All materials in this journal subject to copyright by the American Library Association may be used for the noncommercial purpose of scientific or educational advancement granted by Sections 107 and 108 of the Copyright Revision Act of 1976. Address FEATURE usage requests to the ALA Office of Rights and Permissions. 10 Knowledge Quest | Student Privacy in the Age of Big Data All materials in this journal subject to copyright by the American Library Association may be used for the noncommercial purpose of scientific or educational advancement granted by Sections 107 and 108 of the Copyright Revision Act of 1976. Address usage requests to the ALA Office of Rights and Permissions. PR I VAC Y A N D S T U D E N T DATA Rigele Abilock [email protected] Debbie Abilock [email protected] Volume 44, No. 4 | March/April 2016 11 All materials in this journal subject to copyright by the American Library Association may be used for the noncommercial purpose of scientific or educational advancement granted by Sections 107 and 108 of the Copyright Revision Act of 1976. Address usage requests to the ALA Office of Rights and Permissions. School librarians are champions stood, non-transparent, and practices by guiding students, of online learning. They weakly governed.” The study families, and faculty in wise and select databases, use instructional noted “rampant gaps” in vendor- safe technology use while advocat- software, and promote intellectual school contract documentation, ing for privacy rights. As advocates freedom including student access an absence of policies governing for thoughtful online learning, to the Internet. Propelled by the privacy, and a failure to inform we must, at the very least, examine significant benefits of learning, parents about their children’s data confidentiality policies for engagement, and personalized exposure to online services the products we select and dis- instruction, many of their schools (Reidenberg et al. 2013, 5). seminate. More strategically, in and districts have rapidly adopted our role as digital citizenship online services without establishing The situation is changing quickly. educators we must participate in standardized controls or protec- Some large districts now employ our institutional decision-making tions for the massive amounts of teams of in-house legal and policy process. We hold in our hands student data being collected and experts who are charged with pro- a fundamental responsibility to shared. A 2013 study by Fordham tecting student data and specifying students as learners and citizens Law School’s Center on Law and measurable characteristics of “safe” in a democracy guided by our pro- Information Policy found that, online products. Most schools fession’s core values, which state while cloud services were deployed are in the process of developing that “Protecting user privacy and for wide-ranging functions in 95 privacy protocols and priori- confidentiality is necessary for percent of the six demographically ties. A strategic opportunity exists intellectual freedom and funda- and geographically diverse districts for school librarians to become mental to the ethics and practice surveyed, they were “poorly under- leaders in shaping school privacy of librarianship” (ALA 2004). As advocates for thoughtful online learning, we must examine data conf identiality policies for the products we select and disseminate. 12 Knowledge Quest | Student Privacy in the Age of Big Data All materials in this journal subject to copyright by the American Library Association may be used for the noncommercial purpose of scientific or educational advancement granted by Sections 107 and 108 of the Copyright Revision Act of 1976. Address usage requests to the ALA Office of Rights and Permissions. Volume 44, No. 4 | March/April 2016 13 All materials in this journal subject to copyright by the American Library Association may be used for the noncommercial purpose of scientific or educational advancement granted by Sections 107 and 108 of the Copyright Revision Act of 1976. Address usage requests to the ALA Office of Rights and Permissions. Do You Sign (and Read) the school to a contract, while school entire privacy policy closely. For Contract? librarians who negotiate contracts example, the introduction to Khan with vendors, network providers, Academy’s Privacy Notice (2014) To balance student privacy with and other licensors may have that states: “We established ourselves as educational objectives, a district or right. a not-for-profit organization so that school must develop transparent our mission of education and your guidelines and metrics to evaluate However, authorized or not, when trust will not be in conflict with a the policies and contracts of its teachers or librarians click through for-profit motive.” However, a later online vendors. In support of a ToS display they may expose clause reads: “We may allow third- these goals, the U.S. Department the school or district to liability party service providers to place and of Education’s Privacy Technical if student data flows out of the read their own cookies, web beacons, Assistance Center provides school. Melissa Tebbenkamp, and similar technologies to collect resources that include “Warning Raytown (MO) District director information through the Website.” signs and potential illegal practices of instructional technology, to look out for” when using cloud- acknowledges this vulnerability: Unless you negotiate a contract based services, recommendations “We have a problem with sites that specifically prohibits certain for practices and policies to protect targeting our teachers… [who are] practices, your students’ data privacy student data, and a checklist for not being responsible with our data. can be compromised. Diane Savage, evaluating how a vendor’s Terms of For school technology directors an attorney in the Technology Service (ToS) handles data in “a safe around the country, it is a can of Transactions Group of the and secure manner” (PTAC 2015). worms” (Singer 2015b). prominent Silicon Valley law firm Cooley, LLP, observes: The ToS document is a formal contractual agreement between the Do You Read the Privacy “Given the concern about school and the vendor; it governs Policy? the sharing of personal the vendor’s obligations and limits While the ToS document is a information of children its liabilities. Especially significant formal two-way agreement between evidenced by the Children’s are terms concerning data storage, vendor and