Information
Equipo Nizkor
        Bookshop | Donate
Derechos | Equipo Nizkor       

11May15


The bipartisan bill that puts students back in control of their privacy


In an era of NSA snooping, email hacking and rampant identity theft, the specter of poorly protected student data strewn throughout cyberspace and being sold to the highest bidder has caught the attention of privacy advocates and, now, policymakers.

In a rare expression of bipartisanship, two congressmen last week introduced a bill to modernize student privacy protections for students.

Advocates on all sides acknowledge that student privacy fears are well-grounded, but there are also strong voices at the table urging that the student privacy protection rules be not so aggressive that they would unduly limit the valuable use of personal data in the classroom, or the use of aggregate data that could help improve teaching across the board.

The Student Digital Privacy and Parental Rights Act, authored by Reps. Luke Messer, R-Indiana, and Jared Polis, D-Colorado, is already supported by over 20 education groups, parent associations, industry leaders and privacy advocates.

Concerns over student privacy came to a head last year against a backdrop of generalized concerns about privacy, including ongoing revelations of NSA snooping.

Most incidents so far have involved accidental security breaches, such as lost laptops and flash drives, or data accidentally posted online, said Amelia Vance, director of education data and technology for the National Association of State Boards of Education.

But in December, the Electronic Privacy Information Center filed a complaint with the Federal Trade Commission accusing the financial aid website Scholarships.com of selling student information for marketing purposes without permission.

Some of the strongest voices on either side of what could be a sharp divide seem to agree that the bill strikes a good balance. On the one side are those who want free data for more effective teaching and evaluating outcomes. On the other are those primarily concerned with protecting students and families from abuse.

"I'm happy with what they came up with, especially given the variety of parties they had to please," said Vance.

An earlier draft of the bill circulated several weeks ago, Vance said, and it was significantly improved when the bill's authors aggressively circulated the bill to stakeholders on all sides and incorporated their reaction into revisions.

Back in control

The bill includes prohibitions on selling student information, using the data for targeted advertising purposes and disclosing the information to third parties, said Khalia Barnes, director of the Student Privacy Project for the Electronic Privacy Information Center (EPIC).

The bill would also allow students and parents to access their own records to see what kind of data has been collected on them and correct the data, Barnes said, while also selectively deleting certain sensitive information.

"It really puts the students back in control," Barnes said.

Barnes says that EPIC would like to see tougher enforcement mechanisms, however, including a "private right of action," which would allow parents and students to sue for damages against offending companies.

But while EPIC is focused mainly on protecting privacy, Barnes said, there is a broad consensus that the wrong types of regulation could stifle the legitimate use of data and breed fear and uncertainty among school administrators.

"This bill recognizes those concerns," Barnes said, "but it does uphold the president's commitment that educational data will only be used for educational purposes. This has nothing to do with thwarting a student's ability to get the benefits of technology, but it does protect against very real abuses that are happening now."

A stable foundation

There seems to be a surprising degree of agreement on balancing privacy issues. Just as EPIC acknowledges the need for proper data use, the advocates of data usage also recognize the need for more privacy security.

Privacy experts warn that increasingly sophisticated educational games are collecting data on individual students -- not just their academic growth, but their preferences and attitudes.

The bill puts a legal framework around how the "ed tech" industry can use the data collected from students when they use games and apps, said Paige Kowalski, vice president of policy and advocacy for the Data Quality Campaign.

The Data Quality Campaign is a nonprofit group whose main concern, Kowalksi said, is to make sure data can be used properly and effectively at all levels of education, both for instruction in the classroom and in helping schools improve.

"Our agenda is about highlighting the value of data," Kowalski said, "helping people think through the kinds of questions that they need to answer and the kinds of data they need, and then we help them implement policies that support that use."

But part of using data effectively, Kowalksi emphasized, is building the kind of transparency and accountability needed to prevent abuse. She said the Polis-Messer bill builds on a legally binding pledge made by prominent ed tech companies last fall and creates exactly the kind of stable framework she hopes to see, one that protects students while also encouraging innovation to improve outcomes.

The needed framework to secure privacy while using data effectively, Kowalski said, would provide training and resources at the local level to help teachers and administrators navigate an increasingly complex legal and technological maze.

DCQ joined 17 other major educational organizations last week in a statement of principles for such a foundation, which would, she said, allow states to innovate while offering clarity to local schools.

"Given Congress moves very slowly and is very far away from classrooms and parents," Kowalski said, "how do we set up a foundation that enables schools and districts to innovate, collect the data they need, safeguard it, and share it in ways that make sense?"

"Ensuring the data is safeguarded is complex," Kowalski said. "It's communications, technology, best practices, training, compliance issues, awareness raising. It's a lot of work, a constantly moving ecosystem, and folks on the ground don't have the resources to do this work well."

There is a role for the federal government to provide a better framework and better resources, she said, but states should be left free to pass policies that makes sense on the ground within that framework.

[Source: By Eric Schulzke, Deseret News, National Edition, Utah, 11May15]

Bookshop Donate Radio Nizkor

Privacy and counterintelligence
small logoThis document has been published on 19May15 by the Equipo Nizkor and Derechos Human Rights. In accordance with Title 17 U.S.C. Section 107, this material is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes.