Collected Publications from the SPI

Privacy and Student Data:
An Overview of Federal Laws Impacting Student Information Collected Through Networked Technologies

Over the past five years, schools have progressively been integrating the use of technology into the classroom, both to help students achieve their goals, and help teachers and administrators alike organize, categorize and track information about students. Specifically,“Networked Services” can be used in a variety of ways to improve school systems, including increasing efficiency in administrative operations to advancing individualized learning through online resources. Though these networked services may be valuable tools, they also have the ability to collect sensitive information about students. To that end, as educational institutions introduce networked services into schools, they must remain alert to growing privacy concerns for sensitive student information.

Harvard Law School’s Cyberlaw Clinic, based at the Berkman Center for Internet & Society, has prepared this guide to provide a high-level overview of two of the major federal legal regimes that govern the privacy of children’s and students’ data in the United States: the Family Educational Rights and Privacy Act and the Children’s Online Privacy Protection Act. In addition, this guide covers how the Protection of Pupil Rights Amendment, which, while not as broadly applicable to the use of technology by schools, does include a few provisions that can apply in certain contexts, particularly when schools use technology to administer surveys of student subjects, or use technology that collects information for marketing purposes. While there are other laws that may also apply to schools in this context (e.g. state privacy laws), these three laws have important implications for schools using networked services.

The purpose of this document is to provide schools, parents and students alike with an overview of some of the laws that may apply as schools begin to use networked services to help educate students. All of the relevant statutes – and particularly FERPA – are complex and are the subjects of large bodies of caselaw and extensive third-party commentary, research, and scholarship. This document is not intended to provide a comprehensive summary of these statutes, nor privacy law in general, and it is not a substitute for specific legal advice. Rather, this guide highlights key provisions in these statutes and maps the legal and regulatory landscape.

Student Privacy: The Next Frontier
Emerging & Future Privacy Issues in K-12 Learning Environments

This report offers recommended next steps and prioritizes open issues in the ed tech and connected learning space, building from and reflecting upon a conversation organized by the Berkman Center for Internet & Society's Student Privacy Initiative. This working meeting was envisioned as one in a series of conversations which deepens our understanding of emerging and future privacy issues in K-12 learning environments, both formal and informal. This particular working meeting prioritized practicality over theoretical discussion, emphasizing the evolving experiences of K-12 administrators, educators, and students.

In order to evaluate the challenges and opportunities fostered by the next generation of ed tech, participants were asked to consider the following four layers of the ed tech ecosystem, each of which informs the others in myriad ways: technological infrastructure, data, organizational structures, and norms and values. Keeping these layers in mind, discussion ranged widely across numerous themes, reflecting the participants’ diverse backgrounds and perspectives. This report seeks to summarize the conversation’s main themes and highlight suggestions for future action.

Framing the Law & Policy Picture: A Snapshot of K-12 Cloud-Based Ed Tech & Student Privacy in Early 2014

This paper builds upon SPI's ongoing work to surface key aspects of the law, policy, and implementation debate that is taking place in the rapidly evolving cloud-based ed tech landscape. It aims to provide policy and decision-makers at the school district, local government, state government, and federal government levels with greater information about and clarity around the avenues available to them in evaluating privacy options. The analysis focuses on three key questions: who should make cloud-based ed tech decisions; when is parental consent needed; and how can data transferred, stored, and analyzed through these products be kept secure and, as necessary, de-identified?

The authors offer the following pragmatic recommendations for policy and decision-makers based on the cloud ed tech landscape as of early 2014:

1. Employ (temporary) centralization of cloud-based ed tech decision-making at the district level to foster the legal, technical, and other expert oversight necessary in this complex space without stifling capacity for local experimentation;
2. Examine the adoption of user-friendly labeling of cloud-based ed tech products to increase transparency and encourage compliance with parental consent and other legal requirements; and
3. Adopt FIPPs (Fair Information Practice Principles) and other best practice standards by industry providers to increase data security and protection.

Student Privacy & Cloud Computing at the District Level: Next Steps and Key Issues

This report offers recommended next steps and prioritizes open issues in the K-12 edtech space, with a special emphasis on two topics: (1) law and policy and (2) norms, values, attitudes, and practices, as well as an overarching eye to opportunities for collaboration. It builds from and reflects upon a conversation co-organized by the Berkman Center for Internet & Society’s Student Privacy Initiative and the Consortium for School Networking, at which policymakers and educational technology thought leaders came together to emphasize the view “on the ground” as seen from the district level and identify specific resources for potential inclusion in a toolkit for diverse stakeholders considering the adoption and impact of cloud technologies in K-12 educational contexts.

K-12 Edtech Cloud Service Inventory

A wide range of cloud technologies are now available to K-12 educators, ranging from replacements for school- and district-maintained servers (infrastructure as a service, in which servers traditionally maintained by a school or district are “outsourced” to a cloud vendor), to a variety of software tools that users access from web browsers or mobile applications, which are in turn supported and powered by third-party companies. In such a crowded landscape, it can be challenging to understand the different kinds of available services. This document aims to provide individuals with a non-technological background with a more concrete survey of the kinds of cloud computing technologies (categorized by the affordances each offers) that may be adopted in K-12 educational contexts.

Youth Perspectives on Tech in Schools: From Mobile Devices to Restrictions and Monitoring

This research brief is a contribution by the Youth and Media team at the Berkman Center to its Student Privacy Initiative, which seeks to explore the opportunities and challenges that may arise as educational institutions adopt cloud computing technologies. In order to understand the implications of cloud services for student privacy more holistically, it might be helpful to examine how technology that is already implemented in academic contexts is used by youth and to explore how students feel about current practices. Towards this goal and informed by our recent research, the brief aims to make visible the youth perspective regarding the use of digital technology in the academic context, with a focus on privacy-relevant youth practices, limitations on access to information, and youth’s relation to educators in a high-tech environment. The brief includes insights and quotes gathered through a series of in-person focus groups as well as data from a questionnaire administered to all focus group participants. In addition, it highlights in a few instances additional research and data.

Student Privacy in the Cloud Computing Ecosystem: State of Play & Potential Paths Forward

This report draws from ongoing Student Privacy Initiative research as well as participant inputs from an April 2013 exploratory workshop, "Student Privacy in the Cloud Computing Ecosystem," to begin to map the current landscape and connect the often-siloed perspectives of educational institutions, students, parents, and administrators as well as cloud service providers and policy makers.

Privacy and Children's Data: An Overview of the Children’s Online Privacy Protection Act and the Family Educational Rights and Privacy Act

Privacy law in the United States is a complicated patchwork of state and federal caselaw and statutes. Harvard Law School’s Cyberlaw Clinic, based at the Berkman Center for Internet & Society, prepared this briefing document in advance of the Student Privacy Initiative's April 2013 workshop, "Student Privacy in the Cloud Computing Ecosystem," to provide a high-level overview of two of the major federal legal regimes that govern privacy of children’s and students’ data in the United States: the Children’s Online Privacy Protection Act (COPPA) and the Family Educational Rights and Privacy Act (FERPA).