Jan 28 2015

Google Joins Ed Tech Giants in Signing Student-Data Privacy Pledge

President Obama is taking student-data privacy seriously, and companies are taking notice.

Google added its name to a list of companies that have signed a student-data privacy pledge after President Barack Obama endorsed it in a speech.

During a speech at the Federal Trade Commission this month, the president mentioned the pledge, sponsored by two Washington, D.C.-based organizations: the Future of Privacy Forum, a nonprofit whose mission is to promote responsible data practices, and the Software & Information Industry Association, the main trade association for the software and digital-content industry.

"It’s the right thing to do. And if you don’t join this effort, then we intend to make sure that those schools and those parents know you haven’t joined this effort,” Obama said.

At the time of Obama’s words on Jan. 12, 75 companies had signed the student privacy pledge. Within a week, the list of signatories went up to 90, according to Education Week. As of Wednesday, they numbered 103.

Among the latest names in education technology to join the group are the nonprofit Khan Academy and Google, the search engine giant that has made headway in the industry with its Chromebook notebook.

“Protecting the privacy and security of all of our users, including students, is a top priority,” a Google spokesperson said. “We’re pleased to see the ed-tech industry come together to support this important issue, and we've signed the pledge to reaffirm the commitments we’ve made directly to our customers.”

The pledge is a voluntary way for companies to make their position on student data clear to the public. Signing the pledge sends a strong message of support for keeping privacy practices transparent.

The pledge holds its signers accountable for how they use data harvested from student work; among other things, they agree not to sell student information, not to use students’ personal data to behaviorally target advertising to them and to use such data for authorized educational purposes only.

The pledge reads as follows:

We Commit To

✘ Not collect, maintain, use or share student personal information beyond that needed for authorized educational/school purposes, or as authorized by the parent/student.

✘ Not sell student personal information.

✘ Not use or disclose student information collected through an educational/school service (whether personal information or otherwise) for behavioral targeting of advertisements to students.

✘ Not build a personal profile of a student other than for supporting authorized educational/school purposes or as authorized by the parent/student.

✘ Not make material changes to school service provider consumer privacy policies without first providing prominent notice to the account holder(s) (i.e., the educational institution/agency, or the parent/student when the information is collected directly from the student with student/parent consent) and allowing them choices before data is used in any manner inconsistent with terms they were initially provided; and not make material changes to other policies or practices governing the use of student personal information that are inconsistent with contractual requirements.

✘ Not knowingly retain student personal information beyond the time period required to support the authorized educational/school purposes, or as authorized by the parent/student.

✓ Collect, use, share, and retain student personal information only for purposes for which we were authorized by the educational institution/agency, teacher or the parent/student.

✓ Disclose clearly in contracts or privacy policies, including in a manner easy for parents to understand, what types of student personal information we collect, if any, and the purposes for which the information we maintain is used or shared with third parties.

✓ Support access to and correction of student personally identifiable information by the student or their authorized parent, either by assisting the educational institution in meeting its requirements or directly when the information is collected directly from the student with student/parent consent.

✓ Maintain a comprehensive security program that is reasonably designed to protect the security, privacy, confidentiality, and integrity of student personal information against risks – such as unauthorized access or use, or unintended or inappropriate disclosure – through the use of administrative, technological, and physical safeguards appropriate to the sensitivity of the information.

✓ Require that our vendors with whom student personal information is shared in order to deliver the educational service, if any, are obligated to implement these same commitments for the given student personal information.

✓ Allow a successor entity to maintain the student personal information, in the case of our merger or acquisition by another entity, provided the successor entity is subject to these same commitments for the previously collected student personal information.


Zero Trust–Ready?

Answer 3 questions on how your organization is implementing zero trust.