|One year into the COVID-19 pandemic, many students are still learning virtually in some capacity. Even as schools begin to reopen, children will likely continue to spend more time online than they did pre-pandemic due to state restrictions, social distancing requirements, and potential long-term changes in remote learning.
- On March 11, the House Subcommittee on Consumer Protection and Commerce held a hearing focused on children’s online safety during COVID. Representatives expressed significant interest in exploring updates to current children’s privacy regulations to better protect teens online, strengthen children’s privacy enforcement, and address manipulative design. To catch up on children’s privacy-related highlights, FPF’s Amelia Vance live-tweeted the hearing.
- The Wall Street Journal reports that even as schools reopen physically, many are holding on to remote learning as a contingency plan to respond to fluctuating COVID-19 cases.
- A RAND research report found that remote learning will exist after the pandemic, as 20% of school districts surveyed plan to offer fully remote options. This data, taken into account with surveys that show a decline in teacher confidence with edtech tools, highlights a need for additional professional development and support. EdSurge attributes this as a potential reason why data privacy is on the minds of state legislatures. For more on remote learning and balancing privacy considerations, see FPF’s webinar on “The Future of Video Mandates.”
- Student perspective: A high school student wrote an article explaining why she hopes to continue online learning throughout high school. She believes online learning has helped her avoid social pressures like comparing grades and has also given her more space to explore her interests.
- The Biden Administration filed an amicus brief in support of the school district in Mahanoy Area School District v. B.L., a case slated to go before the U.S. Supreme Court next month on whether public schools can regulate off-campus student speech. Both the Acting U.S. Solicitor General in the amicus brief and the school district in its petition to the court noted that the pandemic and online learning have made this issue especially relevant and in need of attention.
- As New York City schools begin to reopen, the New York Times reports that there are “nearly 12,000 more white children returning to public school buildings than Black students — even though there are many more Black students than white children in the system overall.” Advocates argue that this stark racial disparityshould drive the city’s public school system to strengthen online learning programs.
- A Nebraska superintendent wrote an op-ed noting that structural racism and inequities were a problem long before the pandemic, but the pandemic has highlighted these inequities. A McKinsey study found students of color could be 6 to 12 months behind in math, while white students will be 4 to 8 months behind.
We’ve continued to see increased technology-enabled monitoring of students during the COVID-19 pandemic, such as wearable technology to track students on college campuses. Students at some colleges are pushing back against some surveillance tools, citing privacy concerns. In particular, online exam proctoring remains a hot topic in education. And because the Biden administration is requiring states to administer standardized tests this year, the proctoring debate may become a bigger issue for schools that remain remote.
- New America’s Open Technology Institute (OTI) released a report exploring the implications of monitoring students and workers during the pandemic. The report builds on an event that took place in October 2020 that featured remarks from FPF’s Anisha Reddy. OTI gives recommendations for schools and workplaces on mitigating privacy concerns about surveillance technologies.
- As schools reopen, we’re also seeing an increase in the adoption of temperature-scanning devices. However, researchers have warned that thermal cameras and “temperature tablet” kiosks are ineffective. The Food and Drug Administration announced it was sending warning letters to some companies for “unapproved, uncleared, and unauthorized thermal imaging systems.” The New York Times reported that while many colleges are using these types of temperature scanners, colleges are unable to say whether the measures are effective at curbing the spread of COVID-19 (for more, read our issue brief from last summer on privacy issues related to thermal scans and temperature checks).
- New America published a report highlighting college student perceptions of institutional data collection and use during the pandemic. The report findingsindicate that students place significant value on transparency, but generally trust their institutions.
- A Harvard student penned an op-ed in USA Today arguing that students “need answers” as to why they are being increasingly asked to provide sensitive data. The student notes that edtech has many positive benefits, but edtech companies, governments, students, and universities must all be involved in the process of ensuring appropriate oversight and privacy safeguards.
- A Northwestern University student filed a complaint alleging that the university failed to inform students about the collection and retention of biometric data through online exam proctoring, potentially violating Illinois’s Biometric Information Privacy Act.
- At Miami University, some faculty opted to restructure their assessments to not require remote proctoring, given privacy and security concerns. However, they acknowledged that in courses such as foreign languages, it can be challenging to adequately assess students without online proctoring. Students in the University Senate passed two bills addressing proctoring: one advocating for faculty training on Proctorio and another advocating for impartial investigations into the use of remote proctoring services at the university.
- Research from a recent EDUCAUSE article shows that nearly 63% of higher education institutions in the United States and Canada use proctoring software. The authors note that “the higher education community should take extra care” when using proctoring tools, as they can affect pedagogy outcomes.
- This Vice article alleges that students are cheating on exams even with the use of proctoring software. Vice spoke to 10 students around the world who believed proctoring services were not effective, based on their experience skirting the surveillance measures.
