By Elana Zeide
Strong emotions and high stakes have created an incredibly polarized debate surrounding data use in education. Reformers promote new data-driven tools and research as a way to revolutionize the education system by creating more personalized learning. Parents worry that these innovations will jeopardize their children’s safety, expose sensitive information, or forestall future opportunities by becoming a modern day version of the proverbial permanent record.
In response, policymakers have proposed a flurry of reforms. Obama pledged to protect children’s data in his 2015 State of the Union address. State and federal legislators have introduced hundreds of bills concerning student information. The U.S. Department of Education, education organizations, and privacy experts are continuously releasing new best practice guidelines and privacy toolkits. Several industry leaders have committed to use information securely and for educational purposes in the Student Privacy Pledge created by the Future of Privacy Forum and Software and Information Industry Association. These reforms all reflect very different perspectives on how schools should collect, share, secure, and use student information - and, as I explore in forthcoming work, on the purpose of education itself.
Unpacking Student Privacy
Everyone agrees student privacy needs to be protected, but there is little consensus about what student privacy actually means, let alone how to protect it. The conversation has focused on the how even before we have clarity about the why.
Part of this is due to a lack of transparency about what is in students’ records, how it will be used, and the corresponding risks and benefits. A confusing array of constantly evolving technologies make it difficult for experts, let alone parents and educators, to have an accurate sense of the data at issue and protections in place.
Often the public dialogue disintegrates simply because people have different - and often unstated - assumptions about what “student privacy” means. Without making these ideas explicit, stakeholders will continue to talk past each other with the sense that the other side doesn’t understand what’s at stake. Proponents of data-driven educational tools, for example, often express frustration that parents don’t appreciate the potential benefits of new technologies. Parents, however, understandably focus on the how student data use will affect their own children, rather than broader social and pedagogical considerations. Without greater clarity, reforms will address privacy concerns only haphazardly.
Distinction Between Education Policy and Student Privacy
Much of the conversation about “student privacy” is not about privacy at all. “Student privacy” has become a rallying cry related to any issue involving data use in education. Some of these concerns are less about information practices than education policy and pedagogy, including the implementation of the Common Core State Standards, the prevalence of standardized testing, and the “privatization” of the public school system. Because these education policies rely on and generate data about students, it is easy to conflate them with the information practices in place to facilitate data-driven decision-making.
This distinction is important, because a change in policies like standardized testing will not eliminate the need to put more privacy protection in place. Even if the government ended these policies and programs immediately, a wealth of existing information about students would have to be dealt with, much of which is held or processed not by the government but by private and non-profit educational institutions or companies.
Child Safety and Data Security
Many parents worry about keeping student information safe from hackers or would-be predators. However, these concerns are less about privacy than data security. They reflect broader public unease about the prevalence of data breaches and unauthorized access to personal information. Data security is both more simple and difficult to solve than issues involving differing philosophies of education or appropriate uses for student information. Security often depends on the technological protections that schools and service providers can put into place. Schools and service providers can secure student information by implementing better technology, administrative protocols, and employee training.
However, having these measures in place will never guarantee perfect protection. There is always the risk that hackers will find a way through technological protection, or that an unavoidable human accident or technical glitch will inadvertently make student information available to unintended parties. These fears have fueled an emotional response to new education technologies that may have more to do with an overall concern regarding the security of sensitive information that runs across sectors, rather the specific practices involving education data.
Sharing with Outside Parties
Parents also fear that schools will share information with people or companies outside the education system, who will then mismanage, or worse, misuse student data in ways that will compromise their child’s safety, well-being, and future prospects. They worry that private companies could prioritize profit motives at students’ expense by, for example, taking shortcuts on security or sharing or selling information to data brokers. This has prompted many new laws to focus on who can access student information and mandate that companies only use student data for educational purposes. For example, a great deal of state legislation prohibits companies from using student data for targeted advertising.
Unintended Consequences of Data in Education
Parents worry about the unintended consequences of data-driven decision-making and big data profiling by teachers, schools, and potential employers. They fear that “permanent records” and predictive analytics that can predict, for example, which children in elementary school will become juvenile delinquents, will shackle students to their past, pigeonhole them based on prior performance, or encase them within narrow confines.
Parents care most about whether their child receives a good education, and they want to ensure that their child’s safety and future opportunities are not jeopardized in the process. Parents worry that others – whether companies, state education agencies, or researchers – will put corporate, political, or research interests over their child’s educational interests and well being. They care less about categories of data users and intent and more about what data can do directly for, or against, their child.
The possible conflict between information practices that benefit specific students or students generally will become increasingly prominent, and problematic, as data-driven tools begin to change the pedagogy and structure of the educational system.
Much of parents’ frustration with the status quo stems from the fact that schools make most data-related decisions on their behalf. With schools making most data-related decisions in loco parentis, parents at least want reassurance that their child’s well-being will not be sacrificed in pursuit of a conflicting institutional or organizational priority. Currently, there is not enough transparency or direct accountability for parents to be sure that schools and other data recipients do not take expedient options at students’ expense.
Parental panic stems from the unproven and unpredictable outcomes and potential unintended consequences of student data use. Faced with unknown costs and nebulous benefits, many parents understandably seek to avoid uncertainty by limiting who can access student information in the first place. In doing so, they may also limit the ways that new technologies can enrich their child’s educational experiences.
More Precise Problem-Solving
Parents shouldn’t have to choose between protecting their children and taking advantage of new education technologies. Educators, policymakers, and companies need to consider privacy issues with a framework that incorporates parents’ point of view: Will education data be used directly to support their children, benefit students collectively, or advance extra-educational interests? Parents, educators, and policymakers need a shared vocabulary and framework that integrates parent and student perspectives into the broader consideration of systemic benefits. They must adopt more nuanced conceptions of privacy to move beyond crude binary solutions.
While the interests and preferences of individual student and parents cannot, of course, always prevail, it is vital that their concerns are taken seriously. Doing so will not only advance the student privacy debate, but promote more refined reforms. Perhaps more importantly, taking a parent-focused framework into account will help build the trust essential to the educational enterprise – data-driven or otherwise.
Elana Zeide is a Research Fellow at New York University's Information Law Institute, an Affiliate of the Data & Society Research Institute, and an Advisory Board Member of the Future of Privacy Forum and iKeepSafe.