Senators Raise Concerns Over Data Privacy with Online Learning Amid COVID Closures

By Henry Kronk
March 31, 2020

Three democratic senators—Edward Markey of Massachusetts, Dick Durbin of Illinois, and Richard Blumenthal of Connecticut—sent a letter to the Federal Trade Commission (FTC) and Department of Education (DoE) on March 24. They ask for cybersecurity and online privacy guidance as the outbreak of COVID pushes more classes online.

There are roughly 56.6 million American students currently studying in grades K-12. With statewide school closures now in effect every state except for Maine, Nebraska, and Iowa, the vast majority of these learners are currently using education technology to learn from home.

Calling for Caution and Guidance with Online Privacy

While Senators Blumenthal, Markey, and Durbin praise education stakeholders for finding a way to continue their lessons despite school closures, they also describe how this flood of activity online presents a target for hackers and cyber criminals. Accordingly, they ask the FTC and DoE to provide schools with guidance regarding cybersecurity.

The point out that cybersecurity risks in edtech usage have been on the rise in recent years. Among other sources, they highlight a 2018 public service announcement from the FBI. At the time, the Bureau warned attacks on school district and edtech service provider systems had been on the rise. The information accessed was being used for a variety of uses, including extortion and sale on the dark web.

The FTC and DoE are the two agencies tasked with administering the Children’s Online Privacy Protection Act (COPPA) and the Family Educational Rights and Privacy Act (FERPA), both of which relate to students’ cybersecurity while in school. What’s more, both agencies regularly issue guidance to stakeholders to ensure safety.

Proposals for Guidance

As such, the senators suggest numerous proposals for a guidance:

-Edtech services should communicate their privacy policies to users conspicuously and in easily accessible fashion;

-Edtech services’ notice of their data collection and processing practices must be written in plain language so that it is easily understood by students, parents, and educators;

-Edtech services should not weaken privacy safeguards when users access their tools at

home, rather than in classroom settings; and

-Edtech services that, as a matter of policy or compliance with state or federal law, do not sell or otherwise monetize student data when those services are used in the classroom should apply those same policies when users access their services for at-home learning.

The senators also provide suggestions for a guide to be issued to families. As they point out, many learners don’t have much of a choice as to whether or not they continue learning using software and devices provided to them by their schools. The senators recommend that parents become familiar with good cybersecurity habits and take an interest in their kids’ online learning activity.

They also recommend that anyone who senses suspect cybersecurity measures or behavior report them to their schools.

Taking an Interest in EdTech

They conclude, writing, “Parents across the United States are grappling with the vast complications this pandemic has for their children. Those parents should not have to worry about the misuse or vulnerability of their child’s personal information when they log-on and learn remotely. Issuing guidance is critical to protecting students’ online privacy during the current national emergency.”

Senators Durbin, Markey, and Blumenthal have begun to take a wider interest in regulation of the edtech sector. In August of last year, the three wrote a different letter raising concerns over the practices of collecting student data and using it for marketing in higher education.

Read the full letter here.

Featured Image: Senate Democrats, Flickr.