All stakeholders should step up to ensure students’ privacy, gleamed from electronic devices and services, is protected from misuse by educational technology companies, a new report by Electronic Frontier Foundation (EFF) said.
The report by the digital rights group found students’ data, such as personal information and browsing history, are uploaded to the cloud and stored indefinitely, without the students’ or their parents’ consent.
“We are hoping by documenting these concerns, we can drive home the point these are concerns to be taken seriously,” EFF researcher Gennie Gebhart told CNNTech.
Gebhart’s group studied the 152 educational technology (“edtech”) services currently used in US classrooms and found they “were lacking in encryption, data retention and data sharing policies.”
Technology is increasingly present in US classrooms, through devices such as laptops and the use of services like Google’s G Suite for Education.
As school districts have inept privacy policies – if they do at all – they unwittingly help the companies behind the devices and services to collect, retain and share such data, which the study found to be a source of concern to unknowing parents.
They worry the dossier of information on their children will be used for advertising, market research and other purposes. One example: data from fitness trackers used in Physical Education classes can be shared with sports equipment vendors like Adidas to tailor their marketing strategy.
Schools currently depend too much on “privacy by policy” by the edtech companies, which have been shown to not work. Industry self-regulation via the Student Privacy Pledge as well as federal and state laws are failing to keep up with edtech’s rapid growth.
Security educator Jessy Irwin – unaffiliated with the report – who advocates for more privacy in the classroom said:
“In security, if you are trusting someone not to break the rules, you’re not really defending or protecting anything.”
EFF’s made a number of specific recommendations to better protect students’ privacy.
One suggestion called for parents to be given more time to review all electronic materials used in their children’s classrooms. Schools should have opt-out policies and/or alternative technologies in place if parents or students disagree with the data practices of certain vendors.
Meanwhile, edtech companies should collect data only to the extent that it serves educational purposes, with the opt-in consent of the parents. On a lower standard, these vendors should at least offer an opt-out or keep all data collected aggregated and anonymous.
While parents, students and schools can adopt the many measures EFF suggests, the report concluded real headway can only be made by the state and the companies.
“Ultimately, however, meaningful improvements in student data protection will require changes in state and federal law, in school and district priorities, and in edtech company policies and practices.”
Liked this? Then you’ll love these…