therapies, if information about them is not in the system. When wealthy parents fight to protect their children’s privacy, because their children have access to the same (or better) technology at home, they may in effect deprive lower income families of such access, since their only access to such technology is in school. We need to critically examine the role of consent and question how in our attempts to protect the privacy of some we leave others behind.

Which takes us back to student ownership of their data. As we continue to have conversations of privacy and consent on data collection we must shift our focus to include students in the decision making process. If we do not do that, we relegate them to being passive participants in their education in which education and privacy becomes something that happens to students instead of something that belongs to them. For it is their education, that is at stake. And the opportunities open to them over the rest of their lives will depend on the quality of the education they receive as children.

All students deserve the right to privacy but they also deserve access to the best education possible. If parents do not give consent to information being collected about students what opportunities are we inadvertently denying our children? It is their information – their education, and in making decisions whether asking for parental consent or not, we must make them with all students in mind.

 

 

 

California’s new student privacy law – A law that protects student data privacy and fosters technological innovation?

The Student Online Personal Information Protection Act (SOPIPA) or SB1177 was signed into law last week. It has been called the first in the nation law that strengthens privacy protections for the personal information of California students while permitting innovation in education and technology. There have been many student data privacy laws enacted in recent legislative sessions but many focus on either restricting the types of data collected or mandating states and/or school districts improve their governance and infrastructure to safeguard student information. But asking a school district to improve its infrastructure is easier said than done, especially without supplying the funds for implementation. And restricting data collection can veer into the path of limiting school operations and fail to serve its students.

SOPIPA is interesting in that the law places the responsibility for ensuring student data privacy on the ed-tech industry. It directly addresses the way online service providers and apps can collect and use student data. It is important to recognize that software applications need to collect data in order to personalize the service students receive but also to maintain student records for teachers to keep track of grades, student progress, reading records etc. It is also worth noting that the new law allows these service providers to use the data they have to improve their products but they cannot use the information for targeted or “behavioral” advertising. The law does not unnecessarily impede the use of data and technology, which can stall under more restrictive laws. This is what I find of great importance. This premise fosters innovation in education technologies by enabling service providers to use the de-identified data at their disposal to develop products beneficial to all.

And while all this is good news, SB1177 is far from perfect. I am pretty sure that by now you know I stand on the side of student ownership of data. And I am disappointed at the lack of control given to students (and their parents) particularly regarding the deletion and retention of their data. Students and parents need to have a voice in how their data is collected and used and for how long it shall be retained. What happens when privacy policies and contracts change? If we do not have student ownership in mind, whose best interests are we serving when a privacy policy is updated? Will the law support access to and correction of student information or is the burden, again, on the school districts to review student information and ensure its accuracy?

There are also some points that require clarification. For example, what does the law define as “k-12 purposes”? Besides the services used in schools does the term include apps used outside of school by students without the school’s knowledge? And even though COPPA applies to apps generally used by the “under 13” crowd does SOPIPA protect students’ data when they use apps outside of school but the app is an “educational” one? I don’t believe this is addressed, and if it’s not, it is inadvertently creating a grey area of how student data is protected in these cases. This is where an update of FERPA and a well-delineated Federal standard is necessary. There needs to be a blanket Federal Standard that will address these issues when necessary and eliminate ambiguity as much as possible.

SOPIPA is a significant step forward. It provides a framework for stronger protections for student data and with a different (and interesting) approach than other state bills. It provides a good framework for other states to use, and I hope they do. I am encouraged to see the legislature promote collaboration, but we must not forget students in the process.

And don’t worry, there is time to debate this endlessly – the bill’s provisions will not take effect until January of 2016.

 

 

Students, technology and privacy can coexist.

Kids love technology, it’s shiny, bright and does a lot of fancy things. In some schools technology has become as prevalent as pencil and paper. With the introduction of smartboards, computers and educational apps, technology has become a staple in schools throughout the country. It can be an important tool to help kids in school. Recently, I read an article about a 10th grader lamenting the lack of technology in the classroom. And while he made some valid points as to the usefulness of technology, the article read very much like a paid advertisement. He was a fervent advocate of using a tablet in school and how this made High School a fun experience. The excitement is contagious and I understand it. I have seen first-hand what adaptive technology can do to help students with disabilities. A child with dysgraphia can use a tablet to take a picture of the board instead of writing notes by hand. There are apps that can similarly serve to improve the educational experience of students with disabilities.

But we must take a step back and think critically how much technology is necessary to help students and that we are protecting their privacy when employing technology that compiles information about our students.

I am an advocate for using technology in schools. I do not advocate for increased screen time but quality screen time. So rather than collecting as much data as possible, I propose a smarter collection of data. And in our efforts to improve the available technology and products we must not allow students to become testers for these new products. Earlier this year, Common Sense Media asked the educational technology industry to develop tough national standards for personal data collected about students and this message needs to be acted upon. Schools also need to understand the contracts they enter with so that third party vendors are held accountable for protecting student data and their privacy. We need to recognize that in order to purposely use technology we shall have to integrate the information at our disposal.

Technology and privacy do not need to be mutually exclusive. We all have a shared responsibility to protect student privacy. Parents need to be engaged in their children’s learning and schools must learn how to safeguard student data to make use of technology in the classroom. Technology companies have an obligation to ensure the data they hold in their custody is not commercialized and that it is kept secure and with adequate privacy restrictions.

Technology can be a great equalizer in education. It can enable us to deliver to children in underserved schools the same educational opportunities their more affluent peers take for granted. Just as we have to exercise caution in protecting student privacy, we must be cautious that in enacting safeguards to protect student data we do not impede the use of valuable technology.

The key for us is to build good guidelines for implementing technological change in an evolving landscape; that we are mindful that students are the end users and beneficiaries of this technology. They stand to gain tremendous opportunities but can also lose them if the technologies are unnecessarily restricted. We must work together to integrate technology and privacy in education in a manner that is balanced so we can all reap the rewards.