Senators Challenge Ed Tech on Student Data Usage

Some of the biggest names in ed tech received letters this week from a team of Democratic senators demanding details on their data collection practices. The request from U.S. Senators Dick Durbin (D-IL), Ed Markey (D-MA) and Richard Blumenthal (D-CT) expressed concern that the amount of data and how it was being managed could "put students, parents and educational institutions at risk" of having their personal information "stolen, collected or sold without their permission or knowledge."

The letter was sent to 55 education technology organizations, including nonprofits, and data broker companies that compile and sell student lists. Among those who received the letter were Google and Facebook, along with major assessment companies (ACT, CollegeBoard and Kaplan among them), learning management system firms (including Blackboard, D2L, Instructure, Moodle and Sakai), curriculum publishers and distributors (Barnes & Noble Education, Cengage, Macmillan, McGraw-Hill, Pearson, VitalSource and Wiley) and more specialized operators (Civitas Learning, Curriculum Associates, Edmodo, Quizlet, Smart Sparrow and Turnitin).

The letter requested a list of responses, among them:

  • A list of the software and other offerings produced since the founding of the respective organization;
  • The count of schools and students (with their age ranges) that have used the products;
  • The type of data collected, how long it's retained, what opt-out or revision options are available and how the data is monetized;
  • What would happen to the data were the company merged, acquired, closed or dissolved;
  • Other sources of student data the company uses and where it comes from;
  • How students are categorized by their data and what those "labels" or "categories" are;
  • How students actively approve of the terms of service or licensing for use of the product;
  • Whether a breach or some other kind of unauthorized access has occurred involving the data; and
  • How the company is complying with privacy regulations contained in FERPA and COPPA.

The letters arrived on the tail of a major hack of Slate, an open source admissions and advancement platform, and a 2018 public service announcement from the Federal Bureau of Investigation warning that malicious use of data collected by ed tech could result in "social engineering, bullying, tracking, identity theft, or other means for targeting children."

The letter to data brokers specifically referenced research by Fordham University on how data brokers were making compilations of "sensitive" student data available for sale based on GPA, ethnicity, religion and affluence, among other highly targeted categories.

"From academic performance data and web histories, to location data and other personally identifiable information such as date of birth or address, it is imperative that we take steps to ensure students' data is being secured and protected. Parents, students, and educational institutions deserve to have more control over their data," the letter stated.

Links to full text of the letters (one for education technology companies and one for data brokers) can be found here.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • person typing on a touch screen schedule plan calendar

    Deadline Extended for ADA Title II Compliance

    Schools working to meet the Americans with Disabilities Act Title II regulations for digital accessibility have received a temporary reprieve: The United States Department of Justice has published an interim final rule to push back the compliance deadline by one year.

  • elementary school student in headphones sitting at desk with laptop computer, writing in notebook

    STEMscopes Math Achieves Level 3 ESSA Certification

    STEMscopes Math, the core math curriculum from Accelerate Learning, has met Level 3 evidence requirements under the Every Student Succeeds Act (ESSA).

  • abstract cybersecurity data protection

    Rubrik Announces Google Workspace Data Protection

    Rubrik has introduced Rubrik Data Protection for Google Workspace, a product the company said is designed to help enterprise customers protect data and restore operations across Google Workspace environments.

  • interconnected nodes with currency symbols

    Report: Half of Gen AI Projects Could Exceed Budget by 2028

    Organizations may be underestimating the cost of generative AI as they move from experimentation to production, according to Gartner's "10 Best Practices for Optimizing Generative and Agentic AI Costs" report.