The Berkman Center’s Student Privacy Initiative is pleased to offer a number of contributions to the student privacy and technology field that assess and report on privacy expectations & attitudes, school practices & policies, and law & policy, as well as synthesize our ongoing conversations and research to evaluate the critical next steps and pressing issues in the K-12 edtech space. We look forward to continuing to add to these resources over time.
Framing the Law & Policy Picture: A Snapshot of K-12 Cloud-Based Ed Tech & Student Privacy in Early 2014
This paper builds upon SPI’s ongoing work to surface key aspects of the law, policy, and implementation debate that is taking place in the rapidly evolving cloud-based ed tech landscape. It aims to provide policy and decision-makers at the school district, local government, state government, and federal government levels with greater information about and clarity around the avenues available to them in evaluating privacy options. The analysis focuses on three key questions: who should make cloud-based ed tech decisions; when is parental consent needed; and how can data transferred, stored, and analyzed through these products be kept secure and, as necessary, de-identified?
The authors offer the following pragmatic recommendations for policy and decision-makers based on the cloud ed tech landscape as of early 2014:
- Employ (temporary) centralization of cloud-based ed tech decision-making at the district level to foster the legal, technical, and other expert oversight necessary in this complex space without stifling capacity for local experimentation;
- Examine the adoption of user-friendly labeling of cloud-based ed tech products to increase transparency and encourage compliance with parental consent and other legal requirements; and
- Adopt FIPPs (Fair Information Practice Principles) and other best practice standards by industry providers to increase data security and protection.
This report offers recommended next steps and prioritizes open issues in the K-12 edtech space, with a special emphasis on two topics: (1) law and policy and (2) norms, values, attitudes, and practices, as well as an overarching eye to opportunities for collaboration. It builds from and reflects upon a conversation co-organized by the Berkman Center for Internet & Society’s Student Privacy Initiative and the Consortium for School Networking, at which policymakers and educational technology thought leaders came together to emphasize the view “on the ground” as seen from the district level and identify specific resources for potential inclusion in a toolkit for diverse stakeholders considering the adoption and impact of cloud technologies in K-12 educational contexts.
A wide range of cloud technologies are now available to K-12 educators, ranging from replacements for school- and district-maintained servers (infrastructure as a service, in which servers traditionally maintained by a school or district are “outsourced” to a cloud vendor), to a variety of software tools that users access from web browsers or mobile applications, which are in turn supported and powered by third-party companies. In such a crowded landscape, it can be challenging to understand the different kinds of available services. This document aims to provide individuals with a non-technological background with a more concrete survey of the kinds of cloud computing technologies (categorized by the affordances each offers) that may be adopted in K-12 educational contexts.
This research brief is a contribution by the Youth and Media team at the Berkman Center to its Student Privacy Initiative, which seeks to explore the opportunities and challenges that may arise as educational institutions adopt cloud computing technologies. In order to understand the implications of cloud services for student privacy more holistically, it might be helpful to examine how technology that is already implemented in academic contexts is used by youth and to explore how students feel about current practices. Towards this goal and informed by our recent research, the brief aims to make visible the youth perspective regarding the use of digital technology in the academic context, with a focus on privacy-relevant youth practices, limitations on access to information, and youth’s relation to educators in a high-tech environment. The brief includes insights and quotes gathered through a series of in-person focus groups as well as data from a questionnaire administered to all focus group participants. In addition, it highlights in a few instances additional research and data.
This report draws from ongoing Student Privacy Initiative research as well as participant inputs from an April 2013 exploratory workshop, “Student Privacy in the Cloud Computing Ecosystem,” to begin to map the current landscape and connect the often-siloed perspectives of educational institutions, students, parents, and administrators as well as cloud service providers and policy makers.
Privacy and Children’s Data: An Overview of the Children’s Online Privacy Protection Act and the Family Educational Rights and Privacy Act
Privacy law in the United States is a complicated patchwork of state and federal caselaw and statutes. Harvard Law School’s Cyberlaw Clinic, based at the Berkman Center for Internet & Society, prepared this briefing document in advance of the Student Privacy Initiative’s April 2013 workshop, “Student Privacy in the Cloud Computing Ecosystem,” to provide a high-level overview of two of the major federal legal regimes that govern privacy of children’s and students’ data in the United States: the Children’s Online Privacy Protection Act (COPPA) and the Family Educational Rights and Privacy Act (FERPA).