New student data privacy bill in Congress does little to protect privacy — analysis
Two U.S. legislators just introduced a bill in the House that they say is aimed at limiting the way education technology companies can use data that they collect about students from kindergarten through the 12th grade. It’s called the Student Digital Privacy and Parental Rights Act, and its sponsors say it is meant to address a growing concern among students, parents and educators about the use of the oceans of data being collected about America’s young people. But a new analysis of the legislation, which you can read below, concludes that it doesn’t do much to protect the privacy of student data — and that it doesn’t stop the actual collection and mining of data by companies, which can use it to make money.
Student data privacy has become a big issue in the era of standardized testing, with education companies collecting a seemingly endless amount of information on public school students, some of it incredibly detailed.
Last year, a controversial $100 million student data collection project funded by the Gates Foundation and operated by a specially created nonprofit organization called InBloom shut down after concerns about privacy led states to withdraw. The information was to be stored in a data cloud that would hold incredibly detailed data points on millions of schoolchildren with the stated mission of allowing education officials to use the information to target educational support. Activists led by New York’sLeonie Haimson, co-chair of the Parent Coalition for Student Privacy, raised alarms that InBloom could not provide a 100 percent guarantee that the data could be stored securely.
The House sponsors of the bill are Rep. Jared Polis (D-Colo.), and Rep.Luke Messer (R-Ind.); Sen. Richard Blumenthal (D-Conn.) also is expected to introduce student privacy legislation. In February, the White Houseissued a statement about its efforts to improve data privacy that said it was working with these legislators on advancing student data privacy.
The Polis-Messer bill is called the Student Digital Privacy and Parental Rights Act. But Haimson said in a piece on the Student Privacy Matters Web site that the bill addresses virtually none of the concerns that parents have about what is being done with data about their children. She said:
“The bill doesn’t require any parental notification or consent before schools share personal data with third parties, or address any of the current weaknesses in FERPA. It wouldn’t stop the surveillance of students by Pearson or other companies, or the collection and sharing of huge amounts of highly sensitive student information, as inBloom was designed to do.”“All the bill does is ban online services utilized by schools from targeting ads to kids – or selling their personal information, though companies could still advertise to kids through their services and or sell their products to parents, as long as this did not result from the personal information gathered through their services. Even that narrow prohibition is incomplete, as vendors would still be allowed to target ads to students as long as the ads were selected based on information gathered via student’s single online session or visit – with the information not retained over time.”
Rachael Stickland, Colorado co-chair of the Parent Coalition, said:
“The bill doesn’t bar many uses of personal information that parents are most concerned about, including vendor redisclosures to other third parties, or data-mining to improve their products or create profiles that could severely limit student’s success by stereotyping them and limiting their opportunities.”
Here are other weaknesses of the bill, as identified by Haimson and Stickland:
- Parents would not be able to delete any of the personal information obtained by a vendor from their children, even upon request, unless the data resulted from an “optional” feature of the service chosen by the parent and not the district or school.
- The bill creates a huge loophole that actually could weaken existing privacy law by allowing vendors to collect, use or disclose personal student information in a manner contrary to their own privacy policy or their contract with the school or district, as long as the company obtains consent from the school or district. It is not clear in what form that consent could be given, whether in an email or phone call, New student data privacy bill in Congress does little to protect privacy — analysis - The Washington Post: