IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Opinion: Protecting Kids in the Cloud

A new measure puts Virginia among the dozens of states, along with the federal government, stepping into a complex fight over new technologies, big business, public education, security and privacy rights.

At fewer than 300 words, the proposal seemed simple enough: Protect student privacy and restrict companies' ability to use students' data.

The plan - sponsored in the House by Del. David Yancey and in the Senate by Sen. John Cosgrove, both with bipartisan support - failed in committees last winter. But the proposal is set to be resurrected in the next session - and, likely, in the session after that, and the one after that.

The measure puts Virginia among the dozens of states, along with the federal government, stepping into a complex fight over new technologies, big business, public education, security and privacy rights.

The issue highlights the tension between efforts to integrate innovative technology - cloud-based platforms provided by third-party vendors - and public school officials' obligation to protect students' sensitive information.

Last week, the matter landed before the Joint Commission on Science and Technology, drawing reps from Google, schools and trade and advocacy groups. A digital privacy law expert from Fordham University's Center on Law and Information Policy, testifying through Skype, described the limitations of federal legislation covering a rapidly growing market for free digital tools that make sharing data more efficient, but leave students' data vulnerable for advertising and other purposes.

A recent study conducted by the center found 95 percent of districts use cloud services for "functions including data mining related to student performance, support for classroom activities, student guidance, data hosting, as well as special services such as cafeteria payments and transportation planning." Three-quarters of schools, the report notes, didn't notify parents that they used cloud services.

That lack of communication, combined with loopholes in federal law and ambiguous, outdated or nonexistent state statutes, is triggering a public backlash, in both the marketplace and in legislatures. This spring, inBloom, a massive, online student data repository backed by Microsoft founder Bill Gates, shut down amid criticism that it collected too much sensitive information.

Around the same time, Google stopped collecting data from students using the company's Apps for Education, a cloud-based collection of applications, including email and document sharing. Ben Schrom, a Google product manager, told the commission.

"We have no short-term or long-term monetization goals with this educational product," Schrom said. Instead, the goal is to create "lifetime Google users," people who grow up using Google's products and, after graduating, sign up for the commercial services, which use consumers' data to tailor more effective advertising, he said.

But the company opposes state legislation, arguing that 50 different standards would burden it and other businesses.

After two hours of discussion, senators and delegates on the commission were no closer to an answer. Ambiguous language, undefined terms and the prospect of setting off a cascade of unintended consequences led the chairman, Del. Thomas Rust, to call for another meeting.

He wanted to hear from the secretary of education, the state school board's association, other school districts, maybe even the Attorney General's Office.

Even if the commission members feel confident enough to make a recommendation, the underlying complications suggest it will be years before the legislature approves meaningful restrictions that balance lawmakers' desire to promote the marketplace and their responsibility to protect the public.

And if they do, that law almost certainly will be measured in pages rather than words.

©2014 The Virginian-Pilot (Norfolk, Va.)