Beyond our “Top 10,” FPF’s student privacy newsletter includes many, many other stories. Below are the K-12 stories we found important over the last few months.

K-12 News

Skip to Stories About Ed Tech and Student Privacy

Skip to Stories About Education Research and Studies

Skip to Federal Updates

Skip to State Updates

Skip to Stories About Children’s Privacy

Skip to Stories About Student Safety and Surveillance

Skip to Stories About International Student Privacy

Skip to Miscellaneous Stories

Ed Tech and Student Privacy

• Facemetrics is attempting to “gamify” reading by using a tablet’s camera and their own AI to track eye and body movement to determine engagement.
• A new study reports that “thousands of apps in Google Play store” may be violating COPPA. However, the study involves not only apps aimed at children, but also general audience apps like Madden NFL Football. General audience apps could still be subject to COPPA if there is “actual knowledge” that the app is being used by children. However, the actual knowledge standard is hard to meet.
• Ed tech vendors asked by Project Unicorn to pledge “that their digital tools and platforms will meet a standard for interoperability, which is defined as the seamless, secure, and controlled exchange of data between applications.” Part of the Project Unicorn vendor pledge involves a commitment by companies to sign the Student Privacy Pledge.
• FPF fellow Lindsey Barrett was part of the SXSWedu panel, “Edtech and Data Privacy: The Case for Transparency.” A recording of this panel can be found here. Prior to the panel, Lindsey wrote an article for EdSurge on the “best practices and common pitfalls of edtech privacy policies.”
• “COPPA Best Practices: Advice for Schools on Staying on the Right Side of the Law,” via EdSurge.
• “Ask these 9 Questions to Determine if your Education Vendor takes Data Privacy Seriously,” via The Tech Advocate.
• ISTE offers “8 reasons to use a digital assistant in your classroom” to teachers. However, several privacy advocates, an EdWeek article, and Amazon are raising questions about this practice.
• New NCES report “examines student access to the digital learning resources outside the classroom.”
• Teacher Matt Miles raises questions about whether research collected by companies on the effectiveness of education technology is valid and factual.
• “Protecting student data privacy involves both vetting educational tools we use in schools and encouraging our students to do the same” via Tech Notes.
• A new report from Character Education suggests that educators should be “aware of some ethical pitfalls” of free education apps.
• “Parents fear app is storing private data in the US on how their children behave as it harvests photos and video footage of thousands of British pupils,” via The Daily Mail.

Education Research and Studies

• EdSurge provides guidance on how to “make education research more meaningful” through more frequent and better communication between the research community and both educators and non-experts.
• Teens Worry About Online Privacy: Q&A With Researcher Claire Fontaine via EdWeek.
• DCQ has released an infographic on the benefits of ed research on student success.  

Federal Updates

• US Department of Education reassigned the agency’s Chief Privacy Officer Kathleen Styles in March to a different role. A permanent new CPO has not yet been appointed.
• The Department of Education released new guidance on photos and videos under FERPA.
• TeachPrivacy has a new one-page infographic on FERPA!

State Updates

• FPF’s Amelia Vance discussed the unintended consequences of state laws with Dan Crowley (Quizlet), Kim Nesmith (Louisiana SEA), and Patrick Mount (Colorado LEA) at SXSWedu. You can hear the recording of the panel here, and it was reported on in EdSurge and EdWeek Marketbrief.
• Virginia passed a law this legislative session aimed at curtailing the unauthorized release of directory information by schools.
• “Connecticut school districts have been working over the last two years to comply with new privacy laws around student data, but many have been struggling to make the July 1, 2018 deadline.” via WNPR.
• Ohio debates law to require teachers to out transgender students to parents.
• NY’s SEA was “seeking stakeholder and public input as it develops regulations implementing NY’s student data privacy law.” It is likely that there will be another opportunity for stakeholders to comment once draft regulations are released publicly.
• FPF submitted written comments to members of the Minnesota House of Representatives in response to the pending student privacy bill, the Student Data Privacy Act (HF 1507).
• “Several advocacy groups are suing Boston Public Schools after Superintendent Chang refuses to disclose how student data is being shared with federal immigration authorities,” via the Boston Globe. The superintendent has now resigned, but issued a statement saying the data did not come from BPS. It may be valuable for schools to revisit FPF’s resource “Law Enforcement Access to Student Records: What is the Law?”

