Data privacy for all-regardless of politics
The ACLU has joined the student data privacy fight-and rightfully so. Privacy is now front page, dinner table conversation. As this CNN subtitle reads, “Frustrated with increasing surveillance by the federal government and corporations, politicians in 16 states are pushing for sweeping privacy laws.” Notice that it doesn’t say, ‘let’s only stop the government from taking our data’ and it doesn’t say, ‘let’s only stop the corporations’. Nope. It says no matter who is taking your data without your knowledge and consent, they need to stop. Student data privacy concerns are not going away; they are growing. Join the fight. If you are worried about aligning with folks from the Left or the Right, to put it bluntly: you are missing the point.
The folks stealing the data are working together, and we, as stewards of ALL children, need to work together too. Drop the political labels and protect kids. Period. Focus on the real enemy.
Privacy is the new Cool -and vendors are asking for money to “help”
Everyone is jumping on the privacy wagon, even the vendors. (Wait what?) Yes, not to be outdone, and not wanting to be painted as the “bad guys”, the data addicted Data Quality Campaign and its co-signers (here) are asking the federal government to fund student data privacy programs to protect students from data users like themselves. Seriously? Read this recent DQC press release. We know that student data is a several billion dollar per year business, the former chief of US DoE RTTT writes that common core reform is built upon common standards requiring warehouses of commonly tagged data, the edtech industry admits student data is the glue that holds it all together, and the DQC along with the federal government, formed in 2005 to create national common standards, tagged data, SLDS in every state and with the goal of sharing a lifetime of (longitudinal) student-level data across states and with employers.– Isn’t it ironic that the very industry reaping the benefits of student data, RELYING on the flow of student data, is asking for money to protect it? Some advice for these DQC and other edtech, data broker folks: Stop pretending to care about student data privacy. If you are serious, use some of the Billions (Trillions?) of this blood money, and give it to schools -NO STRINGS ATTACHED. Help schools build security, privacy training, make the data elements transparent to both schools and parents, stop the black box algorithms, and truly police your industry with enforceable penalties.
Enforceable penalties lacking: except in Europe
The SIIA is a self policing edtech industry pledge and is touted as a good first step, but the pledge, along with most student data privacy laws in the U.S., is worthless because it has no penalty, is not enforceable. What does a good penalty look like? Well, look no further than Europe who recently passed a privacy law, the General Data Protection Regulation GDPR. This law was 4 years in the making, will go into effect in 2 years and was opposed by all the big data folk like Facebook, Google, Amazon, Microsoft etc. Europe will make these American vendors comply with a tough new data privacy law, barring them from taking and selling European’s private information. Sadly–this law does not stop said companies from data mining Americans. However, these US companies will be forced to comply with this law if they hope to do trade with Europe. The European GDPR law is big on data transparency and allowing people to manage their data, a term called ‘privacy as agency’. Europe realized that without a penalty, there will never be compliance; the new Eu law imposes a penalty of 4% of a company’s revenue (billions per penalty). This is a stiff, enforceable penalty and companies will certainly want to comply. The hope is that Americans will deem themselves worthy of the same protection afforded to Europeans and will demand that the U.S. pass a similar privacy law and penalties.
Perhaps we could start by upholding this U.S. code of Fair Information Practices that was adopted in 1973, which is used internationally. Take a look:
The Code of Fair Information Practices
The Code of Fair Information Practices was the central contribution of the HEW (Health, Education, Welfare) Advisory Committee on Automated Data Systems. The Advisory Committe was established in 1972, and the report released in July. The citation for the report is as follows: U.S. Dep’t. of Health, Education and Welfare, Secretary’s Advisory Committee on Automated Personal Data Systems, Records, computers, and the Rights of Citizens viii (1973).
The Code of Fair Information Practices is based on five principles:
- There must be no personal data record-keeping systems whose very existence is secret.
- There must be a way for a person to find out what information about the person is in a record and how it is used.
- There must be a way for a person to prevent information about the person that was obtained for one purpose from being used or made available for other purposes without the person’s consent.
- There must be a way for a person to correct or amend a record of identifiable information about the person.
- Any organization creating, maintaining, using, or disseminating records of identifiable personal data must assure the reliability of the data for their intended use and must take precautions to prevent misuses of the data.
Privacy is a basic human right–as humans, it’s time we started remembering and enforcing that.
This Citibank commercial about identity theft is one of many– and while absolutely hysterical– has serious implications when you consider how much personal data is collected -unchecked- on children. Watch the video, have a laugh, and please help. Protect children from the astonishing data collection.