Friday, June 30, 2017

Student Data Deletion Day - Wouldn't That Be Great

From Education Week:
Bradley Shear is a lawyer who focuses on digital privacy and social media. 
He's also the father of two elementary-aged children who attend the public schools in Maryland's Montgomery County. 

A little over a year ago, Shear says, the focus of his professional life became an intensely personal concern, as well.

"I got a phone call from my son's teacher, who said he had performed an internet search for inappropriate content on a school-issued Chromebook," Shear said in an interview. "It got me thinking about all the data being collected about kids, and whether it will ever be deleted.
From Shear's blog, Shear on Social Media Law:

Every time our kids may be admonished for talking out of turn or texting in class they may receive a permanent demerit in Class Dojo.  In the near future, classrooms may be filled with cameras and other tracking technologies that also analyze our kids every interaction with their teachers and class mates. This is not some type of crazy prediction; in China, this Orwellian future is already a reality.

Multiple companies in the educational technology space have intentionally misled students, parents, teachers, administrators, and lawmakers about how they are using the personal data they are collecting about our kids in school. For example, Google was caught intentionally scanning student emails for advertising and other troubling purposes despite prior promises it was not.  ConnectEDU tried to sell personal student data for profit when it went bankrupt despite promising not to do so.* Edmodo, another educational technology company, was recently caught surreptitiously tracking students online to monetize their web surfing habits despite promises to the contrary.

As a parent and privacy advocate, I have come to the realization that more needs to be done to raise awareness about these issues and to effectuate change. Therefore, I am calling for all K-12 public schools and their vendors to automatically delete the following data points each and every June 30th after the school year has ended:

 -All student Internet browsing history
-All student school work saved on platforms such as the Google G Suite
-All student created emails (and all other digital communications)
-All behavioral data points/saved class interactions (e.g. Class Dojo data points)
-All student physical location data points  (e.g. obtained via RFID tags)
-All biometric data collected and tied to a student account (e.g. meal  purchase information)
-Etc…
An Easy To Follow School-Data-Deletion-Request-Template


This is just the beginning of the conversation and as our schools collect more data points on our kids more data will need to be automatically deleted at the end of each school year. Each public school system and their vendors must be required to certify in writing that the requested data deletion has occurred.

None of these above data points were kept on the Greatest Generation, Baby Boomers, or Generation X so they are not needed to be collected and saved for future generations. If we really want to make “America Great Again,” kids should be allowed to be kids without the fear that their every move is tied to them for the rest of their lives.

I'm with Shear - why should your child's  "internet search for inappropriate content" at school follow him/her for the rest of their school years?  

*This happened to SPS until they vigorously told them to give the data back.

6 comments:

Anonymous said...

Thanks so much for posting this article. Parents and schools are very naive about Class Dojo and the fact that a private company is tracking their children's behavior and collecting the data. Students are signed up for Class Dojo in Seattle schools by teachers without even asking for parent's permission beforehand.

Helen

Pat Griffith said...

The League of Women Voters of Seattle King County and LWV of Washington are starting a study of Internet privacy in our local government bodies and state protections.Please cosider joining the League and participating in the study. Call or email theLWV to volunteer. You need not be a techie. Pat Griffith

z said...

*This happened to SPS until they vigorously told them to give the data back.

Actually, SPS vigorously protested to no avail until the FTC got involved and told ConnectEDU they had to delete the data. And even then it wasn't actually deleted until the next company had taken ownership of it.

Some interesting bits here: EdWeek ; Millions of STudent Records Sold in Bankruptcy Case

Melissa Westbrook said...

Z, I paraphrased but yes, your accounting is the correct one.

The big takeaway is that this is happening.

jb said...

Mr. Shear's bullet points are far more complex than they might seem. Deleting student data is a very difficult and complex topic. The solution is to not give that data out in the first place.

-All student Internet browsing history

What history, and how would it be deleted? The browser history on the computer? That's easy because the computers themselves are almost always managed by the school or district. Or are we talking about the history that the school district has the ability (and some might say the responsibility) to maintain centrally? That's still pretty easy.

But what about the records that the school's or student's ISP is now able to keep (AND SELL!) ? The recent changes to regulations surrounding ISPs make all that data available for them to gather, analyze and sell.

What about the analytics companies that have embedded tracking code in almost every web site the kids (and everyone else) visits? Stuff that correlates data across visits to different web sites. How will we force, or even encourage, them to delete that history?

-All student school work saved on platforms such as the Google G Suite

You might as well give up on this one. Google archives that data and by design there's no way it's ever going to be fully deleted. Google was even caught lying about not using the Education Versions of these tools to gather student data. The only answer is to not use big data mining company services like these in the first place.

-All student created emails (and all other digital communications)

Email, by definition, exists on both the sender and receiver's servers. What happens when a student sends an email to an adult using gmail? Google has vigorously fought in courts around the world for the right to use data sent by non-gmail users to gmail users. They are not going to give up this right.

-All behavioral data points/saved class interactions (e.g. Class Dojo data points)

Works in theory, except the ConnectEdu fiasco shows that it doesn't work well in real life. Student data is extremely valuable to these companies, sometimes to the point of being the main portion of their valuation. The only way to ensure this type of data isn't retained, used, misused, sold, etc., is for students to not use 3rd party services that send data from the classrooms to the outside companies in the first place.

-All student physical location data points (e.g. obtained via RFID tags)

If managed by the schools and/or school districts, this should be doable.

-All biometric data collected and tied to a student account (e.g. meal purchase information)

Again, if this is managed by an outside company, good luck. Even if the contracts appear iron-clad, you only have to look at ConnectEdu to see the challenges of enforcing them.

wd said...

And by the way, Seattle Schools' new CTO (Krull) is a guy that loves to collect student data. Be worried. Very worried.