The UK is behind the curve on Protecting Pupil Privacy

Digital Economy Minister Ed Vaizey has called on public and industry to share their ideas on how the UK’s digital revolution can be taken to the next stage, in areas including education.

One year ago, the President of the United States strongly endorsed the Student Privacy Pledge, calling for companies to make a firm commitment to using pupil data only for educational purposes, and to full transparency of its handling, in a dozen enforceable commitments on the collection, maintenance, and use of pupil personal information.

The pledge builds on legal protections to enhance trust in the handling of pupil data; and includes advertising, profiling, retention, sales, security, and more.

US signatories of the “Student Privacy Pledge” are committed to:

• Not sell pupil information
• Not behaviorally target advertising to pupils
• Use data only for authorized education purposes
• Not change privacy policies without notice and choice
• Enforce strict limits on data retention
• Support parental access to, and correction of errors in, their children’s information
• Provide comprehensive security standards
• Be transparent about collection and use of data

One year later there are 210 signatories. And if a signatory gets it wrong, they can be legally challenged.

FPF Executive Director Jules Polonetsky: “The [US federal government] Administration was instrumental in helping to get the word out, and its support early on was important to many companies being interested.”

The Pledge commitments outline ongoing industry practices to ensure responsible, fair handling of pupil data. The Pledge applies to all pupil personal information whether or not it is part of an “educational record” as defined by US federal law, and whether collected and controlled by a school or directly through pupil use of a mobile app or website assigned by their teacher.

It also applies to school service providers whether or not they have a formal contract with the school.

Our UK pupils are long overdue similar support of their privacy rights, and a grown up government that meets its responsibility rather than rubbishing privacy as an inconvenience.

The US vs the UK on pupil data protection

Further US legislation protects US pupils rights that UK pupils miss out on today, such as the Protection of Pupil Rights Amendment (PPRA) that outlines the information pupils might be asked as part of US federally funded surveys or evaluations where parents may choose to opt their child out of participation in surveys.

The U.S. Department of Agriculture administers the National School Lunch Act (NSLA), which has stricter privacy provisions than FERPA, restricts who may see certain information about pupils who are eligible for the equivalent of free school meals (FSM).

While in England our pupil FSM data are given to Fleet Street press without parents and pupils ever being asked or told about it.

In the US, the Children’s Online Privacy Protect Act (COPPA), controls what information is collected from young children by companies and requires companies to delete data if asked and also requires that companies have the necessary security to protect the child’s information.

While in England our pupil data are collected from millions of pupils for the purposes of a child’s education, and once extracted to the National Pupil Database, are released on demand to any number of settings of commercial companies for purposes without consent or transparency to the individuals whose confidential data they are.

And when it comes to US retention, when information is collected with the consent of a school official, the company may keep the information only as long as necessary to achieve the educational purposes.

While in England third-parties may say they’ll retain data for only a year but might keep data much longer than planned, without audit.

The exemption note on that Freedom of Information note is one of particular irony. DfE fair processing isn’t met in the National Pupil Database to 8+million pupils, but withholds data in a FOI response.

The National Pupil Database demonstrates how to implement pupil data laws and principles of data protection very badly.

The new UK Government Digital Strategy

This is something our digital review should commit to fix today for all our future generations. Not in six months. Not after another review. Now. Which fixes may take time, in practice. But a decision could be announced this week if they chose to do so. Perhaps by the January 21st census, before which schools and unions might want to consider whether their pupils’ confidentiality is being breached.

Doing nothing, the Government condones the status quo. And they say they don’t want the status quo. Do they mean what they say?

The Government says now looking at a new Digital Strategy for the UK for the next five years, “Let’s show the rest of the world how it’s done.”

Indeed. Let’s do it as a positive role model in the modern world. Not as the nation who left their children’s rights behind in the 70s.

If the UK is now truly “a ‘Tech Nation’ led by entrepreneurs but supported by Government”, then all could do worse than look across The Pond and reflect on how the drive to exploit data for the economy does not have to mean exploiting our pupils’ privacy.

And then do better. Fix policy and practices and avoid loopholes that lose public trust.

The US has a 2016 digital strategy in education. The UK government ignores the 2014 Education Technology Action Group review.

The ETAG called on the government to “establish a task force to develop proposals for a national framework for sharing key data across education […] that addresses issues of data protection and ownership.”

The US President gets it, while UK pupils are getting left behind.  Step up to the plate, Mr.Cameron, Mr. Vaizey, gee up the DfE.

Let’s get our approach to pupils’ data and digital in education out of the seventies, and fit for the future.