Reader friendly privacy policies are possible

 

 

This school year has certainly been an adventure for my family on some many levels, and I am tickled every time my kids come home with a new school letter informing me of the new app/software/technology they are using. Of course, everything that comes home is received with a healthy dose of skepticism from me. I read the flyer, peruse the app website, read the privacy policy and then get mildly annoyed at the incomprehensible language on privacy policies and sometimes give up when I can’t, for the life of me, find such information.

So when my third grader came home with a teacher’s letter that stated she had been signed up for a new app in school meant to “excite and encourage kids to read” I was less than enthused. I took a deep breath and went to the website to see what this was all about. And I was pleasantly surprised.

For starters, the privacy policy link is easy to find. That makes a big difference because every little thing matters, and it makes for a much better user experience. Once I pulled up their privacy policy I began to read it.

Of course, I was bracing myself for pages and pages of legal terms and complicated policies but that was not the case here! This app has one of the most user friendly privacy policies documents that I have seen in a long time.

I was encouraged when I began to read their privacy policies. The first three paragraphs help build my confidence as a user / parent and clearly explain what the company does and what their approach to privacy is. Not wasting time, in the second paragraph, the company laid out why they take extra precautions when signing up kids for their software. They explain that because the platform is meant for children 13 and younger they need to make sure that appropriate security and privacy practices are in place. They continue and explain that they need to comply with COPPA and include a link to the COPPA website. Further, it reminds us, parents, that we need to talk with our children about online safety and to stay involved in the kid’s online activity.

I really like how easy the document is laid out, it has short and easy to read paragraphs. All the sections have a heading in bold from what they are using cookies to through IP information and other information they collect. They clearly state how the student information is stored and they clarify that they encrypt all PII whenever it is transmitted.

Most of us have legitimate concerns of how our data is transferred to an unknown party in the case of a sale, merger or bankruptcy situation and most privacy policies do not explain clearly how data is handled in these cases. However, in this case, the company clarifies that even though the data may be transferred or sold they will notify you about this change before transferring any information and states that you may decide to continue or discontinue the service at that time. They do note that it is our own responsibility to check back regularly in case the privacy policies change (and that is fair) but they also state that if any material changes to the policy are made, they will seek consent via email before the changes become effective.

Is this the perfect privacy policy? No, not at all. But it is a marked improvement from many others I have read. What strikes me every time I read a privacy policy is that the language is so difficult and the document is so long that no one reads them. This privacy policy is 5 pages long (I printed it) and it’s in pretty decent font! It is easy to understand and follow and answers most of the main questions I have as a parent. More importantly, as I read through the policy, I felt that student and parental concerns are addressed and acknowledged. A much better place to be than dismissing parents and students.

I would like for more companies to adopt a similar format. It would be a welcome change by all of us, but more importantly I believe that a tone friendly privacy policy bridges the gap of communication that is currently abysmal between parents and software companies. Let’s keep it going. Reader friendly and effective privacy policies can exist.

 

 

Whose Data is it Anyway???

 

A year ago I had the honor to participate in a panel at SXSWedu called “Whose Data is it Anyway”, it was an engaging conversation in which we addressed, head on the issue of student ownership of data. The tension in the debate between acknowledging student ownership and privacy was interesting in that there are still many parties that do not recognize the need for bringing students and parents into the conversation.

Last week EdSurge hosted a panel on this very same topic. The panel included diverse voices from the EdTech, legal and education fields. They discussed how Edtech leaders should address privacy issues while still advancing opportunities. And while the debate is complex and worthy of a much bigger time slot than a podcast the panelists raised good points such as – how are investors, entrepreneurs and educators responding to privacy and security concerns, do companies need to comply with all the demands of privacy critics or should they decide how much they can comply with? Finally, can all stakeholders somehow reach an understanding and a midpoint in which we can agree that concerns are being addressed.

I still feel we need to get student voice included in the conversation and I think these panels would have greater depth as it would make us aware of privacy “blind spots” we cannot see unless we bring other participants into the conversation.

You can listen to the EdSurge podcast here

 

 

Student “surveillance” and their right to privacy

 

When I was in school (yes, dinosaurs still roamed the earth), we used to cover our notebooks or tests with our hands because we didn’t want others to see our work. We wanted to keep our school work private. When we ask our kids what they did in school we get the timeless classic “nothing” or “stuff.” So is there anything wrong when a teacher gives us the opportunity to take a look at what happens in our child’s classroom? A couple of weeks ago I saw a Tweet about a teacher using Periscope (the social media app that lets you see the world through someone else’s eyes) and his statement of how much parents appreciated “the ability to watch their kids while they were in school.”

At first glance that might seem like an interesting and exciting proposition but there is something that doesn’t sit right with me. Where do parent’s rights over their children become too overreaching that they supersede student rights? Or should they supersede student rights? The question becomes more complex when we discuss student ownership and acknowledging that students are owners not only of their data but of their education. So humor me for a second and let’s say we finally agree to give students agency and ownership of their education. If we do, would we feel that it was ok to look into their classroom through an app everyday? Maybe not.

