Leonie Haimson, executive director of Class Size Matters and co-founder of the national Parent Coalition for Student Privacy (and a member of the board of the Network for Public Education) writes here about the threat to student privacy in New York.
The New York Board of Regents is currently considering whether to approve a radical weakening of the state student privacy law, which would allow the College Board, the ACT and other companies that contract with schools or districts to administer tests to use the personal student information they collect for marketing purposes — even though the original New York law that was passed in 2014 explicitly barred the sale or commercial use of this data.
Starting in 2014, many states, including New York, approved legislation to strengthen the protection of student privacy, because of a growing realization on the part of parents that their children’s personal data was being shared by schools and districts with a wide variety of private companies and organizations without their knowledge or consent. The U.S. Department of Education had weakened the federal student privacy law known as FERPA (Family Educational Rights and Privacy Act) twice over the past decade, rewriting the regulations during the Bush and Obama administrations to allow for nonconsensual disclosures for different purposes.
At that time, few parents knew that federal law had been altered to allow their children’s information from being passed into private hands. Then controversy erupted over the plans of nine states and districts to share personal student data with a comprehensive databank called inBloom, developed with more than $100 million of funding from the Gates Foundation.
InBloom Inc. was designed to collect a wide variety of personal student data and share it with for-profit vendors to accelerate the development and marketing of the education technology industry to facilitate the adoption of online instruction and assessment. As a result of widespread parental activism and concerns, all nine states and districts that had originally intended to participate in the inBloom data-sharing plan pulled out, and 99 new state student privacy laws were passed across the country between 2014 and 2018.
New York was one of the first to pass a new student privacy law. In March 2014, the state legislature approved Education Laws §2-c and §2-d, which among other things, prohibited the state from sharing student data with inBloom or another comprehensive databank, and also regulated the way schools and vendors must secure student data, including imposing a complete ban on the sale of personal student information or its use for marketing purposes….
Yet to the frustration of many parents and privacy advocates, it would be nearly five years before New York State Education Department drafted any regulations to implement its 2014 student privacy law. In October 2018, the Education Department finally released proposed regulations for public comment. In March 2018, the Parent Coalition for Student Privacy, along with the statewide coalition New York State Allies for Public Education, submitted recommendations on how to strengthen and clarify those regulations, as did more than 240 parents and privacy advocates.
Yet after the initial period of public comment had ended, instead of strengthening the regulations, the state Education Department gutted them, and now proposed allowing student data to be used for commercial purposes as long as there was parental “consent” — a huge loophole that would create the opportunity for districts, schools and vendors to misuse this data in myriad ways.
Do you think it is okay to sell students’ personal data to marketers and vendors?
Diane Ravitch's blog 
To answer your question: it’s absolutely not OK! Whose pockets in the state are getting kickbacks from marketers and vendors?
LikeLike
If New York State has existing privacy laws on the books, wouldn’t any decision from the SED or the Board of Regents be required to comply state law? Who is giving the Board of Regents the authority to override state laws?
LikeLike
I do NOT think it is okay to secretly plant tracking cookies on every privately owned computer, vehicle, flat-screen TV, smartphone, tablets and desktops in the United States and then sell the information gathered to corporations and/or political parties and/or foreign countries like Russia.
I do NOT think it is okay to gather and/or sell any student information or data private or public.
I want this type of data gathering to be a crime punishable with a life sentence (in the most despicable prison in the world without any link to the internet) without parole and/or a death sentence by ten-thousand cuts.
LikeLike
It’s only reasonable to expect that when young people go to school they will use the school resources instead of having the school resources use them. We don’t build public schools to make money off the kids. The students are supposed to ride the school bus, not get thrown under it. The te$ting industry has gotten too powerful and twisted all logic and reason into tangled knots.
LikeLike
The data = oil idea holds for all of the techy “tools” for students. The Privacy and Terms of Service documents that go with sales to schools are filled with clauses that place full responsibility for privacy on schools or other users (students, teachers, their “friends” and family members).
Consider privacy issues with Edmundo called the “Facebook of Education.” Edmundo had a huge data breech a couple of years ago that shoved ads to users and tracked every their move. To their credit, they fixed it in short order but now there is a new set of questions.
