Debates about the relationship between privacy and personal liberty have come to a head in the past year, with legitimate arguments being made by folks from across the political spectrum. But when it comes to school children, some things should be non-negotiable. Student privacy should be protected, and companies should not be raiding kids’ records to make a buck.
I like to say education is the mother’s milk of economic development. A strong economy needs good teachers, challenging curricula, and the smart use of new technologies. Fortunately, there is a welcome wave of technological innovation coming into our K–12 classrooms. Yet with the embrace of technology comes new, pressing concerns about privacy. It seems as if every day there’s a new story about hacking, data breaches, or major online security flaws that put students’ personal information at risk.
Student data is vulnerable in large part due to an outdated federal law designed in 1974. The law is in desperate need of an update, especially as more school districts move student data into the cloud. A 2013 study by Fordham’s Center on Law and Information Policy found that many contracts school districts sign with outside vendors have “serious deficiencies in privacy protection.”
An investigation last month by Politico found numerous examples of exploitation of students’ personal data by companies with either suspect or non-existent privacy policies. One company, LearnSprout, for instance, tracks whether a student has lice or is coping with bereavement, and stores such personal information online, Politico reported. Another, Khan Academy, acknowledges that it shares students’ academic progress with app developers and its “external partners.” And a third company, United Health Technologies, stores health data received via heart monitors that the students wear in gym class, linking the data to their behavioral records in the classroom, among other data points, according to Politico.
It’s become clear that protecting student privacy must go beyond insulating them from hackers. The products and services we introduce into classrooms should be required, at a minimum, to safeguard student data, and never use a student’s information for any commercial purposes.