Children’s Privacy

• More and more companies are launching IOT aimed at kids: Amazon just released their Echo Dot for kids, Fitbit has a wearable for kids, and there is even a robot tortoise to teach kids to play nice. Other companies are kid-proofing tech: The MIT Technology Review reports on a “phone that says “no” to little kids fingers.”
  • But IOT for kids comes with concerns; Senator Markey and Congressman Barton “sent a letter to Amazon CEO Jeff Bezos with several questions about the new Echo Dot Kids Edition.”
• A LinkedIn for Kids: New trovvit app “allows students as young as sixth-graders to post digital resumes, giving them a leg on the college-admissions process.”
• Two new studies find that parental control apps are not a “magic bullet” to keep teens safe online, via Gizmodo.
• Senators Markey and Blumenthal and Congressmen Barton and Rush reintroduced companion versions of the Do Not Track Kids Act in the Senate and House, respectively, in May.
• U.S. Senator Markey (D-MA) “presses FTC nominees for pro-child online privacy protections and commitments.”
• The FTC warns that Gator Group and Tinitell may be violating COPPA; while Talent Search has definitely violated COPPA by getting information of those under the age of 13 without verifiable parental consent. The FTC also released a blog last month: “Under COPPA, data deletion isn’t just a good idea. It’s the law.”
• GDPR will probably not allow schools and companies to require parents to sign blanket consent forms that provide image release and intellectual property right waivers, in order for their children to participate in educational activities.  
• When families share computers, everyone can see everyone else’s targeted advertisements.  

Student Safety and Surveillance

• Social Media
  • Gizmodo reports that “Schools are spending millions on high-tech surveillance of kids” and “using AI to check students’ social media for warning signs of violence.”, via Gizmodo.
  • A Connecticut student was arrested and suspended following posting an airsoft gun on Snapchat.
  • Massachusetts Senate passes a bill that “prevents employers and schools from requesting and requiring access to the personal social media accounts of applicants, employees, and students as a condition of acceptance, employment, or participation in school activities.” In Connecticut, the Center for Children’s Advocacy & ACLU of CT push legislators to pass CT HB 5170 to protect students’ privacy by “prohibit[ing] unlawful searches of students’ electronic devices”.
  • “Teacher’s Facebook Post on Student’s Social Media Secrets Goes Viral,” via EdWeek.
• Device Searches
  • “EPIC urges Appeals Court to uphold Fourth Amendment protections for searches of students’ cell phones, stating that “teachers may not search a student’s cell phone unless they have followed an explicit school policy that complies with Fourth Amendment requirements.”
  • THE Journal details how states, districts, and schools offer various guidance on student privacy protections related to a student’s phone.
• Other
  • Nevada student is suspended after cursing at his congressman about stricter gun laws.
  • “‘Jacobe’s Law’ would make New York the latest state to require schools to notify parents when children are bullied.  But critics cite safety and privacy concerns for outed youth,” via The 74 Million.
  • Parents of a New Jersey student are alleging their daughter’s recent suicide could have been prevented if the school had taken her bullying allegations seriously.
  • “A Detroit trade school has become the first educational partner in a city program that allows police to monitor surveillance cameras to reduce crime” via US News and World Report.
  • An in-depth look at what happens to a family when a student is suspected of being a possible school shooter.
  • School districts in New York and Indiana are buying facial recognition enabled security systems to protect against school shootings, which raise privacy concerns.
    • “Unproven facial-recognition companies target schools, promising an end to shootings” via The Washington Post.
    • The NY ACLU is pushing back against facial recognition in schools.

