Sometimes, data has to be shared to be useful. For example, a school district needs information on the students in it, in order to function. When are they absent? What are their grades? How are things going with scheduling? So it wouldn’t come as a surprise to most parents that “school officials” are on the list of entities who are allowed to access data, even sometimes sensitive data, about their kids. But it would shock most parents to find out that Google — yes, that Google — is one of those “school officials.”
That’s what the Washington Post points out is going on in schools around the country right this minute. Google’s tools are ubiquitous, cheap, and more-or-less user-friendly, leading them to be adopted by educators nationwide.
That’s not the problem, on its own. This is: although federal law requires most entities to receive written permission to access students’ confidential data, there’s an exception for “school officials,” who have unfettered access… and the amount, and type, of available data has simply exploded in the 21st century.
That loophole has allowed Google, and others, access to more data than could have been imagined when the law was first enacted int he 1970s. At that time, “school officials” actually meant employees of the district. But education has changed, and hundreds of functions — from cafeterias to testing — are outsourced to third parties.
In 2008, then, the exemption was extended to cover any contractor that works for the district as well. To qualify for that exemption, a business working with the school must do something that the school would otherwise do itself, and those businesses that do qualify are held to the same general rules on handling student data as any other actual school official.
A spokesperson for the Department of Education told the WaPo, “Student safety – including privacy – is a top priority for the Department. That’s why we continue to put out guidance and resources so that district leaders, schools, educators and students can use cutting-edge learning tools in the classroom while also safeguarding student privacy.”
The kind of data Google can collect while students are using its educational tools includes everything from email and chat records to metadata — routing, length of connection, location history — that educators don’t even know exist.
The EFF filed a complaint with the FTC about Google’s monitoring of student data about a month ago. At the time, the EFF said that even if the aggregation and anonymization always worked flawlessly, “Google’s use of students’ browsing history for its own benefit and without authorization from the student or parent, runs contrary to the letter and spirit of the Student Privacy Pledge. Aggregating and anonymizing students’ browsing history does not change the intensely private nature of the data – nor the fact that at the time of collection, it was tied to identifiable student accounts – such that Google should be free to use it, despite having promised not to do so without authorization from the student or parent.”