New Laws Are Needed To Protect Student Privacy In The Digital Age

Students and schools around the country are utilizing new digital technologies in ways many people did not imagine at the turn of the century and those technologies offer great promise.  Just ten years ago, terms like "big data", "the cloud", "data mining", and "social media" were not well known by students, parents, and school officials.  To lower costs and to help our students learn more effectively, thousands of schools across the country have adopted new digital technologies. Unfortunately, the current legal framework designed to protect student privacy and safety has not kept up with the rapid advancements that have been created by the Digital Age. 

The federal Family Educational Rights and Privacy Act (FERPA) is the main federal law that protects student educational records.  This law was initially enacted in 1974 and has been amended multiple times by Congress; the last time being in 2001 before the widespread adoption of cloud computing and other digital platforms in schools.  While the statute hasn't been amended in more than 10 years, the rules that the U.S. Department of Education uses to implement FERPA have been more recently updated.  Despite these revisions, some public interest groups such as the Electronic Privacy Information Center allege that FERPA's rule changes undermine privacy safeguards set out in the statute and unnecessarily exposes students to new privacy risks.

At first glance, FERPA appears to be a robust law that protects the personal privacy and safety of students.  However, upon closer examination FERPA does not provide the protections that our students need in the Digital Age.  In the almost 40 years since FERPA's initial enactment, no school has been denied access to federal funds due to a violation that has put the personal privacy and/or safety of students at risk.  As more third parties have been contracted to handle student data through the spread of cloud and mobile technologies, FERPA has done little to constrain the behavior of these third parties because the statute does not contain a sanction that applies them. 

Does this mean that FERPA has been successful and that a school's actions have never put the personal privacy and/or safety of students at risk?  Or, does this validate the notion that FERPA lacks strong enforcement provisions and the U.S. Department of Education has not been provided the resources necessary to properly protect our children?

In 2002, the Supreme Court held that FERPA's nondisclosure provisions do not provide students a personal right to sue entities that fail to properly safeguard their educational records.  While this ruling appears to shield schools from student lawsuits based upon FERPA violations, it has also had a very troubling unintended side effect that may be leading some schools to put their guard down when engaging third party vendors to capture, process, and transmit student data. 

History has proved that some commercial enterprises will abuse their access to student data and that FERPA is unable to provide the privacy and/or safety protections our children need and deserve.  In 2003, multiple student survey companies were caught intentionally misleading schools, students, and parents about their data collection and utilization practices.  The FTC alleged that these entities sold personally identifiable information about millions of students to marketers for financial gain.  In addition to entering into a consent agreement with the FTC that ended these practices, the New York Attorney General's office fined these entities $75,000 for their actions.

In 2012, Time Magazine discovered that a company called UDiligence that had been hired by universities across the country to scan and archive the password protected personal digital content of student-athletes was abusing its access to student data by utilizing personal student content in advertisements for the company's services.  Only after Time Magazine questioned this practice did UDiligence stop monetizing students' personal digital content for pecuniary gain.

Several months ago, a judge in a lawsuit that accuses Google of violating multiple federal and state laws regarding its email data mining practices ruled that the case may move forward.  During a recent court filing in this lawsuit, Google admitted that its University of Alaska school branded Gmail system utilizes the information obtained from student emails for advertising purposes (Link to this document; See page 42, #88).  As part of an effort to dismiss the case, Google argued that two student plaintiffs from universities who were Google Apps for Education users consented to Google scanning their emails for advertising purposes when they signed onto the service the first time (Link to this document; See page 14).

Since Google provides this same exact service for free to thousands of schools across the country it raises a serious question of whether Google is data mining the school emails of millions of students across the country for financial gain.  Do the same arguments that Google has made in its motion to dismiss, that students have consented to this data mining, apply to students at other schools where Google Apps for Education is in use?  It does not appear that students, parents, and/or teachers have been informed and provided consent that would enable their digital interactions and the content sent and received on school contracted Gmail services to be utilized for advertising purposes. 

The personal safety of students are at risk when commercial entities obtain access to student data and act upon the information.  According to Education Week, some low-income children in Arizona were subjected to unnecessary dental work by corporate-affiliated "mobile dentists" who found their patients through easy access to school records.  In response to this troubling practice, Arizona enacted a new state law last year that tightened access to this information.

Several months ago, The New York Times discussed the privacy and safety challenges inherent when schools hire third parties to collect and store student data on the web.  A recent Fordham University Law School study found "weaknesses in the protection of student information in the contracts that school districts sign when outsourcing web-based tasks to service companies".  Fordham's findings were validated by the Maryland Attorney General's 2013 report on children's privacy that recommended a new state law that would prohibit cloud service providers from using data collected from students for commercial purposes.

Parents are extremely worried about their children's personal privacy and safety.  A new Common Sense Media Survey found broad support for stronger safeguards to protect our students in the Digital Age.  According to the survey, 91 percent of respondents support stronger parental-consent requirements related to the sharing of sensitive student data, and 89 percent supported tighter security standards for cloud storage.

Since FERPA has not been updated to reflect the tremendous change the Digital Age has brought to the education system, it is time for states to enact laws that better protect the personal privacy and safety of our students.  States should enact strict prohibitions on the use of student data (i.e.  emails, documents, or other content), ensuring that vendors do not have rights to use that data for advertising or marketing purposes or to otherwise build personal profiles of students that may be utilized to discriminate against students and/or their families.  Parents and students need to know that when they utilize school provided digital communication platforms their data is safe and secure and will not be used to prey upon their economic and/or personal situation.

