FTC, Department of Education Announce Workshop to Explore Privacy Issues Related to Education Technology
With students being compelled to use mandatory online tools in education and increase of screens/devices in schools (everything from data dashboards and SIS, to Google Classroom/Google docs, online assessments, OERs, apps, and 1:1 devices federal privacy and security laws are outdated. Many of these edtech vendors and mandatory assessments (College Board, NWEA, PARCC, SBAC) are non-profits and COPPA does not apply. As a nonprofit, the vendors are not subject to FOIA, are not subject to FTC regulations. How can an education agency on one hand require use of online assessments or curricula but not have applicable privacy and security laws? This is irresponsible and dangerous--as we have seen by recent hacks into school data. FERPA doesn't adequately cover "data", FERPA allows many exemptions and has no consent or true transparency of data. (HOW can a parent see meta data collected, algorithms used to analyze and profile their child?) Neither FERPA nor COPPA have a private right of action. There needs to be an enforceable penalty mechanism for data misuse and there needs to be independent privacy and security audits of both vendors and education agencies who collect and maintain student data. I would also go as far to say, if education is compulsory, there must be adequate and equitable alternatives to online curricula, assessments. Students and parents who prefer paper/pencil, textbooks rather than a device, should be guaranteed that option. You cannot force a child to submit their data in exchange for a free and public education.