Help Us Investigate the Ed Tech Industry
There’s a booming business in classroom software—and in some cases, the data on students that it produces
By: Todd Feathers
The educational technology industry is booming. Software is becoming a ubiquitous part of the classroom experience, and as it does, the companies selling these programs to schools are scooping up increasingly sensitive data about children.
Last week, we reported on a group of educational technology companies that are collecting massive amounts of data on tens of millions of students and, in some cases, selling targeted advertising access to those students to colleges and universities.
The students and parents we spoke to said they were shocked to learn the extent of the sensitive, personal information these companies held about them—and the way their personal data was monetized by the software companies. Ed tech vendors don’t publicize the full details of their data operations, and the contracts they sign with school districts are often full of vague legalese that raises more questions than it answers.
Now, in order to dig deeper into the ed tech industry, we’re asking for your help.
If you work for a school and are concerned about how the technology you’re using affects the students under your care, we want to hear from you. If you work for an ed tech company and have behind-the-scenes insight, please reach out.
And if you’re a student who wants to learn more about the for-profit companies tracking your daily activities, measuring your progress, and predicting your future—you can help us by requesting your own data and sharing it with us. Here’s how:
The Federal Educational Rights and Privacy Act
Under the Federal Educational Rights and Privacy Act (FERPA) parents, students 18 and older, or students who are younger than 18 but attend a post-secondary institution have the right to request access to their educational records from their school—including the information held by third-party vendors.
Under the law, schools must respond to these requests within 45 days. In some states, the timeline is even shorter.
FERPA requests for educational records can be broad—“Please give me all my educational records”—or specific to a particular type of record, such as the data that has been shared about you with a third-party vendor. On their websites, such as this page from the Atlanta Public Schools, many districts designate a specific person or office to which you should direct your FERPA request.
The records can contain very sensitive, private information. We encourage parents who are considering submitting FERPA requests to speak to their children about it first and to do so only with their consent.
We welcome the help of any parent or student who would like to share the results of their FERPA request with us to help our reporting, but our first priority is protecting children’s privacy. To that end, if you are considering requesting your data to share with us, please reach out so we can explain how it might be used in our reporting and what steps we can take to preserve privacy.
The California Consumer Privacy Act
The California Consumer Privacy Act (CCPA) grants residents of the state the right to request certain information from for-profit companies. That includes: what categories of information a business holds about you, the specific data points the business holds, the kinds of third parties the business has sold your data to, and whether the business has disclosed your data to another party for other business purposes.
The business does not need to be based in California in order for a California resident to submit a CCPA request, although it must do business in the state. Companies have 45 days to comply with CCPA requests, although they can request a 45-day extension.
The CCPA applies only to businesses with $25 million or more in gross annual revenue, businesses that collect personal information on 50,000 or more California consumers, or businesses that derive more than 50 percent of their revenue from selling California customer information. This covers many of the most popular ed tech vendors, including PowerSchool, EAB, and Naviance, but may not apply to smaller vendors your school uses.
The Electronic Privacy Information Center (EPIC) has a guide and CCPA request template you can use here.
We’re looking to connect with students and parents who would like to use the CCPA to work with us to uncover how their data is being used. But as with FERPA requests, these records can contain sensitive information, and we encourage parents to ask for their children’s permission before submitting requests. If you are interested in sharing the results with us, please get in touch to talk through options.
Other State Laws
Several other states have school-specific privacy legislation that allows parents or students to request access to the data held by third-party vendors.
The Parent Coalition for Student Privacy maintains a list of the applicable laws here.
If you have any questions about The Markup’s reporting or how you can help, please don’t hesitate to reach out to us confidentially at [email protected] or on Signal at 857-997-0375.
This article was originally published on The Markup and was republished under the Creative Commons Attribution-NonCommercial-NoDerivatives license.