This year the fight to protect student privacy hit a boiling point with our Spying on Students campaign, an effort to help students, parents, teachers, and school administrators learn more about the privacy issues surrounding school-issued devices and cloud services. We're also working to push vendors like Google to put students and their parents back in control of students’ private information.
We launched a nationwide survey of schools’ practices and disclosure policies; provided answers to questions about the legal and technological landscape related to student privacy; and created a wealth of resources, including guides for adjusting privacy settings on mobile devices.
We also filed an FTC complaint against Google, hoping to rein in the company’s overbroad data mining of student personal information and its violation of the Student Privacy Pledge. Our investigation found that school-issued Google Chromebooks upload private student data to the cloud by default, including web history. Chromebooks also track students on school-assigned accounts when they navigate to Google-owned services that aren’t segregated as “educational” (non-"educational" products include Google Maps, Google Books, and YouTube). We’re asking the FTC to stop Google from spying on students, and to order the deletion of student data that has been gathered and stored for no legitimate educational purpose.
Beyond EFF’s activities, others took important steps in creating state-specific legislation around educational data. The Data Quality Campaign, a nonprofit advocacy organization based in Washington, DC, found that in 2015 alone, 46 states introduced 182 bills—resulting in 15 states with 28 new laws—to protect student privacy.
At the federal level, the Elementary and Secondary Education Act is nearing reauthorization, but failed to include significant student privacy protections or amendments to close the loopholes in existing federal law governing student privacy, according to Education Week. And the Student Digital Privacy and Parental Rights Act of 2015 would help protect
the privacy and security of student data in the hands of third parties, but has yet to even be reported by the committee, let alone brought to the House or Senate floor for a vote.
We also saw increased attention to student privacy from educational projects, like LearnSphere, a data infrastructure “designed to enable educators […] to easily collaborate over shared data,” while collecting minimal student information and placing a heavy emphasis on anonymity. Time will tell how well the project safeguards student privacy, but its cautionary approach is a step in the right direction. That concern was echoed in an ACLU report released in the fall, which found that “student information systems make it easy for schools to share sensitive student records, including disciplinary information and immigration status, with third-party corporations." Another study this year found that, of the 31 Pennsylvania school districts surveyed, “just 11 had documented procedures for checking that software and applications didn’t violate student privacy before teachers assigned them to students.”
As more and more school districts around the country adopt digital devices like laptops and tablets—8.9 million devices were sold to K-12 schools and districts this year, half of them Google Chromebooks—protecting children’s personal data remains of paramount importance. Moving into 2016, we hope to see more aggressive legislation to protect student personal information, and to see parents, teachers, administrators, and tech vendors unite to defend student privacy.
This article is part of our Year In Review series; read other articles about the fight for digital rights in 2015. Like what you're reading? EFF is a member-supported nonprofit, powered by donations from individuals around the world. Join us today and defend free speech, privacy, and innovation.