On February 26, the U.S. Department of Education launched the ‘Privacy Technical Assistance Center’ (PTAC), a website designed to act as a “One-stop resource for education stakeholders to learn about data privacy, confidentiality, and security practices related to student-level longitudinal data systems and other uses of student data.”
This is the first significant action to come from the federal domain that really pushes a message of encouragement and support to the individuals and institutions from whom these laws are designed to protect. The website outlines a number of key privacy laws that are already in place and vaguely details who they apply to as well as how they work in regards to terms of service agreements and educational programs.
“This is the first significant action to come from the federal domain that really pushes a message of encouragement and support to the individuals and institutions from whom these laws are designed to protect.”
'FERPA' the - Family Educational Rights and Privacy Act is the main article or legislative document addressed within the website. Originally passed in 1974, FERPA was designed to restrict how personally identifiable information of students can be released and used without parental consent. It covers anything that falls under the umbrella of educational records including grades, class lists, course schedules, timetables, disciplinary records and student financial records, but has recently come under criticism for being outdated in a world where 'Technology moves faster than congress.
"The PTAC introductory video outlines how it is up to parents and schools to educate themselves on which avenues or sections of FERPA apply to them, and how they can ensure their right to privacy. The video also tackles the widespread acceptance of click through or click wrap user agreements for the terms of service policies within educational apps and services.
This is valuable advice for anyone, as so often it is the case that we are sucked into the habit of ignoring terms of service contracts for the sake of convenience and end up clicking 'Accept' without paying due diligence to how our information and data can be used further down the track.
However, the initiative comes across as more of a ‘slap on the wrist type’ approach than providing a suitable alternative - their video suggesting that each parent concerned about their children’s data should seek legal advice and draft their own terms of service contract as a response. This seems highly unlikely and very hard to envision.
So how realistic is this message? What are the current standards of practice in education concerning the welfare and protection of student information?
“...the initiative comes across as more of a ‘slap on the wrist type’ approach than providing a suitable alternative.”
It’s actually quite hard to say. The American education system is extremely varied from a state to state, district to district and even school to school level. This is perhaps the reason that the video emphasizes the onus of responsibility on parents, instead of taking on the institutions themselves and demanding that they do the regulating instead.
Take Google for example who are ‘gifting’ schools with ultra-efficient Google Chromebooks, where all data generated, including documents, photographs and other intellectual property, is saved to cloud and hence subject to data mining. This initiative is in direct conflict with FERPA’s policy and the recommendations outlined in PTAC, and could very well be headed for the same fate as the failed educational data-dream InBloom, which I referred to in my last blog post about the #IoB (Internet of Babies).
For this reason, it may seem a little as if the U.S. Department of Education is stuck with their heads in the sand. On one hand they are pushing a message of support for the right to privacy, whilst on the other they are encouraging the use of technology and systems that are in direct conflict with their own data protection policies.
In 2013 the global education market was estimated to be worth 4.4 trillion dollars, and predicted to grow up to 23% by 2017. So it’s understandable how such conflicts of interest may arise, with big tech companies doing everything they can to wage their way in on this lucrative space.
Perhaps this is a little gloomy. But at the very least, it shows that institutions such as the U.S. Department of Education are growing more aware of these issues, and more susceptible to acknowledging that they have a responsibility to act and respond to concerns raised by parents and other individuals within the political domain.
However, I still believe that each action to help curb the leakage of student data should be met with a degree of skepticism, and that the PTAC initiative is more indicative of a shifting of responsibility away from institutions and the government to protect students, like a disclaimer, rather than an embrace or acceptance of it.
"At Meeco, we believe that parents and children should have access to a sovereign place where the data is held and protected and cannot be sold to third parties or used for advertising."
It’s still important for parents to educate themselves on how different laws concerning data retention may impact on their children.
But the responsibility of protection remains with them – for now.
At Meeco, we believe that parents and children should have access to a sovereign place where the data is held and protected and cannot be sold to third parties or used for advertising. Personal and education data is becoming increasingly valuable for this generation and as such, they deserve the right to decide on the custodianship of it - as they would any valuable asset.