June 30th: National Student Data Deletion Day For K-12 Public Schools

Image Credit: CC0. Public Domain.

Our K-12 public schools are collecting an enormous amount of data about our kids that will pre-determine whether their dream schools will give their applications a fair assessment and if prospective employers will give them a chance to interview for an opening.

The type and amount of data being accumulated and stored by our public schools and third-party vendors is staggering.  For example, some elementary schools deploy identification cards with RFID chips that track when and how many times our kids go to the bathroom, how long they spend inside a bathroom stall while taking care of their personal business, and how many times they go to the water fountain along with all of their daily movements in and within the school’s property. Other schools utilize biometric palm readers that scan our kids’ hand or fingerprints to track everything our kids buy in the school cafeteria. All of this cumulative data is a honey pot for colleges, employers, insurance companies, data brokers, cyber criminals, foreign governments, etc…

Every time our kids may be admonished for talking out of turn or texting in class they may receive a permanent demerit in Class Dojo.  In the near future, classrooms may be filled with cameras and other tracking technologies that also analyze our kids every interaction with their teachers and class mates. This is not some type of crazy prediction; in China, this Orwellian future is already a reality.

Multiple companies in the educational technology space have intentionally misled students, parents, teachers, administrators, and lawmakers about how they are using the personal data they are collecting about our kids in school. For example, Google was caught intentionally scanning student emails for advertising and other troubling purposes despite prior promises it was not.  ConnectEDU tried to sell personal student data for profit when it went bankrupt despite promising not to do so. Edmodo, another educational technology company, was recently caught surreptitiously tracking students online to monetize their web surfing habits despite promises to the contrary.

As a parent and privacy advocate, I have come to the realization that more needs to be done to raise awareness about these issues and to effectuate change. Therefore, I am calling for all K-12 public schools and their vendors to automatically delete the following data points each and every June 30th after the school year has ended:

-All student Internet browsing history
-All student school work saved on platforms such as the Google G Suite
-All student created emails (and all other digital communications)
-All behavioral data points/saved class interactions (e.g. Class Dojo data points)
-All student physical location data points  (e.g. obtained via RFID tags)
-All biometric data collected and tied to a student account (e.g. meal  purchase information)
-Etc…
An Easy To Follow School-Data-Deletion-Request-Template

This is just the beginning of the conversation and as our schools collect more data points on our kids more data will need to be automatically deleted at the end of each school year. Each public school system and their vendors must be required to certify in writing that the requested data deletion has occurred.

None of these above data points were kept on the Greatest Generation, Baby Boomers, or Generation X so they are not needed to be collected and saved for future generations. If we really want to make “America Great Again,” kids should be allowed to be kids without the fear that their every move is tied to them for the rest of their lives.

Some educational technology vendors, industry funded think tanks/associations, and academics (e.g. George Mason University’s Law & Economics Center) may falsely claim deleting this data will harm our children and deprive parents and teachers of the knowledge they need to make more informed choices. Some arguments against automatic data deletion may include: it should be the parents choice, the data is needed for personalization, the information is needed to help improve the service offering so it will help better educate our kids, etc…

None of these arguments are valid and should not be believed. Parents should not have to opt into protecting their children’s privacy, safety, security, and future. If a parent doesn’t want their child’s data deleted then they have the right to opt out of automatic data deletion.

Privacy is the corner stone of a free and vibrant democracy.  Therefore, we need to start by better protecting our kids in school. The amount of data being collected on our children is staggering and no matter how hard I have advocated for stronger student data privacy laws and for stronger digital privacy laws, I have been out gunned by lobbyists funded by companies that relish an Orwellian society they can easily monetize.

As a parent, for the sake of our kids and future generations, I ask that you support National Student Data Deletion Day on June 30th by sending in an email or snail mail demanding that your public school system and their vendors start an annual purge of all the unnecessary data points collected about our kids.