Copyright 2014 by the Law Office of Bradley S. Shear, LLC All rights reserved.  

White House Announces Big Data and the Future of Privacy Comprehensive Review

On the White House Blog earlier today, John Podesta, a Counselor to the President provided further details about the comprehensive privacy review that the President recently asked him to undertake.  In the blog post, it stated that Mr. Podesta would lead a "comprehensive review of the way that “big data” will affect the way we live and work; the relationship between government and citizens; and how public and private sectors can spur innovation and maximize the opportunities and free flow of this information while minimizing the risks to privacy."

Mr. Podesta will be joined by Secretary of Commerce Penny Pritzker, Secretary of Energy Ernie Moniz, the President’s Science Advisor John Holdren, the President’s Economic Advisor Gene Sperling and other senior government officials.  The working group will consult with stakeholders such as members of industry, civil liberties groups, academics, privacy experts, and government officials.  

This effort is suppose to begin during the next 90 days and help develop the national conversation regarding the issues surrounding the usage of "big data" and the privacy implications inherent with new digital technologies. 

I believe this is a positive development that will help shape future public policy decisions.  In order to continue to flourish, democracies require transparent discussions about the important issues that affect their citizens.

Copyright 2014 by the Law Office of Bradley S. Shear, LLC All rights reserved. 

9th Circuit Court of Appeals Rules Bloggers Have First Amendment Protection

I blog to share information that I believe may assist others in their quest for knowledge about the legal, business, and public policy issues that affect digital media users. I exercise my First Amendment rights when I believe there is an issue that is important and newsworthy for my readers.

When I blog, I research my proposed article, write, and edit my work just like journalists who work at large well-established media outlets.  Therefore, I believe those who post online should receive the same type of legal protections against lawsuits that are afforded professional journalists.

I am not the only one who believes in strong protections for online commentators.  In a huge win for the freedom of speech, the 9th U.S. Circuit Court of Appeals recently ruled that bloggers have the same First Amendment protections as journalists when sued for defamation.  This is an important milestone in the legal landscape for digital speech rights.

A very important cornerstone of democracy is a free press.  This new decision has its roots in the famous John Peter Zenger acquittal in 1735.  John Peter Zenger was accused of libel and a jury returned a verdict of not guilty.  Andrew Hamilton became famous for his defense of Zenger and his quote, "truth is a defense against libel". 

The bottom line is that bloggers and other digital content creators now have greater legal protections.  While some people may not like this ruling due to the potential cyber bullying side effects, this decision helps protect freedom and the free flow of ideas that are so important in a democracy.  There are too many people in this world who either threaten legal action and/or take legal action via strategic lawsuits against public participation to silence their critics.  If this ruling stands, it will help protect those who expose fraud and other illegal activities via digital commentary.

Copyright 2014 by the Law Office of Bradley S. Shear, LLC All rights reserved.

FTC Settlement: Apple to refund $32 million dollars for children's in-app purchases

Yesterday, the FTC announced that Apple will provide full consumer refunds of at least $32.5 million dollars to settle an FTC complaint that it charged for kids' in-app purchases without parental consent.  This settlement demonstrates that the FTC is continuing to protect our children and families against potential unfair and misleading trade practices in the digital space.

The FTC complaint alleged Apple violated the FTC Act by failing to tell parents that by entering a single password they were consenting to an in-app purchase.  In particular, it was alleged that parents (account holders) were not informed that entering their password would open a 15-minute window in which children can incur unlimited charges. Under the Consent Order, Apple is required to change its billing practices to ensure that it has obtained "express, informed consent from consumers" before billing for items sold in mobile apps.

The FTC's mobile apps for kids reports put mobile app developers and ecosystem owners on notice that the FTC is watching the entire space to protect children and families from unfair and deceptive trade practices.  This new enforcement action combined with the FTC's previous activities reinforces the notion that the mobile environment contains serious personal privacy and safety issues along with potential unfair trade practice issues that need to be addressed.

Copyright 2014 by the Law Office of Bradley S. Shear, LLC All rights reserved.

Canadian Teen Convicted of Sexting Child Pornography

A Canadian teenager was recently convicted of sexting pornographic photos.  According to CNN, a teenage girl was found guilty of distributing via text pornographic photos of her boyfriend's ex-girlfriend.

This case appears to have occurred because a teenager became jealous that her boyfriend was still in contact with his ex-girlfriend.  According to prosecutors, the convicted teenager initially threatened her boyfriend's ex-girlfriend on Facebook.  The defendant then allegedly texted five naked photos of the ex-girlfriend that she found on her boyfriend's cell phone to several other people.  The prosecutors examined approximately 36,000 texts during the investigation.  The parties involved in this matter were approximately the same age. 

This appears to be an unfortunate situation that before the Social Media Age would never have occurred.  In general, child pornography laws were intended to stop those over the age of majority (in general 18 years of age) from exploiting minors. Does this case demonstrate a need to re-examine child pornography laws? 

Due to the proliferation of cell phones and mobile apps that make sharing images (i.e. photos and videos) extremely easily, it is imperative that teenagers learn about the legal issues inherent with social media usage.  Unfortunately, it would not surprise me if these cases become more common in the future. 

Copyright 2014 by the Law Office of Bradley S. Shear, LLC All rights reserved.