Student Privacy Protection: Big Questions
Considering the recent controversy over Facebook improperly sharing user data without user consent, privacy of personal information seems to be at the current forefront of the public eye. With technology becoming inherently integrated in most aspects of our modern lives—including public schools—there are more and more areas to consider when making sure your personal information is safe and protected. Student privacy protection has become a particular area of concern with regards to an increased technology presence in the classroom, as well as heightened relationships with contract and third-party companies and services. (Facebook sharing user data without consent)
There are laws and legislations in place to protect student privacy, including: the Family Educational Rights and Privacy Act (FERPA), the Children’s Online Privacy Protection Rule (COPPA), and the Protection of Pupil Rights Amendment (PPRA). However, each of these legislations has its shortfalls and do not offer full student privacy protection.
rawpixel © 123RF.com
In a report published by the National Policy Education Center (NPEC) titled “Learning to be Watched: Surveillance Culture at School,” the authors outline the particularly striking shortfalls of FERPA which open the door to sharing of student data to marketers and advertisers. Although FERPA protects students against unauthorized sharing of their “educational records,” it doesn’t fully protect students against sharing in form of “data collected by educational websites or digital pupil-generated content (such as essays), unless [personally identifiable information] is included in that information.”
What’s even more striking is the fact that, under FERPA, there are circumstances in which student records can be shared with “certain parties” without parental consent. The authors of this study write, “The most significant exception is that without consent, school officials may release student records for any education purpose they deem legitimate, as when an organizations [sic] is conducting studies for or on behalf of a school…” What you may find surprising is that the definition of “school official” per the U.S. Department of Education within the legislation includes “contractors, consultants, volunteers, and other parties to whom an educational agency or institution has outsourced institutional services or functions it would otherwise use employees to perform.” In this sense, under the Google Apps for Education (GAFE) contract, Google technically falls within the definition of a “school official” and could decide to share data to private companies without parental consent.
Technology in the classroom and student privacy protection
As many teachers are incorporating use of technology, including cell phones, into the classroom and lesson plans, students are becoming more susceptible to data collectors accessing and using their information. According to the above-mentioned NPEC report, Google’s technology, which have become widely used by schools, may make student data susceptible to being shared.
Google has been scrutinized for collecting and tracking student information in round-about ways. While activity and information within G Suite for Education, formerly Google Apps for Education (GAFE), is not sold or shared to third parties, the Electronic Frontier Foundation (EFF) accused Google of tracking student data when students visit Google-owned sites outside of the GAFE suite of services, which they can then tie to students’ GAFE accounts.
Even in the case that student data is collected and made “anonymous” by technology providers, that’s not necessarily to say that a student’s PII (personally identifiable information) is completely protected. The authors of this report note that de-identified data “can easily be re-identified…moreover, even with only anonymized behavioral tracking data, marketers can target a given computer’s user with advertisements and other communications geared specifically to appeal to and influence the user…when the child is the primary or only user of the device (as is the case when that device is a school-assigned Chromebook, for instance), targeted advertising does not require identification at all.”
Testing companies and big questions
Large testing companies, such as The College Board and ACT, have become known for sharing student information, although in these cases students willingly volunteer to have their personal information shared. Both of these companies include “opt-in” clauses within their test registration in which students agree to have certain PII, such as name, address, gender, e-mail address and phone number, shared with participating educational organizations. An opt-in clause used by The College Board, for example is what they call “Student Search Service,” which they describe as “a free service that has helped millions of students receive valuable information from colleges and nonprofit scholarship organizations.”
And while, from the student test-taker’s perspective, something called “Student Search Service” may seem like a no-brainer and positive thing to agree to, author David Lazarus highlights in his article how this “service” can be misleading to students. He uses the example of his son, who received a letter from the National Academy of Future Scientists and Technologists, who wrote to him to say he had been personally nominated by a Harvard senior for an “Award of Excellence for outstanding academic achievement, leadership potential and determination to serve humanity in the field of science and technology.” The letter stated that “he had been chosen to serve as a delegate at the ‘highly selective’ Congress of Future Science and Technology Leaders being held that summer in Boston,” which was to make him “a much stronger candidate for competitive college and graduate school admissions.”
When Lazarus tracked down the Harvard senior who “nominated” his son, however, he found that not only had she never met or heard of his son, she viewed these nominations “more as invitations.” Lazarus argues, “…telling a kid he’s been nominated for recognition of his accomplishments is the falsest of false pretenses in selling a product.”
The important question to ask, and large controversy over these “opt-in” clauses by testing companies, is whether or not students truly understand that they are agreeing to having their personal information shared. Moreover, are these “opt-in” clauses worded in such a deceptive way that students might believe that they are reducing their chances of finding scholarships or being accepted to college if they choose to opt out?
This leads to a more general question about student privacy protection: should students receive more specific training and information surrounding their personal privacy and information protection? What do you think? Let us know in the comments below!