• by Mark Barnett • IDRA Newsletter • June-July 2017 •
According to the Electronic Frontier Foundation (EFF), one-third of all K-12 students in the United States are issued devices like laptops or tablets to use in school (Frida, et al., 2017). Almost all of these devices require a user account from Google, Microsoft or Apple in order to use the device. Are schools, students and families aware of data that are being tracked with these accounts and what technology companies are doing with the data?
Before digging into data tracking, let’s review some laws that are in place that are meant to protect the rights and privacy of student data. The Family Educational Rights of Privacy Act is a federal law that forbids schools from disclosing student information without parent consent. It is enforced by the U.S. Department of Education, which can cut off federal funding to noncompliant schools. The law also protects information about students’ online activity when they are using school-issued devices when the information is tied to personally identifiable information.
The Children’s Online Privacy Protection Act (COPPA) is a federal law that requires companies to obtain verifiable parent consent before collecting personal information from children under 13 for commercial purposes. COPPA is enforced by the Federal Trade Commission.
To confuse matters even more, some states have their own laws that restrict how companies can use data for advertising, or they define personally identifiable information differently than other states which can create loopholes that allow companies to selectively collect student data.
Do companies really need this kind of data on students? EFF investigators found that the Google Chromebook by default “records every Internet site students visit, every search term they use, the results they click on, videos they look for and watch on YouTube, and their saved passwords” (p.2). Google doesn’t first obtain permission from students or their parents, and since some schools require students to use Chromebooks, many parents are unable to prevent Google’s data collection or are even aware that it is happening.
The Spying on Students report points to a serious problem that parents and families are the least informed about student data privacy and practices. A survey conducted by the EFF found that among respondents: “45 percent reported that their schools or districts did not provide parents with written disclosure about ed-tech and data collection, and 31 percent were not sure if such disclosure was provided. Further, 32 percent of all respondents reported that their schools or districts did not offer opt-out – that is, non-technological classroom alternatives for families who did not want students using certain technology – and 37 percent were not sure if opt-out was available” (p.10).
What Can You Do to Protect Your Student’s Data and Privacy?
The EFF has outlined some steps that students, educators, leaders, policymakers and companies can take to keep the privacy of student data a priority that is transparent and respects the privacy of students and their families.
- Read software terms of service,
- Ask schools about data privacy practices,
- Provide digital literacy training to teachers,
- Always inform and obtain parent consent,
- Ask for software alternatives,
- Use encryptions when possible, and
- Demand transparency on data privacy.
Read the full EFF report and see more recommendations at www.eff.org/wp/school-issued-devices-and-student-privacy.
Other Resources to Learn about Student Data Privacy
- See the following resources for more information.
- U.S Department of Education Privacy Technical Assistance Center: http://ptac.ed.gov
- FERPA/Sherpa education privacy resource center: http://ferpasherpa.org
- The Data Quality Campaign, a leading voice on education data policy and use: http://dataqualitycampaign.org
- Electronic Frontier Foundation, student privacy campaign: www.eff.org/issues/student-privacy