The Top 10: Student Privacy News (Feb – July 2018)

The Future of Privacy Forum tracks student privacy news very closely, and shares relevant news stories with our newsletter subscribers.  Approximately every month, we post “The Top 10,” a blog with our top student privacy stories. This blog is cross-posted at studentprivacycompass.org.

The Top 10

1. School Safety and Student Privacy, Part 1: how do we prevent these tragedies while protecting student privacy?

The horrific shooting at Marjory Stoneman Douglas High School in February has brought up and highlighted numerous student privacy issues. As I discussed in FPF’s statement to the Federal Commission on School Safety, there are many legitimate reasons, including attempting to prevent acts of violence, that schools surveil students, but there are also significant privacy and equity concerns that must be considered. In the wake of the shooting:

• Florida passed the Marjory Stoneman Douglas High School Public Safety Act into law. One of the provisions requires that the newly created Florida Department of Education Office of Safe Schools coordinate with the Department of Law Enforcement to “provide a centralized integrated data repository and data analytics resources to improve access to… data from, at a minimum… social media; Department of Children and Families; Department of Law Enforcement; Department of Juvenile Justice; and Local law enforcement;”
• “Threat of shootings turns school security into a growth industry,” and “Schools Are Using AI to Check Students’ Social Media for Warning Signs of Violence,” though some experts argue “Monitoring kids’ social media accounts won’t prevent the next school shooting;”  and
• Privacy concerns have been raised by students at the school who are now required to carry clear backpacks (and are not the first school to do so).

2. School Safety and Student Privacy, Part 2: does the law need to change?

President Trump’s school security plan called for a review of FERPA. The Commission held a meeting on “Curating a Healthier & Safer Approach: Issues of Mental Health and Counseling for Our Young” on July 11th, and FPF’s Vice President of Policy, John Verdi, was invited to testify.

• At the meeting, Attorney General Jeff Sessions implied that data privacy may hamper school shooting prevention measures, saying “you have juvenile courts — they maintain records quite confidentially in secret. You have school systems that maintain records and information, and they keep it private. Police are taught to maintain privacy in what they do. Psychological treatment is maintained quite privately as well as medical treatments… In a way, you would think wouldn’t it be good if all the people that were involved in this, the school resource officers, the counselors, the principals, the teachers, could discuss a child pretty openly about what kind of difficulties this child may be having, what kinds of risks are there.”
• Secretary Nielsen of the Department of Homeland Security asked if there were models, templates, or MOUs the Federal Government could release to help schools manage their relationship and sharing data with law enforcement.
• FPF’s John Verdi testified that FERPA’s requirement that the health and safety exception only be used in cases where there is a rational basis for believing there is a threat to the health or safety of someone within the school community gives schools wide latitude to share information without completely disregarding students’ privacy interests;
• Sonja Trainor, another panelist speaking on FERPA, noted that schools often cannot share information with law enforcement if they believe a child has been wrongfully identified as a risk to the community. She articulated that schools may need to be given the authority to share information with law enforcement so that they can perform accurate risk assessments of students;
• Jennifer Mathis, Director of Policy & Legal Advocacy for the Bazelon Center, reiterated that HIPAA’s privacy protections are important and “without the assurance of privacy protections, students are both less likely to seek out help when they need it and less likely to engage openly with mental health counselors or other service providers”;
• Doris Fuller, Parent & Mental Health Advocate, said that the problem with HIPAA’s privacy protections are not that they are too broad, but that providers and health care officials often don’t understand when they can share information and with whom.

Other Related News Stories:

• The former director of the Student Press Law Center writes “Misinformation in the wake of Parkland tragedy highlights the need to reexamine FERPA” in EdWeek;
• Marjory Stoneman Douglas High School students’ “manifesto to fix America’s gun laws” includes “Chang[ing] privacy laws to allow mental healthcare providers to communicate with law enforcement;”
• The Dallas News reported on the “School shooting dilemma for parents: They want information about threats that authorities can’t give,” while a NY Times op-ed states that “Privacy rules that keep colleges from notifying parents of a student’s distress may be costing lives;”
• “Local Police Director Wants Laws Protecting Student Records Loosened in Midst of School Shootings” via NBCPhiladelphia;
• On Thursday, the Secret Service (an agency within the Department of Homeland Security) released a guide on how schools could implement a threat assessment model to enhance school safety.

