Since its back to school time, I thought it would be productive to discuss some digital privacy issues that parents and students should be thinking about. During this time of the year, student privacy is hot because back to school means filling out Family Educational Rights and Privacy Act (FERPA) forms. I filled one out over the weekend and I thought about what type of information I want to keep private and what was best for the school to share about my child (and our family) with other parents and the public. For each parent or guardian, this is a personal decision and there are no wrong answers. What may work for one family may not work for others.
On another note, be careful about what information you post about your children on various social media platforms. In particular, be mindful that neither Facebook nor Google are "friends" of children's privacy. Last year, it was uncovered in federal court that Google was scanning student emails for advertising purposes and I witnessed both Facebook and Google lobbying against stronger student digital data privacy laws in the state of Maryland. With Facebook's new found interest in the education market, parents should be particularly leery about allowing their children's data to be "friends" with Facebook's data mining machine.
The bottom line is that parents should discuss these and other digital privacy issues with their children as soon as they start utilizing digital devices. Its never too early to educate your kids about the virtual world that will affect their physical world.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
Showing posts with label Student Privacy Law Expert. Show all posts
Showing posts with label Student Privacy Law Expert. Show all posts
Tuesday, September 8, 2015
Thursday, April 30, 2015
U.S. Student Digital Data Privacy and Parental Rights Act of 2015 Introduced
On April 29, 2015, Representatives Luke Messer and Jared Polis introduced the bipartisan Student Digital Privacy and Parental Rights Act of 2015. According to The New York Times, "the bill would prohibit operators of websites, apps and other online
services for kindergartners through 12th graders from knowingly selling
students’ personal information to third parties; from using or
disclosing students’ personal information to tailor advertising to them;
and from creating personal profiles of students unless it is for a
school-related purpose."
The legislation is modeled after California's SB 1177, (the "Student Online Personal Information Protection Act") which Education Week hailed as a "landmark" student data privacy law. The federal Student Digital Privacy and Parental Act of 2015 is a positive piece of legislation that would help better protect the personal privacy and safety of students around the country. The fact that some members of the ed-tech industry are wary of the bill demonstrates the potential effectiveness of the legislation.
This bill is sorely needed because as Education Week reported last year, some ed-tech vendors such as Google have been caught intentionally misleading parents about their data mining and privacy practices. For example, exactly 1 year ago today, Google promised to stop scanning student emails and other digital content for advertising purposes.
Unfortunately, Google's promise to better protect personal student data has fallen woefully short since its troubling consumer privacy policy still covers its education offerings and this policy clearly allows it to data mine and profile students on its Google Apps For Education platform. For example, Google's promise to stop data mining students does not extend to Google + or YouTube since neither platform is considered a Google Apps "Core Service".
A former IT policy director at Cornell recently authored an eye opening research paper about Google's troubling profiling and data mining practices which is a must read for school administrators, parents, and educators. Unfortunately, Google is not the only ed-tech company with weak privacy policies and practices. Politico and others have also called out Khan Academy for its data mining and profiling practices of students.
Earlier this year, I advocated for my home state of Maryland to enact a similar student privacy bill which was also modeled after California's SB 1177. I was very troubled to witness Facebook and Google (here is a link to the hearing where you will see that the representatives of these companies were actively trying to thwart passage of robust student privacy protections) advocate for amendments to gut the bill's privacy protections for our children.
My hope is that Facebook, Google, etc... realize that their continued refusal to accept appropriate limits on student data collection, processing, and usage will continue to make parents suspicious about their motives for providing educational technology tools. These companies are two of the largest advertising entities in the world and their actions so far clearly demonstrate that they want access to personal student data for marketing purposes.
The following national education groups have already voiced support for the federal Student Digital Data Privacy and Parental Rights Act of 2015:
Its time for the entire ed-tech industry to support the Student Digital Data Privacy and Parental Rights Act of 2015. Embracing enhanced digital privacy protections for our students will signal to parents that the industry can be trusted to protect our children's personal information.
As a parent, I want my children to be able to utilize the latest and greatest digital education platforms; however, until stronger privacy laws are enacted I have little confidence that all school technology vendors will make my children's personal privacy and safety a priority. Therefore, I challenge Facebook, Google, and every other ed-tech company and organization that advocated to weaken Maryland's Student Data Privacy Act of 2015 to do the right thing and support this bill as drafted.
