Student Data Security Is at Risk. We Need to Update FERPA.

By Henry Kronk
November 25, 2018

Earlier in November, about 100 students at the Secondary School for Journalism in Brooklyn walked out of school. They were protesting the school’s adoption of Summit Learning and the Summit Platform. Having grown frustrated with long hours of screen time every day and a system that didn’t suite them well, put their student data at risk, and which could be easily cheated, they left school to register dissent. More recently, two organizers of the event wrote a letter to Mark Zuckerberg. The platform has been funded by the Chan Zuckerberg Initiative and was initially developed by Facebook engineers. In the letter, Akila Robinson and Kelly Hernandez write:

“Another issue that raises flags to us is all our personal information the Summit program collects without our knowledge or consent. We were never informed about this by Summit or anyone at our school, but recently learned that Summit is collecting our names, student ID numbers, email addresses, our attendance, disability, suspension and expulsion records, our race, gender, ethnicity and socio-economic status, our date of birth, teacher observations of our behavior, our grade promotion or retention status, our test scores and grades, our college admissions, our homework, and our extracurricular activities. Summit also says on its website that they plan to track us after graduation through college and beyond. Summit collects too much of our personal information, and discloses this to 19 other corporations.

“What gives you this right, and why weren’t we asked about this before you and Summit invaded our privacy in this way?”

Federal law, actually, gives Zuckerberg and Summit Learning this right. The Family Educational Rights and Protection Act (FERPA) governs the protection of personal student data in school and, among other things, conditions under which it can be disclosed. It was written in 1974 and signed into law by President Gerald Ford. The act has been expanded and amended many times throughout its history.

FERPA Has a Major Loophole

As it stands, FERPA provides numerous exceptions that allow schools to disclose student data without parental or guardian consent, but edtech companies and organizations like Summit Learning tend to exploit a single one of these.

Under FERPA (34 CFR Part 99.31), “An educational agency or institution may disclose personally identifiable information from an education of a student without the consent required by § 99.30” if “the disclosure is to other school officials, including teachers, within the agency or institution whom the agency or institution has determined to have legitimate educational interests.”

Furthermore, “A contractor, consultant, volunteer, or other party to whom an agency or institution has outsourced institutional services or functions may be considered a school official” so long as said party “performs an institutional service or function, “is under direct control of the agency or institution,” and is subject to further requirements.

Edtech Companies Can Be Considered as a ‘School Official’ and Mine Student Data

In other words, in the case of Summit Learning at the Secondary School for Journalism in Brooklyn, they are considered a ‘school official’ performing a function and/or service. No consent was needed, and Summit Learning is fully within their rights to collect student data.

Many other edtech companies continue to collect student data through this loophole. It shouldn’t be that way, and FERPA is due for a rewrite.

The Electronic Frontiers Foundation provides a great resource for any individuals looking to take a deeper dive into the subject.

Featured Image: Jorge Alcala, Unsplash.


    • Mike — you know not what you speak of, my friend. Kaplan University has been the leader in online education and learning technology for a number of years. As with all learning institutions, there are some dark moments and therefor some disgruntled students – who follow a career path to only find out that they made poorly in formed choices. The degree is as REAL and as VAID as the one you received from Purdue. The Higher Learning Commission – the SAME one that accredits YOUR degree from Purdue University, would not give them accreditation if the school did not meet or exceed their standards. Purdue University Global will adhere to the same collegiate standards as Purdue University does and probably more – considering the wild criticism people like you impose they have to be.

  1. Kaplan is and has been a school unrealistic expectations for students! Highly upset with Kaplan because my educational purposes were not in the best interest of the school! I have outstanding balance of 53,000 only to be unable to complete my degree and too, the admission department explained to me, the school woul give me a certificate! Wth! Personally I had “no idea,” the school degree plan in child and family welfare had changed to adolescent and youth administrative! That simply means I waste money and Kaplan stole money because I would have never attended Kaplan under those measurements! I’m contacting the educational department and explain to them, the classes Kaplan charged me for were a complete waste because I did not need the classes and to think my education has been placed on because of Kaplan University! I’m taking a stand because I was not an average student, above average while attending Kaplan! All that did read will read more about me in the near future because I am going to show this school up!