The National Education Policy Center (NEPC) recently released a report entitled Learning to Be Watched: Surveillance Culture at School. In making claims about how student data is being protected, the report conflates the issues of student data privacy and advertising. The truth is that strong, multi-layered protections now exist to protect student information and ensure it is used only for educational purposes. In addition, current law and subsequent regulation forbids the use of student information for targeted advertising.
Concern that current law and practice allow targeted advertising by service providers to students is entirely unfounded. FERPA has always prohibited school service providers from utilizing student information for targeted advertising. The U.S. Department of Education even went further in clarifying this prohibition:
“Under FERPA, the [educational technology provider] provider may not use data about individual student preferences gleaned from scanning student content to target ads to individual students for clothing or toys, because using the data for these purposes was not authorized by the district and does not constitute a legitimate educational interest as specified in the district’s annual notification of FERPA rights.”
The school official exemption under FERPA does not give any school service provider carte blanche to use student data as they please. Schools may only disclose student information to a provider under the school official exemption if the provider “performs an institutional service or function for which the school or district would otherwise use its own employees.” Providers under this exemption are contracted for specific purposes and are under the direct control of the district. They cannot use the information collected for purposes not related to providing the service to the school. Here’s what the department has said about the school official exemption:
“Any PII from students’ education records that the provider receives under FERPA’s school official exception may only be used for the specific purpose for which it was disclosed (i.e., to perform the outsourced institutional service or function, and the school or district must have direct control over the use and maintenance of the PII by the provider receiving the PII). Further, under FERPA’s school official exception, the provider may not share (or sell) FERPA-protected information, or re-use it for any other purposes, except as directed by the school or district and as permitted by FERPA.”
The use of de-identified and aggregate information by schools, researchers, and service providers is appropriate and necessary in order to order to, among other things, understand how federal, state, and local programs are performing, how a product is being utilized and can be improved, and how students in general are performing.
In the different area of health research, studies conducted with de-identified and aggregate health records, permitted under federal medical privacy rules, show the health threats to children from over consumption of fast food. Health providers use de-identified and aggregate information to identify and study these types trends over time in order to identify patient needs and improve equipment and drugs. This use of de-identified and aggregate health information has been done for decades and the field of medicine has had major breakthroughs in improving patient care and treatment.
The availability and use of de-identified and aggregate data in education is permitted under Federal and state privacy laws and has the potential for similar breakthroughs in learning if we do not stifle its use.
Technology and data are increasingly mission critical to instruction, school operations, equity, and student learning. School service providers strongly believe that student information should be protected and that student information should not be used in order to target advertising. We cannot however allow unfounded fears to block the benefits of technology and data use for students, teachers, and families. Policies should continue to protect student information but not tie our classrooms to the past.