UPDATE May 1, 2015: The White House has announced that it supports the new bill. In a blog post, The White House stated: "[w]e are pleased to see Representatives Luke Messer (R-IN) and Jared Polis (D-CO) answer the President’s State of the Union call to enact new protections for K-12 students’ data to ensure that classrooms can embrace technology with confidence.
Introduced yesterday, The Student Digital Privacy and Parental Rights Act is an important bipartisan step, building upon existing momentum from industry leaders committed to ensuring educational data is not misused by providers or third parties, and carrying the strong endorsement of privacy advocates, the private sector, and associations representing parents and educators."
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
The legislation is modeled after California's SB 1177, (the "Student Online Personal Information Protection Act") which Education Week hailed as a "landmark" student data privacy law. The federal Student Digital Privacy and Parental Act of 2015 is a positive piece of legislation that would help better protect the personal privacy and safety of students around the country. The fact that some members of the ed-tech industry are wary of the bill demonstrates the potential effectiveness of the legislation.
This bill is sorely needed because as Education Week reported last year, some ed-tech vendors such as Google have been caught intentionally misleading parents about their data mining and privacy practices. For example, exactly 1 year ago today, Google promised to stop scanning student emails and other digital content for advertising purposes.
Unfortunately, Google's promise to better protect personal student data has fallen woefully short since its troubling consumer privacy policy still covers its education offerings and this policy clearly allows it to data mine and profile students on its Google Apps For Education platform. For example, Google's promise to stop data mining students does not extend to Google + or YouTube since neither platform is considered a Google Apps "Core Service".
A former IT policy director at Cornell recently authored an eye opening research paper about Google's troubling profiling and data mining practices which is a must read for school administrators, parents, and educators. Unfortunately, Google is not the only ed-tech company with weak privacy policies and practices. Politico and others have also called out Khan Academy for its data mining and profiling practices of students.
Earlier this year, I advocated for my home state of Maryland to enact a similar student privacy bill which was also modeled after California's SB 1177. I was very troubled to witness Facebook and Google (here is a link to the hearing where you will see that the representatives of these companies were actively trying to thwart passage of robust student privacy protections) advocate for amendments to gut the bill's privacy protections for our children.
My hope is that Facebook, Google, etc... realize that their continued refusal to accept appropriate limits on student data collection, processing, and usage will continue to make parents suspicious about their motives for providing educational technology tools. These companies are two of the largest advertising entities in the world and their actions so far clearly demonstrate that they want access to personal student data for marketing purposes.
The following national education groups have already voiced support for the federal Student Digital Data Privacy and Parental Rights Act of 2015:
- AASA, the School Superintendents Association
- International Society for Technology in Education
- National Association of Elementary School Principals
- National Association of Secondary School Principals
- National Education Association
- National PTA
- State Educational Technology Directors Association
Its time for the entire ed-tech industry to support the Student Digital Data Privacy and Parental Rights Act of 2015. Embracing enhanced digital privacy protections for our students will signal to parents that the industry can be trusted to protect our children's personal information.
As a parent, I want my children to be able to utilize the latest and greatest digital education platforms; however, until stronger privacy laws are enacted I have little confidence that all school technology vendors will make my children's personal privacy and safety a priority. Therefore, I challenge Facebook, Google, and every other ed-tech company and organization that advocated to weaken Maryland's Student Data Privacy Act of 2015 to do the right thing and support this bill as drafted.
UPDATE May 1, 2015: The White House has announced that it supports the new bill. In a blog post, The White House stated: "[w]e are pleased to see Representatives Luke Messer (R-IN) and Jared Polis (D-CO) answer the President’s State of the Union call to enact new protections for K-12 students’ data to ensure that classrooms can embrace technology with confidence.
Introduced yesterday, The Student Digital Privacy and Parental Rights Act is an important bipartisan step, building upon existing momentum from industry leaders committed to ensuring educational data is not misused by providers or third parties, and carrying the strong endorsement of privacy advocates, the private sector, and associations representing parents and educators."