school, a vendor’s Online Privacy Protection Act, data retention, data handling, privacy policy is a working picture it is surprising that FERPA—the liability for data breach, and of the company’s current and most well-known educational contract termination. Once a school expected practices related to data privacy law—is generally only or district representative clicks “I use, collection, and sharing, as enforceable against educational agree,” typically by click-wrap or well as marketing, advertising, institutions that receive federal click-through signature, the school access, and security controls. As funds, and not directly against has accepted the vendor’s terms, an on-the-ground description of the vendors that actually cause regardless of whether those terms how the vendor operates its site, the the FERPA violation. While a are in alignment with the Family privacy policy should be read in few states, notably California, Educational Rights and Privacy conjunction with the ToS. While a have or are in the process Act (FERPA), Protection of Pupil policy lacks the contractual element of enacting laws directly Rights Amendment (PPRA), and of a click-through signature, it restricting vendor use of student other federal and state laws. remains the primary declaration of information, for the most part the company’s privacy practices, and the only liability vendors face The school board or a selected thus may be enforceable against a for FERPA violations is liability designee such as the superintendent vendor that breaches those stated that they are required to assume or assistant superintendent is practices. by schools that impose such authorized to contract for a district. liability in their contracts with By most states’ laws, teachers in a A direct link to a provider’s privacy these vendors.” (Savage 2015) district do not individually possess policy must be displayed at the the legal right to bind a district or bottom of its homepage. Read the 14 Knowledge Quest | Student Privacy in the Age of Big Data All materials in this journal subject to copyright by the American Library Association may be used for the noncommercial purpose of scientific or educational advancement granted by Sections 107 and 108 of the Copyright Revision Act of 1976. Address usage requests to the ALA Office of Rights and Permissions. To balance student privacy with educational objectives, a district or school must develop transparent guidelines and metrics to evaluate the policies and contracts of its online vendors. Volume 44, No. 4 | March/April 2016 15 All materials in this journal subject to copyright by the American Library Association may be used for the noncommercial purpose of scientific or educational advancement granted by Sections 107 and 108 of the Copyright Revision Act of 1976. Address usage requests to the ALA Office of Rights and Permissions. C U R R E N T S TAT E O F A F FA I R S In April 2015 U.S. House Representatives Luke News reports, parent concerns, and information Messer and Jared Polis introduced the biparti- from professional organizations like the International san Student Digital Privacy and Parental Rights Society for Technology in Education (ISTE) and the Act of 2015, designed to significantly restrict Consortium for School Networking (CoSN) have how online education vendors can exploit raised the bar on online student privacy protection. the personal data of students who use their Common Sense Media reports that there is bipar- products. For some, the bill does not go far tisan national support among adults, even those enough. Parents and privacy advocates identi- without children in school, for “tighter regulations on fied weaknesses in the proposed bill: student data…to ensure their private information is not exploited for commercial purposes and stays out “It allows school services to make unilat- of the hands of the wrong people” (2014). eral changes to their contracts and privacy policies. It permits them to disclose student With U.S. policy in flux—and schools, vendors, and information for purposes like preparing for parents all responsible parties—here’s what you ‘employment opportunities’...The bill is also need to know about the current federal regulations unlikely to prohibit companies like Pearson governing school data privacy. from monitoring the social media posts of students if those activities are performed FERPA, PPRA, and the Accountability of Schools on behalf of state educational agencies.” (and Parents) (Singer 2015a) School accountability is governed through two federal statutes issued by the U.S. Department of Education. It is evident that future prospects for student Both FERPA (Family Educational Rights and Privacy online privacy regulation hinge on many political Act) and PPRA (Protection of Pupil Rights Amendment) debates to come—and encompass innovation, regulate how public schools can collect and use their education, society, corporations, and democracy. 16 Knowledge Quest | Student Privacy in the Age of Big Data All materials in this journal subject to copyright by the American Library Association may be used for the noncommercial purpose of scientific or educational advancement granted by Sections 107 and 108 of the Copyright Revision Act of 1976. Address usage requests to the ALA Office of Rights and Permissions. students’ personal information and records. FERPA Protection Act (COPPA) directly regulates online and PPRA aim to protect all student records, data, vendors. Enforced by the Federal Trade Com- and directory information as “school confidential” mission, COPPA endeavors to align for-profit barring specific parental consent or opt-out. vendors with educational goals. It elevates the consent requirements of any commercial vendor However, the boundaries can be blurry. For that knowingly chooses to collect, use, or disclose example, although the burden of confidentiality the personally identifiable information of children remains with the school, FERPA provides excep- under thirteen. tions for information flow to school officials, who can, in turn, include outsourced contractors. Thus, If the vendor collects and uses the students’ FERPA permits certain re-disclosures of student personal information for the benefit of the school data to outside vendors, contractors, nonprof- alone, the school may consent on behalf of all its, and businesses. The U.S. Department of children. However, if the vendor wishes to collect Education has established the Privacy Technical and/or exploit personal