Some Montgomery County parents are leading a push for more stringent privacy protections for students after discovering what they call “massive failures.”
On Friday morning, 14 parents from nine states filed complaints with the U.S. Department of Education, raising concerns about the personal information gathered about students on online platforms, stored for years and shared with third-party vendors.
“Vendors are mining data on kids on the backs of the public school systems and profiting from that data, and they’re doing it without parental consent,” Lisa Cline, a co-founder of the group and an MCPS parent, said in an interview on Thursday.
And that’s not necessarily the school districts’ fault, Cline said.
The group hopes to highlight a “loophole” in federal student privacy laws that doesn’t protect access to and sharing of students’ “metadata,” like their search history, websites visited, keyword searches, and times, locations and frequency of log-ins. All of that information can create a “profile” about children that vendors can use to track and market to, Cline said.
“It’s the legal language that we’re trying to fix, because someone is supposed to have direct control over student information and metadata, but the vendors are saying they don’t have direct control, and the school systems are saying they don’t either,” Cline said, adding that her child used about a dozen different online platforms during the past school year. “So, we’re trying to identify, with the help of the government, who does have control and, therefore, who will supply it to the parents when asked.”
Each of the 14 parents involved in the project recently filed requests with their local school systems for their children’s data collected by education technology vendors, which they should have access to under the Family Educational Rights and Privacy Act (FERPA). None received the requested information, according to the Student Data Privacy Project, an organization leading the project.
Cline filed the request with MCPS, but was told to redirect her inquiry to the vendor, Kahoot. Kahoot — a platform with educational games and lessons — told her the school district needed to provide the information.
Neither MCPS nor Kahoot immediately responded to requests for comment on Thursday evening.
One parent in Minnesota did not receive the information they requested, but was given 2,000 pages of information that included “a disturbing amount of personal information” about her child, including baby pictures, videos of her in an online yoga class, her artwork and answers to in-class questions, according to the group’s press release.
“Because these schools failed to provide the data requested, we don’t know what information is being collected about our children, how long these records are maintained, who has access to them, and with whom they’re being shared,” said Emily Cherkin, a co-founder of the Student Data Privacy Project.
Joel Schwartz, another MCPS parent, who is co-founder of the project and a law professor, added that the “Department of Education’s failure to enforce FERPA” means millions of students’ privacy is at risk.
The Student Data Privacy Project plans to solicit similar stories from more families throughout the country in the coming months.
They are asking the Department of Education to provide regular audits of vendors’ access, use and disclosure of students’ personal information; require that parents are provided “meaningful access” to records held by vendors used by students; and protect students’ “digital footprints.”
“The other day, I heard about a recall on some vegetables and thought, ‘Well, geez, you know, broccoli is practically more regulated and has more oversight from the federal government than our kids’ information,’” Cline said. “So, I’m hoping that down the road, (vendors) will be just as watchdogged as broccoli.”
Caitlynn Peetz can be reached at caitlynn.peetz@bethesdda-remix.newspackstaging.com