- In an article for The Chronicle of Higher Education discussing the proliferation of surveillance tools during the pandemic, Chris Gilliard, a professor studying privacy and inequality, noted that “For a long time, we’ve believed the myth that students didn’t care about these issues. Now, it’s impossible to ignore the way they’re pushing back.”
- Security researchers found critical vulnerabilities in Netop Vision Pro, a student monitoring program popular in K-12 schools. Before Netop was notified of the issues, network traffic was unencrypted. Though still concerning, these issues are limited to network traffic in physical classrooms, rather than students connecting to their virtual classroom through their home internet.
As we flagged in our last newsletter, addressing self-harm and suicide risks among youth is top of mind for school districts and policymakers right now, and many school districts are considering monitoring software (for more, read our 2019 issue brief on student monitoring privacy issues).
- Through surveys, a new CDC study found that virtual and hybrid learning settings have the potential to present increased risks “related to child and parental mental and emotional health” in comparison to in-person learning, because children have less access to school-based activities and services. The report acknowledges the limitations of the survey—including the fact that the assessment of emotional well-being was based off of parents self-reporting, which is “subject to social desirability, proxy-response, and recall biases.”
- Grand Forks schools are concerned about not just the learning gaps due to the pandemic, but also the emotional and social growth that happens in a typical school year. One counselor drew comparisons to a 1997 flood that left schools closed, where the anxiety from the flood was felt long after it resolved. Another Grand Forks counselor considers the pandemic an opportunity for “a renewed focus on the importance of fostering relationships” and supporting students.
- While some experts claim that the COVID-19 pandemic is a primary driver in the rise of youth suicide risks, others note that the data doesn’t quite match the headlines.
- According to the Center for Collegiate Mental Health, about one-third of students who sought care from their college counseling center during the second half of 2020 said their visit was related to the mental health effects of the pandemic. The Center published five blog posts describing the impact of COVID-19 on college student mental health from multiple perspectives.
- Common Sense Media published a report finding that even in the midst of steadily rising rates of mental health concerns and depression (since before the pandemic), “digital media has been a lifeline for many of them to access critical health information, stay connected to their peers, find inspiration, and receive comfort in a difficult time.”
- Policymakers are continuing to consider investing in student monitoring software to help mitigate mental health risks. A Florida representative requested $2 million dollars for a pilot program that would give school districts participating in the pilot access to a subscription to Gaggle, a company that offers software to track and monitor students on school computers to identify potential self-harm or suicidal ideations. However, the budget request includes language that the technology could also be used to help reduce criminal acts and identify “indications of drug abuse,” leaving room for school administrators to extend monitoring well beyond student wellbeing efforts.
- The Southern Poverty Law Center published a report on the state of Florida’s use of the Baker Act, which allows law enforcement to involuntarily commit Floridians, including children, to psychiatric facilities. The report includes anecdotes highlighting the harms that come from misuse and overbroad application of the law—in one instance, an 11 year old girl was held in a psychiatric facility without the consent of her parents for jokingly texting a friend “I have so much homework, I’m so stressed, I’m going to kill myself.”
As always, FPF has been tracking state student and child privacy bills. Here are some of the most interesting legislative updates from February and March:
- Utah HB 243 was signed into law on March 16, 2021. The law creates a state data privacy officer and a privacy oversight committee with jurisdiction to review the privacy policies of government organizations, state and local. The law is significant because it could lead to an increased focus on privacy in the state, including a provision that allows the data privacy officer to report on privacy practices of government entities, such as schools.
- Virginia HB 2307/SB 1392 (CDPA) was signed into law by the governor on March 2, 2021, making Virginia the second state to enact a comprehensive privacy law. FPF’s Jules Polonetsky noted its passage is “a significant milestone in the United States,” and our legislative team took a deep dive into the law and its implications, availablehere. The child privacy provisions of the law are similar to those proposed in the Washington Privacy Act, requiring controllers collecting data from a known child to collect verifiable parental consent prior to processing the child’s data and to perform a data protection assessment. Because the new law exempts government entities and data covered by FERPA, it is unlikely that the CDPA will have a large impact in the education context.
- Utah passed a bill that would require new online devices sold in the state to automatically enable filters blocking content that is “harmful to minors.” The bill would take effect January 1, 2022 and require every new mobile device and tablet sold in Utah to have these adult content filters turned on. Internet policy experts argue that this proposal would raise significant First Amendment concerns because the state would be “mandating the filtering of lawful content.”
- Oregon legislators introduced a bill that would ban school districts from using monitoring software “related to a student’s computer usage.” Although well-intentioned, this bill would present conflicts for most schools, as the Children’s Internet Protection Act requires almost all public schools to monitor student’s online activities.