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
Wednesday, April 1, 2015
Maryland's Student Data Privacy Act of 2015 Is Needed
The Internet and broadband access has led to many innovations in how we teach our children. During the past 10 years, K-12 schools have implemented new and exciting technologies that will help students learn and be prepared for life inside and outside of the workforce. Unfortunately, privacy law has not kept up with the technology that is being utilized by our schools because the primary student privacy law, the Family Educational Rights and Privacy Act (FERPA) was enacted in 1974 and it has not been updated to account for all of the new digital activities and metadata that is being created by students on school contracted digital platforms.
Due to the well balanced approach that HB 298 takes, I
am asking for your support of this legislation as it passed in the House of
Delegates."
Earlier today, I testified again on behalf of a Maryland bill (HB 298) that would help better protect students' digital privacy without hampering educational technology companies with burdensome regulations. Maryland's HB 298 is based upon California's landmark Student Online Personal Information Protection Act (SOPIPA or SB 1177). I testified with the sponsor of the bill along with other advocates and some of my written testimony is as follows:
"House Bill 298 as passed by the House of Delegates is a
positive piece of legislation that will help protect the personal privacy and
safety of Maryland students and their families.
Three federal privacy statutes address student information that may be collected
by and from schools: The Family
Educational Rights and Privacy Act (FERPA), the Children’s Online Privacy
Protection Act (COPPA), and the Protection of Pupil Rights Amendment (PPRA).
FERPA was enacted in 1974 when student records were housed
in filing cabinets. This statute is
essentially a confidentiality law designed to protect student paper
records. Forty years ago, schools didn’t
have personal computers and Internet access.
FERPA was not designed to protect digital student information. COPPA focuses on the online collection of
personal information directly from children younger than 13 years old without
parental consent. The PPRA primarily
address the use of certain types of data collected from in-school surveys as
well as some marketing activities.
FERPA covers “educational records” such as transcripts that
were originally kept in a school principal or central district office. The statute specifically carves out an
exemption for “directory information” such as a student’s name, address, date
of birth, telephone number, age, sex, and weight. This 1974 definition of “educational records”
and the directory information exclusion no longer makes sense in 2015. Much of the data gathered and utilized by
electronic based services is outside the scope of FERPA’s existing definition.
As an example, the metadata gathered from a learning app
used by a child in school is not considered an “educational record” and would
not be protected by FERPA. Under FERPA,
the app maker and other third parties such as digital advertising networks may
utilize the information obtained from our children’s use of school contracted online
digital technologies. This data which
may include information regarding health, sexual orientation, religion, race,
etc… may then be utilized by third parties to discriminate against our children
when they apply to colleges, for jobs, insurance, etc…
Absent stronger privacy protections for online student
content, our children’s privacy will be compromised and innovative learning
tools and educational technologies will face increased parent skepticism and
opposition. HB 298 as passed by the
House of Delegates helps assuage parent’s fears while not stifling industry
innovation. HB 298 is modeled after
California’s widely applauded Student Online Personal Information Act (SOPIPA)
that has been called a “landmark” student data privacy bill by the highly
regarded K-12 focused publication Education Week.
Google and Facebook's representatives were lobbying to add amendments that would gut the bill's privacy protections for our children. Behind the scenes, these two companies appeared to be not just the two primary opponents of this bill but of other similar bills around the country (watch/listen to the testimony). Google's behavior is not surprising since it has been caught by Politico spending hundreds of thousands of dollars to lobby against privacy bills that would better protect the personal privacy of students and their families around the country. Facebook's participation in this process appears to demonstrate that it wants to enter the education market. Due to Facebook's agreements with data brokers and its troubling privacy practices and policies, student data should not be entrusted on their platform.
The bottom line is that if you care about student privacy and cyber safety, our laws need to catch up with the technology that is being deployed. To support Maryland's Student Data Privacy Act of 2015 please reach out to the senators on the Education, Health & Environmental Affairs Committee to voice your support.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
Tuesday, January 20, 2015
Kids Digital Privacy and Cyber Security Highlighted in State Of The Union
During President Obama's State of the Union Address this evening the importance of children's digital privacy and cyber security was highlighted. According to The White House Medium account, the President's official prepared address stated,
"No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids. We are making sure our government integrates intelligence to combat cyber threats, just as we have done to combat terrorism. And tonight, I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyber-attacks, combat identity theft, and protect our children’s information. If we don’t act, we’ll leave our nation and our economy vulnerable. If we do, we can continue to protect the technologies that have unleashed untold opportunities for people around the globe."
