Software Industry Players Debate Need for New Restrictions Around Student Data
By guest blogger Kathryn Baron
Parents may want to start paying as much attention to protecting their children's privacy from web programs they're using for schoolwork as they do with Facebook and other social media.
Education software developers meeting in San Francisco Wednesday, the final day of the Software and Information Industry Association's Education Summit, are a disparate group when it comes to drawing the line between what student data is sacred and what's ripe for harvesting to target ads at kids and their families.
"We do believe that the industry respects the safeguarding of student data," said Mark Schneiderman, the senior director of education policy at SIIA, when introducing the issue to the 200 or so attendees gathered for the morning discussion. He believes it's not usually an intentional breach when that data is abused, but more a result of "unintended consequences in this really evolving marketplace."
That may be a hard defense to sell to parents. It's bad enough when your teenager registers for a game app that gets charged to your credit card or phone bill.
But mom and dad might be surprised—or worse—to learn that when their children create accounts to use free online educational programs, often required by teachers or schools, the information may be sold to another company that uses it to target advertising having nothing to do with education.
The questions can get pretty personal, according to a Fordham University Law School report. Web programs designed to educate children about health and wellness may ask students what they weigh and track what they eat at the school cafeteria. That information, along with name, email, birthdate, social security number and IP addresses or cookies captured by the website, might be sold to, say, a fitness company, which sends ads directly to students and their parents.
Even software developers participating in the summit complained about the situation.
"Once a week, I get something, which is essentially marketing, coming home on paper," said James Bower. The creator of Whyville, who has two school-age children, cautioned his colleagues that their reputations are at stake unless they take action.
But there's little agreement on what to do, or even about how bad the problem is.
"When you look at this issue of student privacy, there simply isn't a consensus," said panel member and founder of RJM Strategies, Bob Moore.
One thing most everyone agreed on is that contracts with developers are so technical that school officials—and parents—often aren't aware that they may be giving companies broad control over students' personal information.
Linnette Attai, president of PlayWell, LLC, recommended that companies take the high road by being transparent and giving schools all the details in plain English, without being asked.
"I encourage my clients to be good partners to schools," said Attai. "There are a lot of things that the industry can do to be better citizens in this space."
State legislatures and Congress don't seem convinced that self-regulation by business is the answer, and they're concerned that federal regulations, such as the Family Educational Rights and Privacy Act and the Children's Online Privacy Protection Act, don't have enough teeth.
Three thousand miles away and just hours before the SIIA session got underway, U.S. Senators Orin Hatch, a Utah republican, and Massachusetts democrat Edward Markey launched a bipartisan effort to clamp down on how these private companies may use the student information they collect.
Later in the day, SIIA's Schneiderman testified before a California Assembly committee hearing about student privacy in the digital age. Both the state assembly and senate are considering bills to strengthen privacy protections, including one introduced by Senate President Darrell Steinberg, a Sacramento democrat.
"These companies are operating with zero restrictions, except for the ones that they themselves deem unilaterally appropriate," said Steinberg in a written statement. "That is unacceptable. Kids are in the classroom to learn and we value the security of their personal information above private profit."
According to the Data Quality Campaign, 33 states have introduced a total of 98 student privacy bills this current session in an effort to prevent for profit companies from mining the data they collect from classrooms; 10 have passed.
Moore described the blast of bills as "a knee jerk reaction," cautioned that they could have a "chilling effect on innovation in the education space," and called for a bigger national conversation on the issue.
It's more likely to be a national argument, given some of the sentiments expressed at the summit. Consultant Steve Rappaport urged the industry to stand up for itself.
"I think we have allowed the opponents of data to frame this debate in terms of the potential harm to students," he said, "and what we need to do is to reframe the debate and focus it on reasons why data are central to the mission of education."