In his State of the Union address Tuesday, Obama pushed for a law that would protect student privacy by banning the sale of personal data collected in the classroom to third parties for marketing. He’s also encouraging companies to sign a voluntary pledge not to do so.
Obama urged Congress to “protect our children’s information. That should be a bipartisan effort. If we don’t act, we’ll leave our nation and our economy vulnerable.”
The industry is balking at the law, and some big players — including textbook and testing giant Pearson Plc and search company Google Inc. — have resisted signing the pledge. Obama said last week he would draw attention to companies that refused, and Google recently reversed itself.
The stand-off promises to stoke an emotional debate that could resonate with parents and undermine efforts to overhaul the performance of U.S. schools that call for tracking what students are learning.
“There’s been an explosion of technology in schools, and with that has come a privacy backlash,” said Jules Polonetsky, executive director of the Future of Privacy Forum, a Washington nonprofit group representing businesses and academics and one of the sponsors of the pledge.
Student Files
Obama’s proposed Student Digital Privacy Act, details of which haven’t been released, would make explicit the responsibility of vendors to safeguard data. The pledge, though voluntary, could expose signatories that break it to enforcement actions by the Federal Trade Commission or state attorneys general, Polonetsky said.Schools have long maintained files on students, from home addresses to grades to family income. Increasingly, they have used private contractors to provide software systems.
These companies can track personal information as well as a range of classroom data, such as whether a student is having trouble with a particular type of math problem or has turned in a homework assignment on time. Teachers can tailor lessons to each student.
London-based Pearson sells a web-based information system that has data on 13 million students worldwide. The 9,000- student South Brunswick, N.J. school district has been using Pearson for state-required reporting of demographic data and grades, and parents can use it to track their children’s progress. Any new law “will affect everybody,” said Aaron Bryan, the district’s director of operations and student information systems.
Pearson Resists
Pearson hasn’t signed the pledge to protect privacy because “we prefer to work directly with our customers rather than requiring a one-size-fits-all solution,” spokesman Brandon Pinette said.Google’s apps are used by more than 40 million students and teachers. The Mountain View, California company originally said it wouldn’t sign the pledge because its contracts and policies already protected student privacy. Days before the speech, Google changed its position. In an e-mailed statement, Google said it signed to “reaffirm the commitments we’ve made directly to our customers.”
Companies that did sign include Apple Inc., Houghton Mifflin Harcourt Co., Microsoft Corp. and Amplify, the digital education unit of Rupert Murdoch’s News Corp. McGraw-Hill Education Inc. expects to sign the pledge in the first half of this year, after the company completes a review of its privacy practices, spokesman Brian Belardi said via e-mail.
“We believe everyone who works in education should hold themselves to the highest standards,” said Justin Hamilton, a former U.S. Education Department spokesman in the Obama administration and now an Amplify senior vice president.
Parent Fear
Giving companies access to so much data can open the door to abuse, some parents said.“Schools should be banned from sharing highly sensitive personal student information with any third parties without parent notification and consent,” said Leonie Haimson, a New York City parent activist. Families should be able to opt out of sharing such data, she said.
Independent researchers need to find out whether the data “actually helps or hinders student progress, through a process of stereotyping and profiling,” she said.
Parent opposition scuttled one of the earliest attempts to digitize student information. InBloom, a non-profit backed by the Bill & Melinda Gates Foundation and the Carnegie Corporation, a foundation, as well as Amplify, aimed to allow teachers to tailor lessons to individual students’ needs. It said it would close last April after several states, including New York, withdrew their contracts.
$8 billion
The Gates foundation didn’t respond to requests for comment but said last year that criticism of InBloom was misdirected. InBloom “was a good idea with very serious implementation challenges,” said Amplify’s Hamilton. Companies “need to do a good job of very clearly communicating what the benefits are to teachers, students and parents,” he said.The market for education software and services for kindergarten through high school was about $8 billion in the 2011-12 school year, and has been growing by about 3 percent annually, according to the Software & Information Industry Association, a trade group that helped develop the privacy pledge. The organization represents 800 companies, including about 150 in education.
“The business of exploiting student data commercially is a very big and serious one,” says Lee Tien, senior staff attorney of the Electronic Frontier Foundation in San Francisco. “A lot of these companies are looking at how to monetize the data.”
Parent Permission
A hodgepodge of state and federal laws governs how student data can be used. The Family Educational Rights and Privacy Act requires all schools that receive federal funds to protect the privacy of student records.Generally, schools are required to have a parent’s permission before releasing a student’s data, but there are many exceptions. Another law governs all commercial websites and online services, including apps, that are used by children under 13.
With hundreds of small companies introducing apps or content for online testing, instruction and administration, student data could be compromised if a company goes out of business or changes hands.
After ConnectEdu, a company that tracked student college readiness, filed for Chapter 11 bankruptcy protection last spring, the FTC wrote to the judge warning that the company needed to give families of its 20 million student users the opportunity to delete their identifiable data from the service before any sale.
Data Breach
The purchaser of the company, Graduation Alliance of Salt Lake City, said on its website that it informed users of that right on Sept. 30, three months after the sale took place.In Tennessee, information about 18,000 students and 6,000 parents in Nashville — including their social security numbers, birth dates and addresses — was inadvertently disclosed on the Internet by a contractor, the state’s department of education said in 2009.
“If you want to push big data, you have to deal with privacy at the same time,” said Joel Reidenberg, director of Fordham University’s Center on Law and Information Policy.
School districts lack the expertise to enforce privacy or are unaware of how the laws apply to them, Reidenberg said. Fear that student privacy could be violated, he said, “tugs at people’s emotions.”
©2015 Bloomberg News
