Who is advertising student data and who OWNS children’s data?
We live in a world where millions of bits of data about a person are collected and shared invisibly and your data footprint is saying things about you, predicting things about you, that you never dreamed of. It’s no wonder that so many people are interested in student data. Data is, after all, money, and there is a lot of money to be made in student data. “The SLDS data is a goldmine.” As NEPC reports, students are under a constant state of surveillance. When on a computer, everything a student types, every click of the mouse is recorded, and can be analyzed and profiled, thanks to a government funded project called LearnSphere, which we wrote about here. Requests for student data (like this from AIR) reach beyond grades, can include a student’s education record, can contain personal information about their health, their disabilities /IEPs, their income status, race, gender, age, behavior and discipline issues, and soon their emotions and social skills. Predictive analytics and algorithms can further be used on data once it is collected, to determine everything from ADHD, attentiveness, emotion, personality, likelihood to commit future crimes, insurance risk, hire-ability score, potential career or college paths…it’s endless. Students have no way to see how their data are predicting or choosing for them, data analtyics is getting too personal. There are no laws regulating algorithms, they can be wrong and algorithms can be biased. So, it matters who is accessing and analyzing student data. And right now, the federal government is considering lifting the ban on a NATIONAL student tracking database.
Knowing millions of data are collected on students daily, it gives parents pause when they see quotes like this, “McKinsey Global estimated that increasing the use of student data in education could unlock between $900 billion and $1.2 trillion in global economic value.”
Advertisements for student data in Forbes Magazine.
Parents wonder what kind of data is being offered, and who is supplying this data? If one goes to the Kids Count Data Center website, http://datacenter.kidscount.org/ , you can see that pages of data are being offered, not only educational data, but also data on health, family background, race etc.
By clicking on the map, you can see who supplies data for each state. If you click on Colorado, one can see that Colorado Children’s Campaign supplies student data for the National Kids Count data Center in this Forbes ad.
Following the money.
An advertisement in Forbes certainly is not cheap. Parents wonder if their students’ data are being sold or traded or monetized. We do know that the nonprofit Colorado Children’s Campaign has received over $9 million from Bill Gates’ Foundation, and we also know that Gates has a deep interest in accessing student data. Colorado has a law that prohibits the selling of student personally identifiable information, pii. Colorado also has a law requiring companies or institutions who have access to student pii data to sign a contract agreeing to uphold certain security and privacy measures, including further re-sharing of the data. We know some of the data that Colorado Children’s campaign received came from the Colorado Department of Education. The Colorado Department of Education must post these contracts of all companies and institutions who have access to student personally identifiable information.
There is no data sharing contract for Colorado Children’s Campaign posted for this year, or for any previous years, that we can find on the Colorado Department of Education website.
This would imply that Colorado Children’s Campaign has not (in the past 3 years) received pii data. But what data has Colorado Children’s Campaign received? Who do they share student data with? If there is no contract, is there anyone monitoring their use of student data? Has there ever been an audit? Without a contract, how would parents know what data elements they receive, and are they permitted to sell or monetize student data? Who gave permission for Colorado Children’s Campaign to access student data, under what authority?
The Colorado IRB–is no more.
Previously, the Colorado Department of Education, CDE, had an Internal Review Board (IRB) that reviewed requests to access children’s data. Apparently, CDE (according to item 5 of their IRB protocol) allowed groups like Colorado Children’s Campaign to approve their own data requests.
Who in Colorado is overseeing the student data requests now?
CDE no longer has an IRB. Since CDE dissolved their IRB last year, certainly someone independent of the requestor should be reviewing these (and other) data requests. Without contracts, without an IRB, who is overseeing student data requests like those of Colorado Children’s Campaign? In 2016, instead of an IRB, CDE developed this internal research approval panel, with final approval of the state board.
Federal law (FERPA) which is over 40 years old and has always required that when sharing student data to the public, it must not reveal student identity. Sometimes, in cases where a dataset has few enough numbers, where a student could be identified based on elimination, under both federal and state laws, that dataset must be withheld from the public. (ie: The only 5th grade girl with a brother in 3rd grade, sister in 1st grade, in the same small school, and are of a certain race, ethnicity… It is likely that you, or anyone, could probably pinpoint who that 5th grade girl was. )
The Colorado Board of Education recently started reviewing data requests to ensure the requests have a legitimate educational purpose and to verify that student data privacy and security requirements are being met.
Data brokers, data requestors unhappy.
Chalkbeat Colorado reported recently that not all parties who request student data are happy with the review and requirements set by the Colorado Board of Education.
Chalkbeat reports that parents and schools are still receiving full data sets,
“Officials at the Colorado Department of Education stress that districts and schools are receiving complete data sets, and that parents will be provided with comprehensive reports explaining how their students and schools are performing.”
Chalkbeat mentions that federal FERPA law requires some redaction,
“According to federal law, the state must redact data that could allow any person using reasonable measures, such as basic subtraction, to figure out how a particular student performed on a test.”
The new Colorado data privacy law (HB1423) does not require redaction above and beyond what FERPA already requires.
However, the Colorado Freedom of Information Coalition today reported on the redaction of small n size, and the requirement of the state board to review data requests. CFIC’s report included a quote from Colorado Children’s Campaign,
“We’re concerned about the impact this could have on academic educational research,” said Sarah Hughes, research director at the Colorado Children’s Campaign. “Politicizing this process seems a bit out of the ordinary based on other states I’ve looked at.”
Parents wonder why these organizations requesting children’s data oppose being independently reviewed. Do they oppose having to adhere to state and federal law?
If organizations and nonprofit groups are concerned about masking datasets with small n values, and losing public accountability, why can’t they employ something as simple as reporting the range (highest, lowest), median, mean, and s.d. for grade-level test scores without the proficiency bands? This would allow one to compare schools, would provide public accountability data for the small number of schools affected, while maintaining FERPA privacy.
EG: Scores on PARCC test for small n size group
Certainly these organizations requesting student data understand and respect the need to protect children’s privacy and would not be opposed to publicly posting data sharing agreements, contracts about what data they receive, how they are using and analyzing it, who they are sharing it with. And since data is money, perhaps they should be reporting income, paying taxes on the student data they receive.
One final thought: Whose data is it anyway? Did anyone bother asking the student or the parent?