Thursday, July 31, 2014

New Web Site: Student Privacy Matters - Parent Coalition for Student Privacy

Student Privacy Matters:



OUR LETTER TO CONGRESS



Today, our Parent Coalition for Student Privacy launched.  Our letter to Congress urging them to strengthen federal student privacy protections ishere (pdf) and below; our press release is here.
July 23, 2014
Dear member of Congress:
We write on behalf of a broad coalition of parents across the country to urge Congressional review of emerging threats to student privacy rights and to request legislative action to address significant shortcomings in current law. Specifically, we are alarmed about ill-thought-through federal policies that, instead of providing safeguards against non-consensual disclosure and downstream uses of children’s personally identifiable information, actually promote policies in which a child’s highly sensitive personal data is disclosed to third-parties for purposes that go well beyond reasonable educational uses and deny parents the right of notification or consent.
First, we respectfully urge Congress to hold hearings on why the U.S. Department of Education has abdicated its historic role as the guardian of educational privacy rights. In responding to interest groups that included Big Data enthusiasts, influential foundations and their grantees, and educational technology firms, the Departmenthas re-interpreted (and, in effect, unilaterally amended) the Family Educational Rights and Privacy Act of 1974 to nullify many of its most important privacy protections. This radical re-invention of FERPA is at the root of much of the data free-for-all that has resulted in massive amounts of personally identifiable student data being collected and divulged to third parties, including for-profit vendors.
As the controversy over one such third party, inBloom, has revealedthere is a wide gap between the view of most parents that they should be able to control access to their children’s personal information to protect their privacy and safety, and the perspective of various governmental agencies and private corporations that are intent on collecting and using that data without informing parents or providing them with the right to consent.
The inBloom data-mart, funded with $100 million from the Gates Foundation, sought to capture records of millions of children to enable the creation of a market in technological learning tools that would utilize and data-mine this information in name of “personalized learning.” Parents mobilized in opposition because they justly feared that the transmission and storage of their children’s most personal data on data clouds, as well as inBloom’s stated intent to provide it to a large number of for-profit vendors, was both a security and a privacy threat.
We are pleased to say that parental concerns and protests won the day over the poor judgment of state and district education officials, resulting in inBloom being driven out of business. But sadly, many other vendors seek to take inBloom’s place or to sell their wares directly to schools and districts with inadequate protections for security or privacy, and very little respect for parental rights.
Second, we respectfully urge Congress to review privacy and security practices of the multiple state longitudinal data systems created in direct response to various federal programs in recent years. These data systems are designed to collect, store and share an increasing amount of children’s personal information among a variety of state agencies and to track students over time without sufficient oversight and protections for privacy.
Finally, we respectfully urge Congress to review and strengthen both FERPA and Children’s Online Privacy Protection Act (COPPA), to roll back the harmful provisions of the 2009 and 2011 FERPA regulations, and to update both laws in light of new and unforeseen threats to privacy rights. Particularly with the growth of the educational technology industry, there has been a huge push to expand the access to personal student data with little or no federal restrictions to slow down this trend. We are dissatisfied with the recommendations of the recent White House report on privacy that evades most of the important issues and simply asserts that any student data disclosed to third parties should be used only for “educational purposes.” This generic statement is far too vague to be reassuring.
The push for greater access to educational data is motivated by the desire of the educational technology sector to develop new products and grow their market, as well as by advocates who claim that big data will revolutionize education. We believe parents—not school officials—should be in charge of deciding whether or how much of their children’s information may be shared with vendors. The benefits of big-data and data-mining software in the area of education are still highly hypothetical and cannot be used to justify the massive amount of personal data that is being collected and shared with third parties without parental knowledge or consent.
Many parents do not want their children to spend hours more each day in front of a computer and do not believe that the model of mechanized instruction that is being promoted can deliver true personalized learning. We certainly do not want our children’s disability, health and disciplinary records shared widely with third parties.
We believe that any legislation should uphold the following principles:
  • Minimize the collection by governmental agencies of highly sensitive student data and their ability to share this data with third parties;
  • Maximize the opportunities for parental notification and consent;
  • Except in very limited circumstances, restrict non-consensual access to personal student data to education authorities and roll back the 2012 “authorized representative” loophole, by which nearly anyone can be designated as an authorized representative of officials entitled to its access;
  • Mandate strict security provisions for the storage and transmission of personal student data, regular audits, and the training of education personnel about the need to maintain robust privacy and security provisions;
  • Ensure that the law is enforceable, including but not limited to the ability of the federal government to impose fines and families to sue if their children’s privacy is violated.
We urge you to open up a dialogue with parents as soon as possible. Since inBloom’s demise, much has been written about the importance of including parents in the debate over how to protect their children’s privacy yet very little has been done to involve them in the discussion. We thank you for your leadership and stand ready to work with you on this important issue.