Privacy a Growing Risk for Students
Along with this explosion in the growth of online learning tools comes the inherent risks of exploitation and concerns over student privacy. This blog will provide some clarity on the issue of balancing student privacy with technology and digital innovation.
The era we live in today is defined by an intertwined set of technological advances including the Internet of Things (IoT), cloud computing, algorithmic and analytic capabilities, and artificial intelligence (AI).
In an attempt to support innovative technology to enhance teaching and learning, many schools are in the process of developing internal processes to protecting student data. This process is sometimes seen as a barrier to the adoption of innovative new tools. Balancing the adoption of new tools with a commitment to student data privacy while being agile and supportive of classroom innovation is a juggling act that schools are handling every day.
What is Student Data Privacy and What’s at Risk?
The insights and inferred information obtained by the processing of student data are used for a variety of purposes, mostly for profit such as targeted advertising and marketing purposes. Moreover, algorithms discreetly process student communications and online behavior while using education apps. The data is then aggregated to generate information about students that they don’t know even exists.
People’s identities are increasingly digital, and as online learners get younger and younger, their personal online lives merge with their educational trajectories. The personal data that make up these identities are mostly disclosed unwittingly, and minors are incredibly susceptible to misuse of their personal data.
Online platforms offer a range of free student services—testing, classroom exercises, e-mail, and so on. These offers seem almost too good to be true. And truth be told, they are. If you read the small print of the privacy policy you’ll learn that companies offering free platforms disclose student records they collect to anonymous third-party affiliates and business parties. These platforms and services may appear to be free, but they ultimately charge a hefty price for student privacy.
Start Getting Value With
Centraleyes for Free
See for yourself how the Centraleyes platform exceeds anything an old GRC
system does and eliminates the need for manual processes and spreadsheets
to give you immediate value and run a full risk assessment in less than 30 days
Internet Safety Labs Study
To illustrate the rampant nature of vulnerable educational applications, Internet Safety Labs, a non-profit organization on a mission to ensure online product safety, released a new study on ed-tech apps that share student data with third parties.
The findings make one thing very clear: the technology used by U.S. schools poses substantial privacy and safety risks to children and their families. On the one hand, teachers are encouraged to use technology, communicate with parents, and be innovative, but on the other hand, there may be insufficient privacy policies in place to protect teachers and students.
This puts our children right in the cross-currents of competing imperatives: technology and privacy.
Key Findings:
- 96% of classroom-related apps share children’s personal information with third parties, making them risky and unsafe.
- 78% of the information sharing is done for advertising and data analytics purposes
- Information sharing is usually done without the knowledge, intent, or consent of the app users
- 28% of apps were not specifically related to education. YouTube, Spotify, and some news sites are examples of these entities.
- Ads displayed on school apps create additional opportunities for advertising networks. The majority of these apps use retargeting ad campaigns to shore up their ad effectiveness, using cookies and search history. This is a double round of personal student data being directed into advertising networks to the advantage of marketing and advertising groups.
- A whopping 68% of apps were observed sending data to Google.
- Apple came in second as the most heavily trafficked platform with 36% of apps sending data to Apple.
“This benchmark is a much-needed measurement of just how safe EdTech technology is for our youth,” said Lisa LeVasseur, executive director of Internet Safety Labs. “We all know how much personal data is already flowing to companies that excel in monetizing it, but this research provides an accurate look at the reality of where student data is going.”
Problems with Existing Student Data Privacy Laws
Today’s learning environments are no longer confined to the classroom walls. A great deal of learning activity occurs in a rapidly growing online environment of new and innovative learning tools. The most obvious step we can take to shift the scales to prioritize student privacy is to pass laws and regulations that cover the broad scope of student privacy risks and implement strong enforcement policies.
The U.S. Department of Education supports student privacy by enforcing laws such as FERPA. Congress passed FERPA several decades because it was keenly aware of the lifelong negative impact that misleading, embarrassing, or inaccurate records could have on students.
But FERPA was created decades ago, which makes one question whether such an old law can fully protect the rights of students in the digital era we live in today.
For example, FERPA only regulates how schools, districts, and education departments disclose student records; it does not directly regulate private companies or other outside vendors and agencies to sign student data privacy agreements. So when the Education Department granted non-FERPA-regulated entities access to student information, students lost fundamental federal student privacy protections.
The 1998 Children’s Online Privacy Protection Act (COPPA) was also developed to address the privacy rights of children. However, COPPA does not combat the broad risks of today’s student privacy issues. COPPA places certain requirements on website operators regarding how the operators must protect the online privacy of children under the age of 13. Additionally, COPPA was not enacted to safeguard student data in the educational system.
COPPA has been decried for lacking teeth and the enforcement body, the FTC, has likewise received criticism for not taking large enough steps to enforce its requirements. While a recent policy statement from the FTC promised that the agency would be vigorously enforcing the rule, there have still been calls for new legislation and legislative updates to broaden COPPA’s coverage, increase enforcement, and introduce additional data privacy education protections for children.
The last time that the FTC updated the COPPA rule was in 2013. Notably, the FTC did implement a rule review in 2019, but that review is still ongoing today.
How to Make Student Privacy a Priority
What Teachers Can Do
- Teachers should follow, model, and teach good digital practices. This includes careful thinking about the digital products they incorporate into any lesson and considering how they will affect the safety, security, and privacy of their students.
- Faculty and school administrations have access to a huge amount of personally identifiable information about their students. They should follow these practices.
- Review the data privacy policies of online technology you use to be sure they meet your security standards.
- Encrypt sensitive information in an email or voice communications
- Encrypt data and perform regular backups
- Do not give access to student records unless there is a “legitimate deducation need to know.”
- Use strong passwords, and log out automatically when not in use.
- Educate students on cyber safety and digital responsibility
- Before collecting student information, educators must also consider the sensitivity of the information. Social Security numbers and medical records are just a few examples of information that can have serious consequences for students if the information lands up in the wrong hands.
- Data collection in schools should help students, not hurt them. Lax privacy safeguards and data security practices place students at risk of having their data used against them.
What Institutions Can Do to Balance Security and Innovation
- Monitor activity on school networks
- Minimize data collected
- Delete information that is no longer necessary
- Access control policies
- Do NOT come up with a security solution first and then go on a search for an area you would like to implement it. Instead, schools should develop a strong security policy that puts privacy first.
How To Educate Students on Privacy
- Keep devices updated
- Teach students not to click on random links
- Have clear instructions on reporting suspicious activities
- Teach responsible social media use
Privacy is an elementary human right. It is our duty and moral obligation to follow and enforce best practices and policies to secure student data.
Start Getting Value With
Centraleyes for Free
See for yourself how the Centraleyes platform exceeds anything an old GRC
system does and eliminates the need for manual processes and spreadsheets
to give you immediate value and run a full risk assessment in less than 30 days