Student privacy is a front and center topic these days. Yesterday, in his January 12th address on American privacy, President Barack Obama highlighted the Student Privacy Pledge, calling for all edtech companies to join in on efforts to protect and use student data responsibly. Already, 75 organizations have signed it, from edtech kingpins like Microsoft and Houghton Mifflin, to startups like ClassDojo and Schoology.
The president also spoke to the need for a nationwide Student Digital Privacy Act, emphasizing the importance of student data privacy for all Americans and sharing that he would propose the legislation by the end of February.
Yet despite big names like Apple (who signed on the eve of POTUS’ speech) adding their John Hancock to the pledge, not everyone is pleased with the directions and efforts that Obama’s speech highlighted. We caught up with a number of organizations and stakeholders--both pledge signers and otherwise--to understand what has them both optimistic and a bit concerned.
Is there a need for federal legislation regarding student data privacy?
Talk to most pledge signers, and you’ll quickly find that the government’s efforts to protect student privacy are seen as an improvement over those of the past. “FERPA was a great start, but it’s time for new, clearer guidelines that address how software is actually used in the classroom today,” says Tyler Bosmeny, CEO of Clever.
While certain states seem proactive (take the landmark student data privacy law passed in 2014 in California as a prime example), it’s difficult for vendors and customers alike to navigate privacy with a mish-mash of different federal and state laws, or as Edmodo CEO Vibhu Mittal calls it, a “patchwork.” He continues: “a clear, well-defined data privacy statute that both protects student privacy and permits technological innovation” to improve education could be helpful, especially “where students and parents are concerned.”
But is new legislation the best way to handle this?
Though not technically legislation or enforceable, let’s take the Student Privacy Pledge as an example of whether companies buy into privacy best practices. Many more edtech companies, beyond the 75 signers, are aware of it--and some are weighing adding their signature. Remind CEO Brett Kopf, who has not yet signed, reports that he’s “been in touch with the SIIA and other experts” to learn more about the pledge.
Others, like Kickboard, aren’t expecting too much from the stipulations of the pledge, and express concerns about just how influential it will be in actually pushing companies towards better--or even different--privacy practices. Kickboard CEO Jen Medbery has refrained from adding her company’s name to the pledge “on principle.” She calls out the pledge as weak and “having no teeth,” adding that “it’s non-binding and thus, it makes the hard work of protecting student data and educating customers about responsibilities almost insouciant.”
ClassDojo CEO Sam Chaudhary, who amended his company's privacy language several times last year to try to be clearer for users, signed the pledge. He's also glad to see the government take a pro-active role in underscoring the importance of protecting student data. "Self-regulation from companies is an important thing; however this issue [of student privacy] is too important to leave there--you can’t rely on everybody to be a good actor.”
Potential issues and risks
Medbery’s and Chaudhary’s concerns are not to be taken lightly. Other edtech stakeholders are deeply worried about privacy and lack faith in the pledge and potential legislation. A January 13th New York Times article caught up with Rachael Stickland, a mother of two and co-chairwoman of the Parent Coalition for Student Privacy, an organization that launched immediately following the highly-publicized inBloom shutdown.
“Even if the law is passed, parents would still not know which vendors have their kids’ data and what they are doing with it,” Strickland told the New York Times. “There’s this veil of secrecy. Parents would really appreciate that opportunity to know what is going on.”
Several companies agree that they do not want parents shut out of the conversation, though they also hope that new laws won’t restrict their product development. “The stakes are higher to get it right,” shares Clever’s Bosmeny. “Too restrictive and we’ll cut off any hope of innovation; too broad and we’ll not actually solve anything.”
An additional issue that Kickboard’s Medbery calls out is state versus federal policy. Take California--if the Student Digital Privacy Act is passed with similar wording, but some slight amendments, will Bay Area companies and schools elect operate under state or federal law?
“Whether it’s one national policy or individual state policies,” Medbery says, “the challenge will be to keep the focus on ensuring security of student data.”
Shared responsibility for ensuring student data privacy
Though the federal government will ultimately decide what laws will go into place, the majority of education organizations, edtech or otherwise, overwhelmingly agree that the responsibility for ensuring the carrying out of privacy best practices doesn’t fall on the head of any one stakeholder. Districts, for example, can play a role in their responsible selection and implementation of student data systems. Companies can supply clearer privacy policies and educate customers--including parents--about security guidelines and regulations.
“All stakeholders--policy makers, educational institutions, administrators, technology companies, parent organizations, and more--need to work together on a privacy framework that both benefits and protects students,” shares Remind’s Kopf.
However, whether laws need to be put into place to make those best practices happen is up to individual discretion. Where do you stand?
Editor's note: This story includes a clarified version of ClassDojo's point of view on privacy.