Ed-Tech Companies Pledge Data-Privacy Protections, Draw Skepticism
By Michele Molnar. Cross-posted from the Marketplace K-12 blog.
A K-12 student-privacy pledge released Tuesday and signed by prominent ed-tech providers prompted immediate statements of concern from some advocacy groups about whether self-regulation will do the job of protecting student data.
The voluntary Pledge to Safeguard Student Privacy, co-authored by the Software and Information Industry Association or SIIA, and the Future of Privacy Forum, and signed initially by 13 companies and one non-profit, includes six "do's" and six "don'ts" of handling student data. The signers--including Amplify, DreamBox Learning, Edmodo, Follett, Knewton, Knovation, Houghton Mifflin Harcourt, Microsoft, and Think Through Math--agree to abide by the provisions of the pledge effective January 1, 2015.
Among key elements of the pledge are promises to:
- Not sell student information
- Not behaviorally target advertising (which means targeting advertising based on a student's web-browsing behavior)
- Use data for authorized education purposes only
- Not change privacy policies without notice and choice
- Enforce strict limits on data retention
- Support parental access to, and correction of errors in, their children's information
- Provide comprehensive security standards
- Be transparent about collection and use of data
The pledge was created as parents' worries about the privacy and security of their students' data have resonated in state legislatures, and as the state of California enacted a strict privacy law last month. It also follows the collapse of inBloom, a controversial data management company that was striving to be a single repository for up to 400 pieces of information about each student whose data were uploaded to the cloud--but that fell under the weight of protests from parents, some educators, and others.
Software companies selling products to K-12 schools have been concerned, too, that their mission to collect and use student data to help educators better teach their students will not be permitted by law. "Without data, we are flying blind," said Aimee Rogstad Guidera, founder and executive director of Data Quality Campaign, a national nonprofit that advocates for the effective use of education data to improve student achievement, in a statement in support of the pledge.
Range of Reactions to Pledge
The National School Boards Association and the National PTA joined the organizations that released the pledge with their endorsements in the launch announcement. Keith Krueger, CEO of the Consortium for School Networking, said he thinks the pledge is helpful. "It states, pretty clearly and crisply--in language a non-lawyer can understand--what's not going to happen with your data," he said. Schools and districts are looking for that kind of assurance in an industry standard about the collection, management, and use of personal information, he said.
But Leonie Haimson, executive director of Class Size Matters based in New York City and co-chair of the Parent Coalition for Student Privacy, said in a statement that "we need legally enforceable provisions requiring parental notification and consent for the disclosure and redisclosure of personal student data, as well as rigorous security standards." She predicted that the pledge would not reassure parents about data sharing, data-mining and data breaches.
Mark Schneiderman, the senior director of education policy at SIIA, said that, when companies make public pledges like this one, it is enforceable by the Federal Trade Commission, or FTC.
Khaliah Barnes, who is the administrative law counsel at the Electronic Privacy Information Center, and director of the Electronic Privacy Information Center (EPIC) Student Privacy Project, said that representations made within the pledge can be enforced under Section 5 of the FTC ACT, which prohibits unfair and deceptive practices in or affecting commerce, but that such enforcement is on a "company-by-company" basis.
"The student-privacy pledge isn't a substitute for student-privacy legislation," said Barnes. In July, the Protecting Student Privacy Act was introduced by Sen. Edward Markey, a Democrat from Massachusetts, and Orrin Hatch, a Republican from Utah. The bill--S2690--would update the Family Educational Rights and Privacy Act of 1974 (or FERPA). It was read twice and referred to the Senate Committee on Health, Education, Labor and Pensions.
The SIIA, the technology trade association, has taken the position that modernizing privacy rules need not involve new legislation.
Barnes said the pledge's framework "has some strengths," including the pledge not to sell student information or use it for targeted marketing, and the emphasis on data security. But she questioned how students would be allowed to access and correct data--in particular, at what points in the process of an adaptive learning software program's algorithmic decision-making would they be permitted to gain access to their data.
Rogstad of the Data Quality Campaign said that "when education data is used as a flashlight and not a hammer," parents can make the best education choices for their kids, teachers can tailor instruction and target interventions where needed, and education leaders can decide what resources each school needs.
Although some leading companies have signed the pledge, Barnes pointed out that the ed-tech industry is huge. "Think of SXSWedu," she said. "There are countless others who have not signed it."
Other companies and organizations that have signed the pledge include: Code.org, Gaggle, Learnmetrics, Lifetouch, Maestro, myOn, MIND Research Institute, and Readorium.