Technology is making an undisputed and positive impact in our nation’s classrooms. Nearly all teachers now report that the impact of educational technology in their classrooms is “significant,” with savvy digital educators capitalizing on the rapid adoption of mobile devices and increased broadband access to foster deeper learning, motivate students and engage parents.
As a result, we’ve witnessed the emergence of the teacher-entrepreneur – and a new breed of startups led by educators, who understand the real-world demands of the classroom and are using technology to solve common problems at scale and make an impact. Millions of teachers are, in turn, downloading educator-developed apps and tools. The tools and resources that teachers find useful soon go viral, as passionate educators share the impact of multimedia resources, lesson plans, and classroom management tools with their peers.
Of course, as teacher-friendly tech becomes more accessible and solutions that work take hold, it’s increasingly important for teacher-entrepreneurs to understand best practices in data privacy and consider their impact in the classroom. Good policies and legal compliance are important, but equally essential is an embrace of Privacy by Design. Pioneered by former Ontario Privacy Commissioner Ann Cavoukian, Privacy by Design calls for a win-win effort where key principles are followed to ensure the benefits of data use can be achieved, while also ensuring compliance with leading privacy principles. Often referred to as the ‘gold standard’ for privacy systems engineering, Privacy by Design encourages the embedding of privacy frameworks into a company’s products or services. In an industry as dynamic as edtech, this sort of technology and values-based approach is critical to building trust with teachers, parents, and students as both technologies and the regulatory environment evolve.
So, how can an edtech company take steps towards Privacy by Design?
Give your privacy policies the same love you give your product. Startups typically accept boilerplate policies from their lawyers, often meant to cover a broad range of businesses. These policies are at best filled with undecipherable legalese. Educator entrepreneurs should consider their Terms of Service and Privacy Policy from the ground up. Draw on the expertise of world-class privacy experts—but don’t forget the sort of practical insights that only teachers can bring to the table.
Simplifying complex legal and technology terms isn’t always easy, but it is critical to ensuring that teachers are empowered to make thoughtful decisions about how data use might impact their students. A company shouldn’t just “check the box” to have a minimally sufficient privacy policy—the terms should reflect a company’s mission. They must be simple for concerned parents to read and interpret. Ed tech companies have to go beyond "standard language" to raise the bar in protecting students’ privacy.
Commit to total transparency. When companies are vague or nonresponsive about their practices, it’s easy to assume the worst with hypothetical “what-ifs.” If you don’t intend to retain or use student data, say so. If you may need to retain data for longer periods, consider the increased responsibility, and be prepared to answer the tough “why, and for how long” questions.
Be clear about how long you keep data and explain the educational purpose. Put an end to speculation that you might create permanent records, or use student data for advertising purposes.
But don’t stop there. Offer up easy-to-digest privacy resources for parents, teachers and administrators. Some companies are even posting privacy policies on Github, so that stakeholders can evaluate changes to policies over time. The best teachers are creative about the best ways to communicate information and companies need to apply that same creativity to communicating about privacy issues.
Think about Privacy by Design as an organizational shift more than as an approach to designing technology. The best companies weave privacy into the culture of how they operate. Privacy, like educational outcomes, has to be a mission-critical focus of your team. Run “privacy bootcamps” for your employees. Review new product features with privacy experts on a regular basis. Conduct audits on a scheduled basis to identify when your needs have changed so that policies can be updated and shared. Privacy by Design should be something each team member considers daily.
There aren’t hard and fast rules for privacy, since what is necessary will depend on the product. More than a set of rules or “how-tos,” Privacy by Design is a way of approaching the world of data use. Successful education companies will internalize this mindset with great success — and demonstrate how education technologies that make an impact can scale quickly while still deeply safeguarding their users.