For schools that have reopened, many are still unsure about how they can permissibly share student health data with other state agencies under current privacy laws.
- As a result of the state’s stringent student privacy law, students and families in Louisiana who received free or reduced lunch were precluded from receiving pandemic EBT benefits until an emergency bill was passed. Data Quality Campaign’s Paige Kowalski wrote on the lessons learned from Louisiana and the importance of building data governance into student privacy legislation.
- A Louisiana school board also sent a request to the state’s Attorney General for clarification about sharing student data with the Department of Health. ICYMI, the U.S. Department of Education published guidance and a blog on FERPA’s requirements for sharing health data, and FPF and AASA published FAQs for School Administrators last March to provide additional plain language and guidance. We also highly recommend this 2019 letter on disclosing student immunization status from USED.
However, reporting and understanding health data isn’t all schools are worried about:
- As schools continue with remote learning, many educators are considering whetheror not they will require students to have their cameras on, citing privacy concerns. Students are weighing in on the conversation because privacy concerns are also making their education environments more stressful than ever, and some students rely on the ability to learn with their cameras off to support their families.
- The 74million covered firsthand experiences from students juggling family responsibilities, including taking on the role of being a primary earner and caregiver for siblings, while also learning remotely. One student “works 40 hours a week at a Macy’s distribution center in Tulsa, Oklahoma” while still attending school full time. “They log on to Zoom with their microphones and cameras off and catch up with assignments during lunch breaks.” For more about student privacy and video mandates, check out FPF and the NEA’s privacy and equity considerations for video mandates.
Concerns about surveillance technology to facilitate the physical return to school remain a top priority for education stakeholders, especially as schools continue to turn to increased data collection through technology like wearables and artificial intelligence. Similar concerns around surveillance technology are top of mind as students learn remotely. Many privacy advocates argue that increased surveillance is not an answer to the pedagogical concerns schools seek to address and could in fact introduce or exacerbate privacy and trust issues.
- On December 3, a group of senators called on proctoring companies to respondto a range of questions on data protection, equity, and accessibility practices. The Electronic Privacy Information Center (EPIC) published the responses received from ProctorU, ExamSoft, and Proctorio.
- On December 9, the EPIC filed a complaint to the D.C. Attorney General, alleging that several proctoring companies violated D.C.’s Consumer Protection Procedures Act for “excessive collection” of student information.
- Consumer Reports conducted a deep dive into the security practices of online proctoring tools.
- Students continue to push against proctoring and plagiarism detection software.
- The University of Illinois Urbana-Champaign will discontinue use of a proctoring software after significant student backlash—over 1,000 students signed a petition against the service, citing student privacy and accessibility concerns.
- Students and faculty joined together to testify before the City University of New York Board of Trustees against the use of plagiarism detection software because of privacy concerns, particularly for marginalized and undocumented students.
- A teacher shared their perspective on how and why they monitor their students, finding that classroom monitoring software is a useful tool “that makes a positive difference in the education of [their] special needs students.”
- And some schools worry about what happens when they don’t monitor students to some extent: a New Jersey school recently entered into a settlement with the family of a former student who was able to communicate with an internet predator over a school-issued device; the family claimed the district failed to institute effective controls to limit the student’s access to inappropriate websites and actors.
Relatedly, the New York Times reports that schools in Las Vegas were pushed to reopenafter an increase in student self-harm, and school districts in the city are investing in student monitoring software to better understand suicide risks and later increased their monitoring program to 24-hours.
- The Washington Post reports that teachers find it difficult to know when students need help and can’t assess their students’ mental wellbeing. A New Hampshire school district is piloting a monitoring system that incorporates “artificial intelligence to monitor student web activity on school computers and alerts administrators if a student visits a website or uses a search term that indicates they may be at risk for self-harm or suicide.” ICYMI, FPF outlined the privacy costs of schools employing network and social media monitoring in 2019.
- Privacy advocates caution against overreliance on monitoring technology to address these harms. Even before the pandemic, the Guardian reported that with such technology, “privacy experts – and students – said they are concerned that surveillance at school might actually be undermining students’ wellbeing.” ICYMI, FPF hosted a 2019 SXSW EDU panel discussing how school safety plans can still incorporate student privacy.
- Concerns about student wellness are also on the President’s radar, and may result in guidance on the issue. On his second day in office, President Joe Biden signedan Executive Order aimed at supporting schools through the pandemic. The EO directs the Secretary of Education to develop evidence-based guidance for reopening schools; provide advice to schools as they continue hybrid and remote learning with a focus on promoting “mental health, social-emotional well-being, and communication with parents and families”; and provide technical assistanceto schools during the pandemic.
- In Canada, some institutions are providing students with online counseling services—however, advocates question whether there is sufficient evidence-basis, privacy protections, or benefit coming from these programs.
- Researchers at the University of South Australia are studying the use of augmented reality (AR) to deliver cognitive behavioral therapy to teens. According to the lead researcher, interactive technologies like AR appeal more to teens and may make them more comfortable than seeking professional help. A recent FPF blog post outlines some privacy concerns related to AR.
International privacy regulators and organizations are taking strong stances and weighing in on children’s privacy.
- On December 18, Ireland’s Data Protection Commission published its draft “Fundamentals for a Child-Oriented Approach to Data Processing” which sets forth data protection recommendations and principles with regard to children. open for public consultation until March 31, 2020, and learn more about the fundamentals here.
- On January 27, Italy’s Data Protection Authority accelerated it’s inquiry into children on social media, after its January 22 order requiring TikTok to prevent users with unverified ages from accessing the app and prohibiting users under the age of 13 from registering. This comes after a 10-year-old user fatally participated in a popular challenge she saw on the app—the Authority points to “poor attention to the protection of minors” and “default settings falling short of privacy requirements” as reasons for the order, which will be enforced until February 15, 2021. The DPA is now investigating Facebook and Instagram as well, after finding that the same child user had accounts on both platforms.
- UNICEF’s Office of Global Insight and Policy published a summary of the comments received regarding its public consultation on child-centered AI policies and systems, noting that respondents supported “short courses for parents, children and teachers over the mechanism of data and the meaning of consent, privacy, etc.” Learn about FPF’s submission here.
- The Global Privacy Assembly’s Digital Education Working Group, composed of members from 74 Data Protection Authorities, adopted a joint contribution to the UN Committee on the Rights of the Child on its draft General Comment (GC) No. 25 (202x) on the rights of the child in relation to the digital environment. The contribution highlights the need to protect children from profiling, automated decision making, and commercial exploitation of their data, and to educate children on privacy and data protection.
Security issues have plagued schools at all levels during the pandemic. Just before Baltimore County Schools experienced a ransomware attack that shut down the school system in December, the state of Maryland conducted security audits that found school districts throughout the state are facing security challenges.
- On December 10, the FBI, CISA, and MS-ISAC published a joint report on theincrease in cyberattacks at K-12 schools that includes best practices and mitigation strategies.
- On December 2, the House Homeland Security & Governmental Affairs Committee held a hearing on cybersecurity in reaction to spikes in cyber threats across sectors. The Committee heard testimony from the Superintendent from Hartford Public Schools, which experienced a cyberattack that postponed virtual schooling last fall, inciting congressional interest in addressing the issue for the education sector.
- Cyberattacks aren’t only happening in U.S. schools—in early January, a 4th grade virtual classroom in Canada was hacked multiple times, with the attackers sharing pornographic content during classroom time.