Since more of our personal information is being housed in digital cloud based platforms, the President's comments are a welcome development. When the President's State of the Union Address is combined with his recent historic speech at the FTC that discussed the need for stronger student privacy laws, I am optimistic more attention will be paid to these very important issues in the near future.
Copyright 2015 by Shear Law, LLC All rights reserved.
"No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids. We are making sure our government integrates intelligence to combat cyber threats, just as we have done to combat terrorism. And tonight, I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyber-attacks, combat identity theft, and protect our children’s information. If we don’t act, we’ll leave our nation and our economy vulnerable. If we do, we can continue to protect the technologies that have unleashed untold opportunities for people around the globe."
Since more of our personal information is being housed in digital cloud based platforms, the President's comments are a welcome development. When the President's State of the Union Address is combined with his recent historic speech at the FTC that discussed the need for stronger student privacy laws, I am optimistic more attention will be paid to these very important issues in the near future.
Copyright 2015 by Shear Law, LLC All rights reserved.
Wednesday, July 30, 2014
U.S. Protecting Student Privacy Act Needs More Teeth
The bipartisan "Protecting Student Privacy Act" was introduced earlier today by Senators Edward J. Markey
(D-Mass.) and Orrin Hatch (R-Utah) and according to the bill's press
release, it "would help safeguard the educational records of students"
because, "[r]ecent changes to the Family Educational Rights and Privacy
Act (FERPA) have allowed for increased sharing and use of student data in the
private sector." As part of the rationale behind the need for the legislation it is mentioned that, "one survey found only 25 percent of districts inform
parents of their use of cloud services and 20 percent of districts fail to have
policies governing the use of online services."
It is very troubling that the Software & Information Industry Association (SIIA) continues to refuse to acknowledge the dire need for stronger digital privacy laws to protect our students despite clear and convincing evidence that FERPA does not properly protect our children's privacy in the Digital Age. During a June 25, 2014 hearing on Capitol Hill Professor Joel Reidenberg presented Fordham Law School's Center on Law and Information Policy's seminal cloud computing study findings that demonstrated some cloud computing vendors are negotiating agreements with schools that put our students personal privacy at risk.
In addition to Prof. Reidenberg's study, Education Week and Politico performed recent in-depth investigative reports regarding the need for FERPA to be updated to better protect student privacy. These investigations found that when provided the opportunity some educational technology vendors will abuse their access to student data for profit. For example, Education Week exposed Google's practice of scanning student emails for behavioral advertising purposes and Politico found multiple other educational technology companies that had similar troubling privacy practices and/or policies (or none at all) that enabled similar abuses of personal student data.
Since Congress has not addressed these issues until now, states across the country have introduced and enacted more robust student data protection laws to address the privacy concerns that FERPA was not designed to protect. For example, Kentucky and Rhode Island are some of the states that have acted to better protect our children from entities that may abuse their access to student educational digital data.
Copyright 2014 by Shear Law, LLC All rights reserved.
FERPA needs to be updated to account for the technological advancements that have occurred in the Digital Age. The law was enacted in 1974 when student educational records were mostly created by pen and paper and/or typewriter and stored in a school administration filing
cabinet or in a teacher's notebook or classroom closet. At that time, in general, only teachers and
school administrators had access to a student's educational records.
Since the 1970's, advancements in technology have changed the way teachers interact with students, parents,
and legal
guardians. When I was attending elementary, middle, and high school
throughout the 1980's, the primary form of communication between
teachers and students/parents
was via in-person meetings, paper letters, and/or phone calls. In contrast, the
primary form of communication between my children's teachers and my wife and I occurs via digital platforms.