I think it’s worthwhile to ask students how they feel about being observed through an app. An app that their parents use to observe their behaviors in the classroom. Which leads me to a proposed state law in Wyoming that would make it illegal for school districts to demand access to student’s social media accounts. In this proposal, the bill would make it a misdemeanor for school officials to request information from a non-school account. In addition, school officials cannot access or view the student’s account unless they get parental permission. This bill is making the argument that it is not ok to feel we can access all of the student’s information because as Sen. Cale Case, R-Lander, said “if you look through someone’s tablet and go through it, it’s like going through the kid’s house.” But we obviously need to be careful we do not make any law so restrictive that it impedes either school’s ability to function or be able to help students in need. Students can no longer simply cover their work with their hands so that no one can see it. Students are vulnerable to parents having total access to their school day through the use of technology, schools can access student work through school provided hardware and schools could potentially monitor students through their social media activity and we need to ensure that we do not blur the line between a student’s school life and life outside school. Because when we do, we risk taking away any sense of ownership from students. Ownership that can empower them to make decisions about their own education as well as how and what they disclose on social media. If we disavow their right to ownership, we risk on enacting laws so restrictive schools can’t conduct their day to day operations as well as neglecting a student’s education and their right to build their data trail in the way they feel represents them the best.

The more people looking at student data privacy laws the better, the more people advocate for increased protections for student privacy the better, the more voices that are brought into the conversations the better. But we cannot and must not go from protecting student data privacy to surveillance.

 

 

The Parent survey – what does it mean, really…..

 

 

The Future of Privacy Forum released a parent survey appropriately called “Beyond the Fear Factor” that asked parents how they really feel about data. I didn’t participate in the survey so I don’t get to skew the results but I can certainly report on it. What the survey tells us is that most parents understand the technology used in their child’s school but don’t really understand the laws protecting student data and have, understandably so, concerns about the security and privacy of their children’s data.

One could argue that the survey is saying that parents are fine with the indiscriminate use of student data and that even though they are concerned about privacy and security, well, we just go with it because the school is going to use technology anyway. But that really is not what the survey is saying. Rather, parents are telling us that they do care how student data is used and that they care how technology is used in the classroom but that they are concerned that the information is not being protected adequately. This is a fair concern, I would say. Particularly when most of us don’t fully understand the laws protecting student privacy and what our rights as parents are.

As I have stated before, my kids are going through new school experiences and so am I. And I am really fascinated by the amount of technology that is deployed in their schools. But more importantly, I am even more fascinated by the amount of paperwork and electronic communications that come home regarding the use of technology in their schools. While impressive, some things definitely could have been done better. For example, nobody told me my kid’s information was being uploaded onto an online portal, the directory information opt out is an all or nothing option and there is a lot more technology being used in school than I am aware of. But on the positive side, I have received communications that are informing me of some of the technology used in my kid’s school and that matters. It matters because now I know that if I wanted to dig and make a decision whether I want my kid using a certain app I can at least find out what it’s about. But something came home this past week that caught my eye. It was a notice asking for permission to setup a student email account for my kids, through Google Apps for Edu (of course). We can argue the merits of GAFE but what is interesting is that the school sent home a notice explaining what it was doing, how the emails were going to be setup and what the purpose is. Further, there is a section on the rules and responsibilities that students have when using this email and they are surprisingly close to what we would ask of an Ed-tech company – students will respect the privacy of others by not using someone else’s files without permission or posting pictures, apps and computers will only be used for educational purposes, respect their privacy and that of others by not disclosing personal information on the computer system etc. I really appreciated this section, not only because it is explaining to us what is expected of the kids but they are working on teaching the kids good digital citizenship, and that is very important. If we instill in kids from an early age how to use technology appropriately and what their responsibilities are we are already moving our conversations forward as these kids increasingly use technological devices at school and home. This school district form had to be signed by parents (giving permission) and students (acknowledging the rules around receiving school email). So when I asked my kid to sign the permission form he looked at me surprised. I asked him to read what he was signing and he rightfully said “if I sign this that means I can’t do all these things but the companies I use in school can’t do the things listed here, right?” Yes, happy dance moment! But I really hope that just as we are asking our kids to be responsible, tech companies are in turn being responsible to kids. So much so, that kids can hold them accountable if they don’t “follow the rules” so to speak.

At the end of the day, what parents want is what we all want when it comes to anyone accessing our information. We want a clear understanding of how data is collected, used and protected. We want transparency of how data is used through the educational system. Parents are willing to be active participants and collaborate with schools on how data and technology can be used to improve the educational process. Don’t ignore parental concerns, let’s address them, discuss them and present to them, to us, with the information we need to trust and in turn collaborate with everyone in the educational system. A top down approach doesn’t work. Parents need to be brought into the conversation in a meaningful way. There is a great opportunity for everyone in the educational system to open the lines of communication now and build trust with parents. If there is one thing the survey clearly states is parents want the data used in a way that can help their kids but make sure we are using the data ethically and protecting it. And I think that is a fair ask. Let’s not dismiss it.