Ed Tech Companies Sign Student Data Protection Pledge
Several major education technology players signed a student data protection pledge, revealed Tuesday. The industry groups behind the pledge -- the Software & Information Industry Association (SIIA) and Future of Privacy Forum (FPF) -- said it is a key step in providing clarity and trust in the largely unregulated world of education technology for K-12 students. Privacy advocate Electronic Privacy Information Center told us the commitments in the pledge were a good first step, but EPIC has some concerns about what it sees as ambiguities, and the pledge is no replacement for broad federal student data privacy legislation.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
"It’s an attempt to pledge high-level principles and keep them relatively clean,” said Jules Polonetsky, executive director of FPF, a privacy advocate backed by tech companies, in a conference call with reporters Monday. “This is not an elaborate 50-page self-regulatory program."
The principles span areas from data use to data retention to data access (http://studentprivacypledge.org/). Signers commit to not sell student information; not use student data for targeted advertising; only use data for “authorized educational purposes;” set data retention limits; provide “comprehensive” data security standards; and allow parental access to their children’s information. “The goal of the pledge is to detail these practices in a manner needed to provide clarity to the sector,” said SIIA Senior Director-Education Policy Mark Schneiderman during the call. The pledge applies to data whether it’s collected and controlled by the school, or if it’s collected because a student directly gives information to a third-party service, Polonetsky said. It also applies regardless of the presence of an official contract between the school and provider, he said.
High-profile ed tech companies like Amplify, Edmodo, Knewton, Houghton Mifflin Harcourt and Microsoft are on board. “These principles are essential for protecting student data and privacy,” said Joel Klein, CEO at News Corp.’s Amplify, which makes digital education products. “Amplify has always lived by them. It’s past time for others to do the same.” Absent are Apple and Google. “What about all the other smaller ed tech companies that parents and superintendents aren’t even aware they're really using?” asked EPIC Student Privacy Project Director Khaliah Barnes in an interview. Schneiderman said the initial signers spanned most segments of the ed tech market, and “we expect many more companies to be signing on."
Barnes appreciated the pledge’s prohibition on selling student information or using it for targeted ads. The data security emphasis was another “definite positive,” she said. “But there’s definite room for improvement,” she said. There’s some concern over how much access parents would have to their children’s data, she said. “We've called for algorithmic transparency,” where parents can see not only the actual data collected, but how companies are making decisions with that data, she said. It’s unclear whether that would be part of the pledge.
Barnes is wary about the requirement allowing pledge signees to change privacy policies as long as they notify all involved parties. Once invested in a particular product, students, parents and teachers may be hesitant to opt out because of a change in how a company handles student data, even if they're uncomfortable with the change, she said. “Students and parents don’t really have a say over it,” Barnes said.
What it really boils down to is that the pledge is voluntary, without oversight or an enforcement mechanism, Barnes said. “As with every other public statement or practice that a company makes, they're held accountable by consumer laws,” Schneiderman said. The FTC’s Section 5 authority would apply to companies that violate the pledge after publicly committing to it, all agreed. Schneiderman also said if SIIA learns of any abrogation of the pledge, “we will try to raise that with the companies.” For privacy advocates like Barnes, it’s not enough. The FTC relies heavily on consumer complaints, she said, and is no substitute for the robust oversight that comes with federal law.
The pledge arose from Capitol Hill. Reps. Jared Polis, D-Colo., and Luke Messer, R-Ind., convened education stakeholders for the discussions that led to the commitments, SIIA and FPF said. Other federal and state lawmakers have been pushing bills with provisions similar to the SIIA- and FPF-promoted pledge. California recently passed laws prohibiting third-parties from using K-12 student data for commercial purposes and requiring schools to set security provisions when sharing data with outside companies (WID Oct 2 p3). Sens. Ed Markey, D-Mass., and Orrin Hatch, R-Utah, have been pushing a similar federal bill, the Protecting Student Privacy Act (S-2690) (WID Aug 6 p1). Barnes said the Markey-Hatch bill goes further than the pledge, stressing data minimization and fulfilling third-party student data requests using nonpersonally identifiable information as much as possible. The pledge “doesn’t at all stand in place for any federal baseline legislation,” she said.
FPF and SIIA will take their efforts to lawmakers, including Markey and Hatch, Schneiderman said. “We want to make sure all policymakers are aware of this industry self regulation.”