Data Privacy

Senators Challenge Ed Tech on Student Data Usage

• By Dian Schaffhauser
• 08/16/19

Some of the biggest names in ed tech received letters this week from a team of Democratic senators demanding details on their data collection practices. The request from U.S. Senators Dick Durbin (D-IL), Ed Markey (D-MA) and Richard Blumenthal (D-CT) expressed concern that the amount of data and how it was being managed could "put students, parents and educational institutions at risk" of having their personal information "stolen, collected or sold without their permission or knowledge."

The letter was sent to 55 education technology organizations, including nonprofits, and data broker companies that compile and sell student lists. Among those who received the letter were Google and Facebook, along with major assessment companies (ACT, CollegeBoard and Kaplan among them), learning management system firms (including Blackboard, D2L, Instructure, Moodle and Sakai), curriculum publishers and distributors (Barnes & Noble Education, Cengage, Macmillan, McGraw-Hill, Pearson, VitalSource and Wiley) and more specialized operators (Civitas Learning, Curriculum Associates, Edmodo, Quizlet, Smart Sparrow and Turnitin).

The letter requested a list of responses, among them:

• A list of the software and other offerings produced since the founding of the respective organization;
• The count of schools and students (with their age ranges) that have used the products;
• The type of data collected, how long it's retained, what opt-out or revision options are available and how the data is monetized;
• What would happen to the data were the company merged, acquired, closed or dissolved;
• Other sources of student data the company uses and where it comes from;
• How students are categorized by their data and what those "labels" or "categories" are;
• How students actively approve of the terms of service or licensing for use of the product;
• Whether a breach or some other kind of unauthorized access has occurred involving the data; and
• How the company is complying with privacy regulations contained in FERPA and COPPA.

The letters arrived on the tail of a major hack of Slate, an open source admissions and advancement platform, and a 2018 public service announcement from the Federal Bureau of Investigation warning that malicious use of data collected by ed tech could result in "social engineering, bullying, tracking, identity theft, or other means for targeting children."

The letter to data brokers specifically referenced research by Fordham University on how data brokers were making compilations of "sensitive" student data available for sale based on GPA, ethnicity, religion and affluence, among other highly targeted categories.

"From academic performance data and web histories, to location data and other personally identifiable information such as date of birth or address, it is imperative that we take steps to ensure students' data is being secured and protected. Parents, students, and educational institutions deserve to have more control over their data," the letter stated.

Links to full text of the letters (one for education technology companies and one for data brokers) can be found here.