Major tech companies like Apple and Google have signed a privacy pledge that holds the firms to key data privacy tenets, including promises not to sell student information, not to use behaviorally targeted advertising in education products, and to be transparent about how data is collected and used. Their participation points to the active debate surrounding the usage of technology in schools and the tangle of data privacy issues that tech companies, school districts, and regulators are just beginning to address.
What data privacy issues face students?
As Bloomberg reports, schools have long maintained files on their students, keeping information such as their home addresses, grades, and family income. In recent years, however, school districts have turned to private contractors to provide software systems for this confidential data. These companies, as well as those who operate all of the software, tools, and platforms used in the classroom, can track not only personal information but a range of classroom data on how students perform.
Pearson, for example, sells an information system that has data on 13 million students worldwide. But it hasn’t signed the pledge to protect student privacy, claiming, “we prefer to work directly with our customers rather than requiring a one-size-fits-all solution.”
As Buzzfeed reported in October, when the student privacy pledge was introduced, several notable tech giants declined to sign the pledge when it was launched. The pledge extends protections beyond federal law, which protects only student records and not other forms of student data. But as Buzzfeed notes, that data can contain sensitive information.
Companies like Knewton, an adaptive learning company that partners with textbook companies like Houghton Mifflin and Pearson, collect hundreds of thousands of data points daily about students who scroll through textbooks and take quizzes. These companies log everything from which words give students pause to how they solve math problems. Edmodo, another education tech company that was among the early signatories to the pledge, tracks the details of student behavior and discipline.
Which companies have pledged their support for the data privacy initiative?
Google’s Apps for Education service is used by more than 40 million students, teachers, and administrators, and originally declined to sign the pledge. As The Wall Street Journal reports, Google was conspicuously absent from a list of companies, including Apple and Microsoft, that had signed the student privacy pledge.
At the time, Google said it didn’t sign the pledge because its own contracts and policies already demonstrated its commitment to student privacy. The company has since changed course, and recently signed the pledge along with a group of education tech companies. A Google spokeswoman said of the decision, “We’ve signed the pledge to reaffirm the commitments we’ve made directly to our customers.”
According to an announcement from the Future of Privacy Forum, the nonprofit group that created the pledge last year in collaboration with the Software & Information Industry Association, the latest batch of signatories features Aegis Identity, Agency for Student Health Research, Avepoint, besimpler, CPSI Ltd., Google, Khan Academy, Kidhoo, makkajai, MMS, National Student Clearinghouse, Navvie, Ripple Effects, Student Lap Tracker, and Tools4Ever.
The entire list of signatories — numbering 91 at the time of writing — is available on the website dedicated to the pledge.
Jules Polonetsky, executive director of the Future of Privacy Forum, would not provide The Wall Street Journal with a comment on Google’s change of heart, but did note that there has been a surge of interest in the student privacy pledge since President Obama endorsed it. Obama mentioned the pledge in a recent speech, in which he also said that he would introduce new legislation to more effectively protect data collected in the classroom.
How will legislation work to protect student data privacy?
According to a recent Education Week report, Obama has called for a new Student Digital Privacy Act to prevent companies from selling sensitive student information collected in schools, and from using such data to target advertising to children.
The proposed legislation will be modeled after state legislation recently passed in California. While the reaction to the president’s proposal was largely positive among privacy advocates and educator groups, education tech companies expressed concern that the proposed legislation could both stifle innovation and complicate the regulation of student data privacy, which is already subject to a patchwork of state and federal laws.
The recently passed California legislation is regarded as the strongest state-level response to issues of data privacy to date. It prohibits operators of online educational services from selling student data, using data to target advertising to students, or building profiles on students for non-educational purposes. The law also requires that online service providers maintain adequate security procedures and delete student information at the request of a school or a school district.
A major worry for many involved parties is how a new Student Digital Privacy Act would interact with existing state laws, especially considering the fact that student data privacy legislation has been enacted in 21 states over the past year. It’s unclear if the federal act would pre-empt state laws, lead to situations in which they are in conflict, or create a more complicated playing field for tech companies offering products and services for students.
How will companies act to keep student information safe?
Per Apple Insider, the pledge introduced by the Future of Privacy Forum and the Software & Information Industry Association aims to hold signatories accountable for a variety of data privacy issues relevant to students, such as provisions for greater transparency surrounding data collection and use, the implementation of more comprehensive security standards, limits on data retention, and the prohibition of the sale of student information.
Some companies are already responding to privacy concerns. Google, for example, has promised that its Google Apps for Education program — which has 40 million student, teacher, and administrator users — will not implement ads. But it’s largely unclear how companies will act to keep student data secure.
Education is an important business for companies like Apple, which has sold millions of iPads to school districts, and Google, which is quickly gaining traction in the education market with its affordable Chromebooks. Google has said that it would stop scanning teacher and student emails and documents, and avoid using them for advertising purposes. The Software & Information Industry Association reports that the market for software and services for kindergarten through high school was about $8 billion in the 2011-2012 school year, and has been growing by about 3% annually since then.
Lee Tien, senior staff attorney at the Electronic Frontier Foundation, told Bloomberg: “The business of exploiting student data commercially is a very big and serious one. A lot of these companies are looking at how to monetize the data.”
School districts often lack the expertise to enforce privacy or even to understand exactly what they’re authorizing companies to do with their students’ data when they agree to privacy policies or terms of service — a situation which any user of a modern social network, for example, will likely understand. It remains to be seen if the broad collection and tracking of data actually helps student progress and learning outcomes, but as more companies offer services and software to schools, how they handle student data privacy will be an increasingly important issue.