As a parent, I watch my children play and learn with electronic devices on a regular basis. Even though my children watch television as I did at their age, they are becoming more interested in utilizing educational websites and digital device apps. Some of these platforms have helped them learn language skills, math, geography, history, etc....With more school districts beginning to provide students digital devices, the privacy and cyber safety issues inherent with the usage of these electronic platforms are becoming more apparent.
According to Politico, "[m]any of the latest digital tools (i.e. email, apps, cloud services, online textbooks, etc...) collect vast amounts of “metadata” as students work online; the sites track academic progress and log information about the child’s location, computer equipment and browsing habits. Most of that data never finds its way into official school files and thus is unlikely to be considered an “educational record.” That means private companies are free to do what they want with it." This is very alarming considering that when Kathleen Styles, the Chief Privacy Officer of the Department of Education was questioned about these issues she stated that "[a]lot of metadata won't fit as an educational record."
According to Politico, "[m]any of the latest digital tools (i.e. email, apps, cloud services, online textbooks, etc...) collect vast amounts of “metadata” as students work online; the sites track academic progress and log information about the child’s location, computer equipment and browsing habits. Most of that data never finds its way into official school files and thus is unlikely to be considered an “educational record.” That means private companies are free to do what they want with it." This is very alarming considering that when Kathleen Styles, the Chief Privacy Officer of the Department of Education was questioned about these issues she stated that "[a]lot of metadata won't fit as an educational record."
Due
to all of the personally identifiable student information included in emails,
apps, online textbooks, web browsing history and other digital activities (i.e. metadata) students may create while utilizing school provided digital services and
learning tools, it is imperative that FERPA is updated to ensure that our children
and future generations receive the same privacy protections we enjoyed while we attended school. Should colleges,
potential employers, insurance companies, etc... be allowed to access student scholastic digital communications and make hiring, firing, and policy decisions based on this information?
Should advertisers be allowed to prey upon (via behavioral
advertising) students based upon their student-teacher and/or student-student digital communications?
It is very troubling that the Software & Information Industry Association (SIIA) continues to refuse to acknowledge the dire need for stronger digital privacy laws to protect our students despite clear and convincing evidence that FERPA does not properly protect our children's privacy in the Digital Age. During a June 25, 2014 hearing on Capitol Hill Professor Joel Reidenberg presented Fordham Law School's Center on Law and Information Policy's seminal cloud computing study findings that demonstrated some cloud computing vendors are negotiating agreements with schools that put our students personal privacy at risk.
In addition to Prof. Reidenberg's study, Education Week and Politico performed recent in-depth investigative reports regarding the need for FERPA to be updated to better protect student privacy. These investigations found that when provided the opportunity some educational technology vendors will abuse their access to student data for profit. For example, Education Week exposed Google's practice of scanning student emails for behavioral advertising purposes and Politico found multiple other educational technology companies that had similar troubling privacy practices and/or policies (or none at all) that enabled similar abuses of personal student data.
Since Congress has not addressed these issues until now, states across the country have introduced and enacted more robust student data protection laws to address the privacy concerns that FERPA was not designed to protect. For example, Kentucky and Rhode Island are some of the states that have acted to better protect our children from entities that may abuse their access to student educational digital data.
While
it is a very positive development that states are acting to better
protect student privacy, it may be most efficient if robust federal
legislation is enacted. I commend Senators Markey and Hatch for
introducing the Protecting
Student Privacy Act and making student privacy an important bipartisan issue during these very partisan times on Capitol Hill.
The introduction of the Protecting Student Privacy Act is a good first step; however, it needs to be amended to have the intended effect of updating FERPA to account for the
Digital Age. For example, the bill needs to expand the definition of educational records to include student emails and digital metadata created on school provided services, platforms, and equipment. Under FERPA, there is no private right of
action against companies that utilize student data for
non-educational purposes. To be truly effective, the legislation must hold vendors legally accountable and allow for a private right of action against those entities that violate the law.
To
paraphrase Hilary Clinton, it takes a village to protect our students' personal
privacy. Absent more robust federal
student privacy laws, parents may soon come out in force
against utilizing innovative digital learning tools and services. It is imperative that Congress pass stronger student privacy laws that have strong enforcement mechanisms so students, parents, and teachers feel safe utilizing new learning tools that will help our students compete in the global economy.
Subscribe to:
Posts (Atom)