Their Take: Privacy and Education Leaders Debate Parental Consent Requirements
When we think about the role of parental consent in education, we tend to think of activities that require permission slips, like field trips. However, the proliferation of online services in education is introducing a new twist on the question of parental consent.
As policymakers work to create the appropriate space for both parental rights and agency and protection from possible harm, education and privacy experts and advocates are making their opinions on the issue known. Earlier this year, Education Week wrote about this provision and highlighted Common Sense Media as concerned about the possible harm to families if laws give parents the responsibility of making these data sharing choices.
Given the importance of this issue and the fact that it comes up every time a student privacy bill is introduced at both state and federal levels, we wanted to share what some leading voices in education and privacy are saying to help inform the conversation:
- Brenda Leong, Senior Counsel and Director of Operations, Future of Privacy Forum
- Brendan Desetti, Director of Education Policy, Software and Information Industry Association
- Chad Marlow, Advocacy & Policy Counsel, American Civil Liberties Union
- Jacki Ball, Director, Government Affairs, National PTA
- Olga Garcia-Kaplan, student privacy advocate and parent blogger, FERPA|Sherpa
Brenda Leong, Senior Counsel and Director of Operations, Future of Privacy Forum
At many schools, parents can now log in to a portal to see their child’s attendance, grades, and home assignments. Students and teachers interact online. Technology is changing the academic experience and empowering parents, teachers, and students as never before.
With all of these benefits come some risk — and lawmakers continue to seek ways to expand effective protections for student data.
One key issue has emerged in many of the bills. Should parents have the right to tell a company holding their child’s data to further maintain or share that information for additional services the parent wants? What if a parent wants to enable an outside tutor to have access to their child’s math programs in order to best support the tutor’s supplemental role? Unfortunately, some legislative proposals do not make allowances for parents to expressly enable just such services, leaving the parent with no option except to download or print and transfer the information themselves.
Certainly, some worry about parents having insufficient information and making decisions that allow a vendor to use data for marketing or other undesired purposes. But the answer isn’t taking away the rights of parents — the most knowledgeable and motivated advocates for their child.
Some proposed bills have struck a middle ground by allowing parents to approve enumerated services, like sending a high school transcript or scholarship information. But it is hard to anticipate the emerging ways parents will want to use the data they are now able to access.
Instead, we should make the disclosure process hard enough that parents cannot “accidentally” agree — then trust schools and parents to make smart decisions. Rather than limiting or taking away all their control over their own child’s data, there should be a process of sufficiently explicit agreement to ensure parents understand and desire the disclosure to take place. This means bills should be drafted to provide parents with a clear option to use their child’s data as they see fit.
Brendan Desetti, Director of Education Policy, Software and Information Industry Association
Parental consent is an important element in protecting student privacy. Of course, as FERPA says, prior consent is not always required when student information is disclosed for the educational purposes of a school under the direction of the school. But the fully informed consent of parents also legitimizes additional uses of student information. When not directed by a school, should a student’s information be shared with potential colleges? Does it make a difference if the college is private or public? What about to a student’s tutor or a scholarship competition?
It’s clear there are currently federal, and increasingly state, laws and regulations to ensure students’ sensitive data is protected and used only for educational purposes. As some policymakers have sought additional protections though, they have drafted legislation that would preclude parents from authorizing the use of their child’s data for purposes restricted or not envisioned by the legislation. They shouldn’t.
If technology-enabled services are available that would help a student reach their potential, provide parents with information they want to help their child succeed. Or even to advance the quality of education broadly, parents should continue to have the ability to authorize the use of their child’s data to deliver those additional services.
With the use of affirmative parental consent in response to clear and conspicuous notice, parents are also assured that schools and service providers may use data only for those additional services authorized. Such consent and notice requires an opt-in from parents written in layman’s terms, specifying to whom the data will be shared and for what purpose. This takes off the table concerns some have that service providers might take advantage of parental consent through the use of blanket exceptions, confusing legal jargon, or an opt-out approach.
Prohibitions in law that prevent — or create confusion about — a parent’s ability to authorize the sharing of data with a child’s tutor do not help students and do not make their data more secure. Instead it will force parents to work around such prohibitions, limit opportunities for students, and make students’ personal information less safe.
