On October 7, a coalition of “school service providers,” defined as anyone providing an online educational service or app that collects student data, signed a pledge to safeguard student information privacy and security. The pledge was developed by the Software and Information Industry Association (SIIA) and the Future of Privacy Forum (FPF), with input from involved companies and U.S. Representatives Jared Polis (D-CO) and Luke Messer (R-IN).
As of January 1, 2015, the pledge will hold signatories accountable to:
- not sell student information
- not target advertising based on behavior
- use data for authorized education purposes only, and not retain student personal information beyond the requisite time frame for education purposes
- not make “material changes” to privacy policies without notification and consent
- enforce strict limits on data retention
- support parental access to, and correction of errors in, their children’s information
- provide comprehensive security standards
- be transparent about collection and use of data
Prominent edtech companies signing the pledge include Amplify, Code.org, DreamBox Learning, Edmodo, Follett Corporation, Gaggle, Houghton Mifflin Harcourt, Knewton, Knovation, Lifetouch, Microsoft, myON and Think Through Learning.
They agreed to uphold the pledge’s commitments whether the data falls under “educational record” as defined by federal law, whether collected directly through student use of an app or just warehoused by the service provided, and whether or not the company operates under a formal contract with the school. More companies are expected to join over the next few months.
The pledge largely acts as a response to privacy concerns voiced by families and parents, like the Parent Coalition for Student Privacy. “These commitments clearly and concisely articulate a set of expectations that parents and education officials have for the safeguarding of children’s sensitive data,” explained FPF executive director and co-chairman Jules Polonetsky, who recently wrote about the need for regulation beyond the Family Educational Rights and Privacy Act (FERPA).
Legislators have responded to the concerns as well: California Governor Jerry Brown signed the Student Online Personal Information Protection Act on September 30, banning companies from using K-12 student data for anything other than stated “school purposes.”
Bill Fitzgerald, founder of FunnyMonkey and frequent commenter on edtech privacy policies, sees the pledge as “a good start” that “leaves a lot of room for additional work,” particularly in the “still significant gray areas around what constitutes a ‘protected’ record and what would constitute unprotected metadata.” As he sees it, within the current discussion of privacy, “data collection, like education, is [still] something that happens to a learner--as opposed to something that the learner drives, shapes, and informs.”
As next steps in the conversation, he believes companies--and this pledge--must address the unreadability of many terms of service, the need for an annotated log of policy changes, and the protection of personal information about teachers, as well as build learner review into the design process.
For more information on how and why student data is collected, check out our Guide to Student Data Privacy.