By: Lisa Cline and Andy Liddell
Every time your child opens their Chromebook or takes out their iPad to do schoolwork, their digital footsteps are shared with the universe. Every click, search and browse becomes property of an app maker who can store it, sell it, and use it to create a profile of your kid.
Maybe he lingered on a science problem longer than the rest of the kids. Maybe she had 12 misspellings on a paper. Maybe they browsed for basketball sneakers during class time, or she chatted with her friends. It’s all being tracked.
Repeat every day for thirteen years and millions of data points about your kids and their friends will be collected before they graduate. All this online activity is used to create digital copies of students that are sold on the open market, making student data a veritable gold rush for many EdTech vendors.
Surely, there must be a law to stop it.
There is. It’s called The Family Educational Rights and Privacy Act, or FERPA. FERPA was created nearly 50 years ago to regulate how schools collect and use student data — at the time, student data meant student academic records and school directory information, like name, address and phone number. The law also gives parents the right to obtain their child’s student data at any time.
Over the last decade, EdTech vendors have skirted FERPA to siphon student data, trample privacy, and leave parents in the dark about what information is collected about their kids and how it’s being used. With scant federal oversight, the concept of student data has grown from report cards and a few lines of information in a paper directory circulated only within school communities to a running log of a child’s every click over the course of their childhood, packaged into a profile and slapped with a price tag.
The problem has surpassed the ability and resources of individual schools to handle, as four parents in Austin, Seattle, and Washington, D.C. discovered when they ask their schools for the data collected on their own kids. The schools point at the vendors. The vendors point at the schools. Parents got nothing.
On January 12, 2021, the above four parents launched a nationwide campaign to urge the U.S. Department of Education to step up its oversight role and update its FERPA guidance for the EdTech age. The Project calls on at least one parent from each of the 50 states to submit a pre-written form letter to their district requesting the student data they are entitled to under FERPA. School districts unable to adequately respond will form the basis of the Dept. of Ed. complaint.
With the help of families across the nation, The Student Data Privacy Project hopes to move the Department of Education to put an end to the student data free-for-all.
Visit the website to learn more and to play a part in this historic win for student privacy.
About the Authors
Lisa Cline is a parent and safe technology advocate in Montgomery County, Maryland. She has worked with her school district to close data privacy gaps, augment in-school cell phone restrictions, and reduce wifi radiation in close proximity to children. She is a CCFC Screen Time Action Network member and a writer by trade. She has co-authored a white paper exposing EdTech as non-evidence-based and second-rate compared to paper, pencil and books.
Andy Liddell is parent, attorney and student privacy advocate in Austin, Texas. He is cofounder, CEO and general counsel of Ellodee, an audio entertainment platform for kids and families made with kids’ health and safety in mind. He is a data privacy and data compliance expert particularly with regard to the laws protective of children, including COPPA, CCPA, HIPAA, FERPA, GDPR, the UK Data Protection Act and the UK Age Appropriate Design Code.