Are School Districts and Tech Companies Doing Enough to Protect Student Privacy?

November 04, 2013
Kathleen Costanza
Common Sense Education Blogger

CATEGORIES In the Classroom, Privacy, Policy, Students

You've likely heard about the latest development in the ever-changing world of online privacy: Facebook has changed its privacy restrictions for teens to allow them to post publicly.

Users ages 13 to 17 used to only be able to share posts and pictures with friends or friends of friends; strangers couldn’t see their profiles. But that’s gone by the wayside. Teens can now opt to make their profiles public or allow anyone to “follow” their page.

It’s worth noting that Facebook, which has 20 million users under 18, has made the default privacy setting on new accounts private. If a teen wants to make their posts public, they’ll need to make the switch themselves. They’ll also get an extra reminder before they post publicly.

Facebook says teens “want to be heard” on social media, and sharing with the world gives them voice. Plus, public posts mimic Twitter, which doubled its teen users in 2012 and may be on its way to becoming equally ubiquitous among young adults. (Interesting to note, however, that one of the reasons teens are heading to Twitter is because of the privacy and anonymity it offers.)

“Facebook’s decision to allow teens to participate in public isn’t about suddenly exposing youth; it’s about giving them an option to treat the site as publicly as it often is in practice,” wrote Microsoft researcher and media scholar danah boyd over at Time.

However, opponents of Facebook’s change say it isn’t about teens’ exercise of free speech -- it’s about profit.

“I think what this really is, is primarily an effort to monetize the personal information of teenagers. The public nature of the posts that's now permitted will allow Facebook to actually use those in sponsored stories, which are the most lucrative form of advertising...” said Common Sense Media CEO Jim Steyer in an interview on PBS Newshour.

Facebook’s move is putting kids’ data out there for marketers to have a field day with, but could schools also be exposing their students’ data to corporate interests, often without even knowing it?

It appears so. As school districts increasingly adopt technology to track things like academic progress and attendance in hopes of individualizing students’ learning, they may also putting data into third parties’ hands.

As the New York Times reports, many districts are aren’t putting tight enough restrictions on how the educational software companies use students’ personal details such as contact information, age, and or even where they wait for their school buses. 

Another New York Times story points to recent fiascos with inBloom -- a nonprofit corporation that stores information from many databases in one giant cloud and was granted $100 million in seed money from the Bill and Melinda Gates Foundation. But a school district in Colorado came under fire after parents realized the district had no way to govern how the data was used or how long it was kept once it was uploaded to the various software that’s connected by inBloom. The story also reports parents in Louisiana were upset when they discovered their kids’ social security numbers were floating around on the inBloom cloud without their permission. (Louisiana officials later erased all data and terminated their agreement with inBloom.)

“To everyone’s frustration, there are no accepted national guidelines to follow because, until now, K-12 school districts have largely managed their own data storage,” wrote the Times.

That’s why at Common Sense Media we are advocating for tighter standards on how student data can be used. Steyer recently wrote an open letter to 11 education technology companies asking for safeguards to protect students’ information.

“We believe in the power of education technology, used wisely, to transform learning,” Steyer told the New York Times in a story about our efforts to keep students’ data out of noneducational commercial interests. “But students should not have to surrender their privacy at the schoolhouse door.”

Even after the FTC’s 2012 update of the Children's Online Privacy Protection Act, which requires a parent or guardians’ consent before collecting data from kids under 13, there are still unprecedented holes when it comes to regulation in protecting minors’ data. Until kids can decide for themselves what to share, it’s clear that it will take cooperation between tech companies, government regulation, and schools to ensure kids’ information and data is secure.