- Massachusetts HD. 3725 would create a student privacy law in the state that prohibits edtech companies from selling student data, using student data for targeted advertising, and disclosing student data without meeting certain criteria. Massachusetts legislators introduced a version of this bill in the last session, but it’s passage was likely halted due to COVID—there is a high likelihood that it will be enacted this session. The bill would mandate certain contractual requirements, create a state-level enforcer of the bill, who is authorized to issue statewide product bans, and fines. Beyond state-level enforcement, the bill includes a private right of action that would allow schools or students to bring an action to enforce a violation of the law.
- Maryland HB 1062 would codify some of the recommendations made by the state’s Student Data Privacy Council, with some deviations. In addition to changing the definition of Operator, Covered Information, Targeted Advertising, and extending the term of the Student Data Privacy Council, the bill would require LEAs to report lists of authorized, unauthorized, and teacher adopted tools to the SEA. The proposed changes to the definition of Operator exclude portions of the Council’s recommendations, and would likely cover general audience companies that would not otherwise be subject to most state student privacy laws.
- A Minnesota representative authored a bill requiring tech companies to inform schools of data breaches, “destroy or return” data once contracts expire, and prevent tech companies from disseminating student data unless authorized. The bill also limits a school’s ability to access student data such as cameras, searches, and locations.
- In New York, a higher education package includes a bill that would prevent university employees from requesting details on a student’s immigration status.
- A Florida legislator proposed an amendment that would require parental consent before student’s grades are shared with law enforcement in response to the Pasco County predictive policing program (as a reminder, FPF wrote this detailed analysis on the student privacy implications of Pasco County’s predictive policing program). Advocates continue to shine the light on this program: the Institute for Justice recently filed a lawsuit against Pasco County on behalf of affected families and the Electronic Frontier Foundation recently published a blog condemning the practice.
- Texas legislators are considering a bill that would require Texas public schools and charter schools to add cybersecurity requirements to their contracts with providers, limit school district retention of distance learning recordings, and prohibit paying ransom in response to a ransomware attack.
- On March 24th, the European Commission shared the EU Strategy on the Rights of the Child. The strategy acts as a complement to the proposed Council Recommendation establishing a European Child Guarantee, to promote equal opportunities for children at risk of poverty or social exclusion. Both initiatives highlight the need for equitable access to digital learning environments and the importance of a “digital environment” that is safe for children to navigate and utilize.
- The Dutch government launched a “Code for Children’s Rights” similar to the U.K.’s Age Appropriate Design Code, setting forth ten principles for design and data protection to guide how developers should protect children online.
- The Irish Data Protection Commissioner raised concerns over a proposed Facebook initiative that would alert health authorities if users expressed thoughts related to suicide or self-harm; the authority directed the platform to consult public health authorities in Europe before implementing the feature.
- In January, the French data protection authority published a summary of the submissions it received in response to its public consultation regarding the digital rights of minors. Inside Privacy published a summary of the report in English, noting that in 2021, the authority will be focusing on exploring “(i) consent and age verification mechanisms; (ii) the conditions under which minors can be granted more autonomy online; and (iii) the exercise of digital rights by minors.”
- India’s Personal Data Protection bill introduces new requirements for parental consent for users under the age of 18; this blog explores how the proposal would “upend internet usage.”
- In last month’s newsletter, we shared that Italy’s Data Protection Authority (DPA) ordered TikTok to prevent users with unverified ages from accessing the app. On February 3, the DPA announced that TikTok would ban all Italian users until date of birth information is re-entered. Users under the age of 13 will have their accounts removed. TikTok will also work with the Irish Data Protection Commission to consider using AI as an additional level of age verification.
- The European Consumer Organisation (BEUC) lodged a complaint with the European Commission against TikTok, arguing that TikTok fails to protect childrenfrom hidden advertising and “potentially harmful” content. They also note that TikTok’s age verification process is ineffective and cite a report that many TikTok users are children under 13. Consumer organizations in 15 countries have also urged their national authorities to look into TikTok’s breaches of EU law.
- As part of a Singapore initiative to have devices in all schools, all devices, including student-supplied devices, must have software installed that will allow teachers to view students’ screens remotely, as well as restrict “objectionable content.” Affected students started an online petition that has over 6,000 signatures.
- In Israel, the Education Ministry and Health Ministry clashed over access to dataof students and teachers who have received the COVID-19 vaccine. The Education Ministry sought the data in order to analyze and determine whether a school where someone contracted the virus could be opened, but the Health Ministry citedmedical privacy concerns. Ultimately, the Justice Ministry settled the dispute by allowing the Education Ministry to obtain the names of students who have been vaccinated, and only when someone at a school is infected will the Education Ministry contact the principal and share relevant information.