International Privacy

• “Privacy activists have called for more transparency and parental control over web monitoring in British schools after a survey indicated that almost half track their students online,” via The Register.
• Security cameras in at least four British schools were hacked and the live footage was being streamed on a US website.
• A British mother is “prepared to take the Government [Department for Education] to court over its decision to include ‘highly sensitive’ data on the National Pupil Database.”
• The UK Department for Education has published guidance for data protection in schools.
• More clarity brings more confusion: what the European General Data Protection Regulations mean for UK children.
• “Education Scotland order hard reset on school social networking app following major security breach” according to The Courier UK. This was seen as a response to the Courier’s reporting about the app being used by non-authorized users to proposition children with sex and drugs.
• The International Commissioner’s Office provides “practical guidance for UK organisations who are processing children’s personal data under the GDPR.”
• As Australian schools implement an online tracking program of their students, advocates ask if the surveillance is really necessary.
• Australian teachers revolted against the data- tracking software they were forced to use.
• A report from European Union Agency for Fundamental Rights discusses the special privacy protection measures children should be afforded when seeking asylum.
• Karnataka government cancels an MOU with a private company when it was discovered that the primary and secondary school data it had in its possession was being used for marketing purposes.
• The Chief Minister of Delhi recently announced his decision to install CCTV cameras in all public schools, and to provide real time access to the footage to the parents of students, through a mobile application.
• Canadian parents are requesting to opt out of G Suite for Education.
• The Canadian government released a set of lesson plans designed for educators to teach students about privacy rights, digital literacy and online safety.
• Districts in Canada want to address mental health but have limited resources and concerns about student privacy.
• In order to prevent students from leaking high school diploma exams online, Algeria has begun instituting nationwide internet blackouts. – via Gizmodo.

Miscellaneous

• “Cybersecurity is a growing concern as schools collect an increasing amount of data on students” via The Hechinger Report.
• A student transportation company in Canada “accidentally posts students’ private information on social media sites.”
• What to look for when reviewing your SIS’s security settings to ensure you are protecting student data via eSchool News.
• Chicago Public Schools error exposed more than 3,700 students’ and families’ data, the third time a major breach has occurred in the public school system since 2016.
• The newly released Cambridge Handbook of Consumer Privacy includes the article “Education Technology and Student Privacy” by Elana Zeide.
• The Learning Counsel reports on school “data leaks,” and Steve Smith’s work on the Student Data Privacy Consortium.
• Districts, like the one in Raytown Missouri, are using CoSN’s Trust and Transparency principles to develop more sophisticated data governance policies and standards.
• New Data Quality Campaign report provides guidance to states and districts on how use social-emotional learning data, including ways to give “specific people appropriate role-based access to relevant data, while also maintaining critical privacy protections.” Meanwhile, an EdWeek reports that, as schools and ed tech companies become more adept at tracking a student’s emotional, social, and behavioral development, parents become increasingly worried about what the data will be used for.
• The Foundation for Excellence in Education released a communications toolkit on personalized learning. Their communications toolkit on student privacy remains one of my top resource recommendations!
• “One psychologist says it’s time to test school kids” via MIT Technology Review.
• Scientists seek genetic data to personalize learning via dml central.
• “5 things every K-12 employee should do to protect student data,” via eSchoolNews.
• Tucson Unified School District “has filed public records requests with nearly 100 local charter schools seeking student directory information to try to woo kids and parents into attending TUSD.” This same practice has been used by charter schools seeking directory information from public schools in Tennessee, and the Tennessee school board has asked Congress to amend FERPA in response.
• A school district in Illinois has launched a bus tracking app that has caused parental concerns.  The tracking app was suspended after “parents reported they were able to enter student ID numbers and see information — including full name, bus stop locations and times — for students other than their own children.”  
• The Surveillance Society reports that students are “easy targets for data miners” because “laws provide little protection and privacy policies vary wildly.”
• “PA teachers learn of possible data breach from credit monitoring company” via CBS Pittsburgh.
• “’Deliberate cyberattack’ delays online assessments in five states,” via EdScoop.
• “Student hackings highlight weak K-12 cybersecurity” via EdWeek.
• Data Quality Campaign releases a communications toolkit for “talking about education data.”
• Protecting student data privacy is a collective responsibility amongst teachers and school leaders.
• In Idaho, a school was not allowed to release its high achievement scores on the state standardized test because it could possibly identify the few students who scored low – this rule has made it difficult for the school to apply for awards and recognitions.

Want more student privacy news stories every month? Subscribe to our newsletter here.