Edmodo’s headquarters is in San Mateo, California, but in April 2018, Edmodo was acquired by and became a Private Subsidiary of Net Dragon Websoft Inc, a leading online game developer in China and pioneer in Internet and mobile Internet. Some details of the acquisition are here. https://www.dbs.com.sg/treasures/aics/templatedata/article/recentdevelopment/data/en/DBSV/042018/777_HK_04092018.xml#
Has this acquisition changed Edmodo’s privacy policies? I do not know. I am not sure many users even know that this software has about 45 million registered users in the United States with about 45 million users from Mexico, Colombia, Indonesia, and the Philippines. The purchase press release says:
“Management expects to integrate Promethean’s cloud based interactive learning platform (on which teachers can build and deliver interactive lessons and connect to mobile devices of students and parents), and Edmodo’s teacher-student-parent social communication platform (on which teachers can share resources, distribute assignments and quizzes, and connect with colleagues, students, and parents). This acquisition can widen its product offerings to cover both in-class and out-of-class scenarios, increase user engagement and cross-selling opportunities.”
Cross-selling means tracking users and targeting them for ads. So what does that mean for users?
The latest version of Edmodo’s privacy policy is dated December 20, 2018. It is full of customary legalese with the real bottom line clear, but it is not a five minute read.
“Edmodo endeavors to keep your information private; however, we cannot guarantee security. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information.”… The Services contain links to other sites. We are not responsible for the privacy policies and/or practices on other sites (but you should read all third parties’ privacy policies to ensure you understand them).”
How many privacy policies do you think the district contractors and other users of Edmundo actually read, understand, and act upon? I don’t know the answer, but Edmundo software may be an “easy case” compared to services that, by design and marketing, are said to deliver “personalized learning.”
Consider eSpark, recently mentioned on this blog .eSpark creates a “playlist” of education apps geared to each student’s needs for Common Core content. eSpark was jump-started with a grant from The Bill and Melinda Gates Foundation ($97,121). The current website seems to carry endorsements from The Bill and Melinda Gates Foundation; Google for Ed; Digital Promise; and Teachers College, Columbia University.
The privacy policy for this software, effective December 1, 2017, says: “Teachers and/or school officials provide us with the limited personal information.” The Privacy Notice governs access to and use of all eSpark operated and controlled websites including esparklearning.com and frontier.esparklearning.com and all other online services controlled or provided by eSpark (collectively, the “Services”).
…
“Because eSpark creates a personalized curriculum, it is necessary for us to collect certain personal information about each student.”
Here is an abbreviated list of information collected. *students’ names and *school IDs, eSpark and Frontier (an affiliated program) *usernames and *passwords; *information about each iPad device used in the program( serial number, MAC address, UDID, and other device-specific information).
“Our educational partners (e.g. schools) may provide us with additional information such as *birth dates, *gender, and *ethnicity.”…”We also collect and use other educational data about the students: *their grade levels, *which classes they are enrolled in, *information from our “partners” (unnamed) who may *share external test scores …furnished by third party test services,” *usage data such as quiz scores, *which apps and videos they watch, *ratings students provide for the activities in which they participate.
“While this non-personal information is about your child, it cannot be used to individually identify your child. …All of this data we collect is used for the benefit of the students using eSpark to enhance their experience and provide a truly personalized curriculum.”
“The information provided by a school district is owned by the school district or the student and not eSpark. eSpark has permission to use that information where necessary to provide its services. … We may share personal information with third parties when instructed and authorized to do so on behalf of a school or school district. Third parties may include other schools or students in relevant districts for the purpose of peer review of student work. We may share information with technology companies who provide us with necessary services such as web hosting and analytics services.”
“The individual applications eSpark uses may be governed by their own privacy policies or information collection practices, which may be different from ours.”
And so on and on. There is far more posturing about privacy than transparency and the worst offenders are the funders and pushers of the “personalized” programs.“
LikeLike
That confirms my intuition about Edmodo. Thank you.
LikeLike
“Privacy Push Must Not Prevent Personalized Learning” -Christensen Institute
The same institute wrote about the prototype for Cristo Rey- a Catholic school chain now in about on1/2 the states. “Innovative Staffing to Personalize Learning….”
LikeLike