Chad Marlow, Advocacy & Policy Counsel, American Civil Liberties Union
Privacy, at its core, is about control — specifically, who controls your personal information and who gets access to it. The ACLU believes parents and students should be empowered to choose who does and does not have access to their student data. Three key points govern our approach to implementing this rule.
First, as a child ages, the child should have an increasing right to participate in making data-sharing decisions. The power to grant permission should rest with the child’s parents when the child is in elementary school, should be jointly exercised by the parents and child after elementary school, and should pass fully to the child once the age of majority is reached. Second, permission to share data must be granted expressly and with respect to specific information, not by way of broad, general consent forms. Third, it should be unlawful to take any punitive actions against a parent or child because they choose not to share their data. If, for example, the parents of a fourth grader who is under-performing in math want an education agency or third-party contractor to share his data with companies that offer tutoring services, the government should not prohibit that data sharing. At the same time, it should not permit the sharing of such data in the absence of express parental consent.
Because different students and families will have different, equally valid opinions of where the data-sharing-versus-privacy line should be drawn, we are best served by empowering them to make those decisions for themselves. This is why the ACLU, in partnership with many advocacy groups, has worked to get legislation introduced in numerous states that would empower parents and students to protect their privacy.
Jacki Ball, Director, Government Affairs, National PTA
National PTA supports the ability of families and students to have reasonable control over the collection, warehousing, and use of electronic student data, while also supporting the need for research and data analysis to improve student learning outcomes, instructional design, and remedial supports. National PTA is deeply committed to the promotion of privacy and security policies that maintain the confidentiality of sensitive data that students and families have entrusted to education agencies.
Policymakers, educational agencies, and families should work together to balance parental rights with educationally sound data uses, like personalized and adaptive learning. State and federal privacy laws should be updated to ensure student data is used for authorized educational purposes only and to prohibit the sale of student data and its use to target non-education-related advertising to students and their families. Families should always retain the right to review, inspect, and obtain copies of their child’s education records and evaluate the access by third parties at any time. Furthermore, sound policy and practice should ensure that students and families are aware of their rights under federal and state student privacy laws.
Families should have the discretion to share their child’s data if they desire, and educational agencies and third-party contractors must be transparent about the use, storage, security, and destruction of a child’s or student’s personally identifiable information and educational record. Data is a valuable tool for parents, educators, and school administrators to effectively evaluate the progress, achievement, and support of students’ educational goals. Restrictive prohibition policies for those who have the consent of families to share their child’s data undermines families’ rights and can hinder the process of supporting and educating our nation’s students.
Olga Garcia-Kaplan, student privacy advocate and parent blogger, FERPA|Sherpa
What would you do if you had to see a medical specialist and needed to go in person to your primary care doctor and ask for your printed records so that you could personally take them to said specialist? It would be a hassle to say the least. Luckily, there are no laws forcing parents to do this for their child’s health care. However, in education, California’s recently passed student data privacy law (SOPIPA), essentially mandates this hassle for parents seeking to ensure their children have access to education services offered by third parties.
As it currently stands, SOPIPA does not allow a parent to authorize the sharing of their children’s information to third parties beyond those expressly identified in the law. Some argue that these exemptions cannot be allowed because parents could be coerced to give away all of their children’s information in exchange for a service. But is it fair to put the burden entirely on parents to figure out what information to get and who to reach out to obtain it?
It is our responsibility (as parents, students, schools, lawmakers) to provide the best learning environment for our children. Complementary support systems can work efficiently but only with complete information. However, if we are not able to easily request the transfer of information to a supplemental service of our own choosing, it becomes difficult to provide what we feel is the best learning environment for our children.
For example, children with learning differences stand to benefit the most from complementary support systems. It is exponentially beneficial when what is learned in school can be reinforced at home. A child using technology during the school day to help with their learning should be able to continue to build upon what was learned from the data that can be shared. Students would benefit tremendously if parents could easily facilitate connecting this information across the child’s entire support network.
We need to trust parents to make the right decisions for their children, but it should not be a burdensome process to facilitate the building of a comprehensive learning environment for all kids.
Originally published at Data Quality Campaign.