information for purposes Assistance Center (PTAC) <http://ptac.ed.gov> as a beyond the benefit of the school, parental consent resource for education stakeholders and families is required. Since a majority of online educational seeking current information about student-level services do require parental consent, it seems data privacy, security practices, and implementa- clear that children’s identifiable information is tion of FERPA. often being collected and used for commercial purposes. While COPPA is an important step in COPPA and the Accountability of Vendors naming vendors as accountable for their edu- (and Schools and Parents) cational products and services, it has resulted Unlike FERPA and PPRA, which together define in significant responsibility being transferred to schools’ obligations, the Children’s Online Privacy parents. Volume 44, No. 4 | March/April 2016 17 All materials in this journal subject to copyright by the American Library Association may be used for the noncommercial purpose of scientific or educational advancement granted by Sections 107 and 108 of the Copyright Revision Act of 1976. Address usage requests to the ALA Office of Rights and Permissions. Do You Trust—And Verify? Who Should Be Responsible? librarians can choose software and services to support specific learning Close reading of a ToS agreement Drilling down to the functional goals while also meeting the school’s and privacy policy should be level, technology purchases must stated privacy goals. augmented by common-sense serve an educational purpose. evaluation of a vendor’s corporate Elizabeth Calhoun-Brumbaugh, School librarians can develop the or organizational intention. A who manages Educational Tech- necessary strategic alliances and few online education platforms nology Services for California’s nurture the transparency that will have been proactively designed as Santa Clara County Office of build community trust around this safe havens for student privacy. As Education, criticizes districts contentious issue. Become familiar models of ethical practices, they that develop tunnel vision for with the “Protecting Privacy in demonstrate that it is possible for technology as a stopgap solution Connected Learning” toolkit a profit-making corporation to without a clear, justifiable learning (Consortium for School Networking provide online services with “suf- rationale: and Harvard Law School’s Cyberlaw ficient flexibility to accommodate Clinic 2014) and the foundational a wide variance of circumstances, “Privacy policies for technology principles for safeguarding student including types of technologies, products are an anomaly in data that are supported by a types of data, and local needs [in public education. Previously, number of professional associations order to provide schools with] a schools would create device- (“Student Data Principles” n.d.). privacy and security floor…without specific policies—iPad policies, On your library website, include a digital learning ceiling” (Schnei- Facebook policies—and set up information about online privacy derman 2015, 4). Although certain learning management systems, policies and terms of service for monetary benefits are forfeited as a but they haven’t had the time products you purchase or promote. result, district purchasing decisions or resources to explore the In advance of any issues, approach are simplified and the committed underlying behaviors—how your administration with a proposal focus to educational goals earns to evaluate individual pieces for a privacy advisory committee—or subscribers’ trust. of technology for educational cultivate that skill set within your value in direct support of existing technology acquisitions In contrast, companies with the curriculum.” (Calhoun- group. Seek mentors within ads for online shoe stores and Brumbaugh 2015) your district and authorities in insurance companies plastered on educational services cooperatives their webpages should raise red A new industry has arisen to or county offices of education, and flags about corporate intention consolidate decision-making about then weave discussions of these and the likely prioritization of “safe” online products. Companies topics into staff meetings and corporate versus educational goals. like Clever, IKeepSafe, Common professional development workshops, To help you assess a company’s Sense Media, and Google Apps for as well as your digital citizenship data-handling practices, Me and Education offer differing solutions, lessons. My Shadow reviews a number of but each organization has its tools that you can use (Tactical own agenda. It’s unlikely that a Be prepared to articulate the Technology Collective n.d.). single system for managing and learning benefits and quality of For example, a browser add-on securing applications can serve as online product choices to your like Ghostery (see figure 1) or a one-size-fits-all solution for a community. Parental consent Mozilla’s Lightbeam can expose the school’s unique blend of teaching should be an informed consent, embedded but invisible code that styles, curriculum, culture, and not an empty formality. Rather continually collects data and tracks community values. With this than counseling parents to per- users’ behavior as they navigate reality in mind, it’s imperative functorily sign a blanket consent within and across sites. to create formal but accessible provided by the school so their channels so that teachers and children are not “left out” of 18 Knowledge Quest | Student Privacy in the Age of Big Data All materials in this journal subject to copyright by the American Library Association may be used for the noncommercial purpose of scientific or educational advancement granted by Sections 107 and 108 of the Copyright Revision Act of 1976. Address usage requests to the ALA Office of Rights and Permissions. Figure 1. Examples of tools that make data tracking visible to Web users. Ghostery’s add-on identifies 25 Ghostery Tracker shows that ads and trackers from 80 unique vendors trackers on a website, which you have been coded into one educational site’s homepage (purple). can choose to block. Rather than counseling parents to perfunctorily sign a blanket consent provided by the school so their children are not “left out” of classroom activities, present a rationale with specific information about the quality and benefits of your online learning choices in language that everyone can understand and respect. Volume 44, No. 4 | March/April 2016 19