Report: Use of Cloud-Based Services Places Kids in Range of Tracking and Ads

Legislators and district leaders are the last bastion for protecting students from the third parties that want to profit from access to information about them collected through schools. That's the conclusion of a new report on "student commercialism" funded in part by the Consumers Union. According to "On the Block: Student Data and Privacy in the Digital Age," when schools send their students online, they're actually "offering up these children to be tracked for the purpose of serving them ads for products that algorithms predict what they will want to buy."

The report was written by researchers from the National Education Policy Center (NEPC) at the University of Colorado Boulder. Authors Alex Molnar and Faith Boninger pointed to a December 2013 report from the Center on Law and Information Policy at Fordham Law School, which found that 95 percent of districts now rely on cloud-services providers for services, including data mining for student performance, support for classroom activities, student guidance and data hosting. Yet less than a quarter of those agreements specify the permitted purposes for disclosures of student information; and fewer than seven percent of the contracts restrict the sale or marketing of student information by vendors. Many of the agreements let vendors unilaterally change the terms or allow them to retain student data "into perpetuity."

This cloud usage for multiple school and district services "has opened up opportunities for private vendors to access student information and to share it with others," the NEPC report stated. "Further, the computerization of student work offers opportunities for companies that provide education technology and educational applications to obtain and pass on to third parties information about students."

"Important in the mix" of district use of technology, the researchers wrote, "is that student information, even information in the form of 'anonymized' meta-data, is valuable to marketers interested in selling products and services to students and their families." Meta-data is the data about the data being collected, often without linking specific information or individuals.

"Which information may be appropriately collected, who has a right to see it, how long the information may be held, and how errors and inaccuracies are to be corrected have become critical policy issues," the authors wrote.

The report recommended that legislators develop statutory language and district leaders develop contracting policies based around the "comprehensive guidelines" published by the Electronic Privacy Information Center's Student Privacy Bill of Rights, which it considers "stronger" and more complete than best practices offered by the United States Department of Education. These six rights touch on access and data amendments, limiting the collection of data, maintaining an appropriate "context" for that data, security, transparency and accountability.

Policymakers were also encouraged to develop policies that address privacy of student educational records as well as other forms of student data (including anonymized data) that may now be collected and shared. "These policies should explicitly address the potential commercial use of any data collected," the authors wrote.

The authors also endorsed the idea of putting the "burden of protecting student data" not just on the schools but on the vendors that have access to it. "This would align the interests of all parties, public and private, in protecting student privacy," the report said.

The report is available on the center's Web site.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • The First Steps of Establishing Your Cloud Security Strategy

    In this guide, we'll identify some first steps you can take to establish your cloud security strategy. We'll do so by discussing the cloud security impact of individual, concrete actions featured within the CIS Critical Security Controls® (CIS Controls®) and the CIS Benchmarks™.

  • Human Error Remains the Leading Cause of Cloud Data Breaches

    Human error is still one of the biggest threats to cloud security, despite all the technology bells and whistles and alerts and services out there, from multi-factor authentication, to social engineering training, to enterprise-wide integrated cybersecurity platforms, and more.

  • Abstract illustration of a human news reporter interviewing an AI with a microphone

    AI on AI in Education: A Dialogue

    Scholars are doing lots of asking and predicting about the risks and rewards of generative artificial intelligence in school, but has anyone asked the all-knowing chatbots?

  • Pattern of desks with interconnected circles, triangles, and lines

    Classroom Furniture Giveaway Seeks Dream Learning Space Design

    Educators have a chance to design their ideal K-12 learning space in a contest recently announced by classroom furniture manufacturer KI.