Before our kids email and other school provided digital accounts are set up for the following school year, all prior non-essential data (most of the data is non-essential) should be deleted. Our children should be given a fresh start every school year just like we were when we attended school.

Data discrimination is real and to help prevent it now is the time to act before its too late!  Please HELP OUR KIDS BE KIDS IN THE DIGITAL AGE!

UPDATE: 
I am excited that Leonie Haimson and Rachel Stickland, Co-Founders of the Parent Coalition for Student Privacy are actively supporting National Student Data Deletion Day and I would like to thank them for their assistance. I would also like to thank Josh Golin of the Campaign for a Commercial Free Childhood and Diane Ravitch for their support. In addition, I would like to thank Ben Herold from Education Week who was gracious enough to write about this initiative on such short notice.

To better explain why this issue is so important and how I came up with the idea for National Student Data Deletion Day I would like to provide some personal details.  A little over a years ago, I received a call from my oldest child’s teacher while I was ironically attending the Privacy Law Scholars Conference in Washington, DC.

My son’s teacher alleged that he had performed an Internet search that contained some inappropriate Cee Lo Green content.  The teacher did not see my child perform the alleged Internet search and only found out about it after he blurted out “Wooow!” in class because he didn’t search for this and had no idea who was Cee Lo Green and why his content appeared on his screen.  I am not sure why students in elementary school are even able to access some of Cee Lo Green’s content (and others) in school but that is another issue entirely.

Instead of making this a learning opportunity, the teacher singled out my child for allegedly searching for inappropriate content.  When I spoke with my child, I found out that Google’s infamous auto complete was the culprit and not him. My son’s teacher was too quick to point the finger at him and when I tried to explain to her some of the autocomplete issues with Google’s servcies she didn’t seem to understand.

Since Google was previously caught intentionally misleading the public about scanning student emails for advertising and other purposes, I started to wonder how long Google would keep Internet browsing history that is tied to my son and his classmates.  Regardless of whether Internet search history data is accurate or not, it should be automatically purged annually to prevent our kids from being discriminated against in the future.

There is no legitimate reason for edtech vendors (and schools) to keep our kids Internet browsing history and many other digital data points past June 30th after the school year has ended and grades released.  Companies that actually believe in the importance of student privacy, safety, and security will enthusiastically support National Student Data Deletion Day and be happy to annually certify student data deletion.

Some vendors and their allies may try to create very detailed exceptions to automatic data deletion like what has happened with many of the new state student data protection laws.  Its not hard to create a list of data points that should be annually deleted.  While there may be some disagreement regarding specific data points, we should err on the side of caution to protect our kids.  If a parent wants to opt out of automatic deletion they have the right to do so.

For years, when it comes to protecting student data the focus has been on privacy and security with little or no thought to data retention and deletion policies. Bruce Schneier, one of the leading security experts in the world has stated,

“Saving data, especially e-mail and informal chats, is a liability.

It’s also a security risk: the risk of exposure. The exposure could be accidental. It could be the result of data theft, as happened to Sony. Or it could be the result of litigation. Whatever the reason, the best security against these eventualities is not to have the data in the first place.”

Data privacy, security, and  safety should no longer be an afterthought and something that parents need to affirmatively protect. It should be an automatic right.

As we have seen with the numerous data breaches over the past couple of years, if you collect large amounts of data you will be a target regardless of the privacy and security measures you install. If Sony, the NSA, U.S. Government Office of Personal Management, the National Democratic Party, and major international law firms are not able to protect their data with all of their resources what makes K-12 schools and edtech companies think they are so special that they can do so?

A recent Carnegie Mellon Study proves that many ed tech start ups put little or no resources into protecting the data they collect on our kids.  Cyber criminals are targeting our K-12 schools and winning. Why? Because they are going after the honeypot of data being collected.  How do we stop the damage? By regularly deleting data no longer needed.

When the edtech community is interested in fundamentally changing how we think about student privacy, safety, and security in the Digital Age I would be happy to work with them to make it happen.