3. Facebook, Cambridge Analytica, and the Anti-Tech Wave

Privacy has been in the headlines non-stop with Facebook and Cambridge Analytica over the past couple months, and numerous news articles asked stakeholders what they thought all of this means for student privacy and schools, especially around Mark Zuckerberg’s testimony to Congress. In the wake of those hearings, schools across the country are assessing their own data policies. Facebook has announced it will not seek any additional parental consent from teenage users in the United States. Common Sense Media filed a request with the FTC to investigate how Facebook’s “data mishandling” in the wake of Cambridge Analytica has impacted teenagers, specifically. 

In the meantime, the tech backlash has continued to impact ed tech: Wired reports that “It’s time for a serious talk about the science of tech addiction” and its impact on well-being and health; “Ninety-five percent of principals said students spend too much time on digital devices when they’re not in school” via EdWeek;  two higher ed professors write that “There Are No Guardrails on Our Privacy Dystopia” in Motherboard; and  “Screen time” also continues to be a big topic of debate on blogs and in the news that has implications for privacy.  

4. New Department of Education guidance says that parents, not minor students, must consent to college admissions pre-test surveys and data sharing.

FPF explained the guidance here.

5. Privacy and Research

• “Starting in 2016, two PSU graduate school professors asked teaching candidates [taking their class] to collect the personal data of [K-12] students [in Portland school districts] by taking it off school computers, including names, race, gender, disability status and whether they were learning English as a second language” for the purpose of a research study determining how to “create better results for students of color” and other minorities. PSU and the teaching candidates did not obtain consent to take the data from either the schools or the students’ parents. The professors were planning to present the research at AERA, but cancelled after press reported the above information. The Dean of the Graduate School of Education at PSU blamed “our limited knowledge about FERPA.” The lead researcher told Oregon Public Broadcasting that “‘After a lengthy meeting, no clear FERPA violations were found, but the research has been perceived to stray into a gray area.’” Another press story noted that the research went through the institution’s IRB. To be clear: unless there is unreported information about this issue (though I can’t imagine what information could change the analysis), this violated FERPA.
• Privacy concerns have been raised after Pearson presented at AERA on “social-psychological messages [they tested] in [college computer science] learning software, with mixed results.” Pearson “emphasized that the experiment was ‘an effort to improve student success in higher education courseware’” and noted that, while Pearson always “‘evaluate[s] the introduction of changes to determine if they require additional ethical or legal review or consultation,… the introduction of feedback messages about how to improve student success, was determined to be a part of normal educational practice.’” Education researchers have also pushed back on the concerns raised, with Justin Reich writing in EdWeek that “[e]very educational software company and publisher will be modifying their products over time to try to improve them; and I’d like to incentivize them to do so in a way that the public benefits from those companies sharing what they learn.”

6. Senators Blumenthal and Daines reintroduced their 2015 student privacy bill aimed at vendors, the SAFE KIDS Act, in March.

Meanwhile, in May, the House Education and Workforce Committee held a their fourth hearing on student privacy in three years. FPF’s Amelia Vance was invited to testify. You can watch the hearing here, read the testimony of the speakers here, or read the write-up in EdScoop.

7. Can students or parents record what happens in school?

Three news stories raised this question:

• The Bangor Daily News reported that the 1st U.S. Circuit Court of Appeals “ruled against a Maine couple who wants to record the school day of their son with autism and a rare neurological disorder that affects his speaking ability.” The court “point[ed] to an administrative hearing officer’s finding that the recorder would provide “simply no demonstrable benefit.”
• A Virginia mother is no longer facing charges after she sent her daughter to school with a recording device to see who was bullying her daughter. The prosecutors said that, although there was enough evidence to support a felony charge, “the office is exercising prosecutorial discretion to not pursue the prosecution of this case.”
• A 13-year-old student was charged with an eavesdropping felony for recording a meeting with their principal.

8. Fordham University’s Center on Law and Information Policy (CLIP) released the study, “Transparency and the Marketplace for Student Data,” which examines the practices of data brokers who buy and sell information about students.

In the study, the authors describe existing privacy laws, map the commercial marketplace, and describe the challenges of understanding how data about students is collected and used. FPF released a blog responding to the concerns raised in the study, and expanding on how various federal and state privacy laws – from FERPA to FCRA to PPRA – may or may not apply to the practices described.

9. NAICU has come out in favor of the “Right to Know Before You Go” Act,

However, they still remain opposed to the College Transparency Act, favored by most other public colleges, advocates, and policy makers.

10. Common Sense Media released a report on the “2018 State of EdTech Privacy.”

Common Sense Media also recently introduced simpler privacy ratings for education apps to make “privacy and security more accessible.”

Just for Fun

There is a fantastic new video from the Utah State Board of Education on the Other FERPA Exceptions (see their original break-out hit here!)