Three Democratic senators have sent out letters to executives at more than 50 data analytics and education technology firms — including Google, Facebook, the College Board and Blackboard — requesting details about how the companies collect and protect vast amounts of data on the students using their services.
The letters, sent on August 12, come one year after the FBI issued a warning to parents about the amount and sensitivity of their kids’ data these companies held. The warning suggested that parents research the Family Educational Rights and Privacy Act, or FERPA, the law that governs student data collection, and any school-related cyber breaches that they come across. Now, Sens. Richard J. Durbin (Ill.), Edward J. Markey (Mass.) and Richard Blumenthal (Conn.) are investigating the data collection process themselves.
The senators sent letters to data management and analytics businesses that collect data for profit, as well as companies that use the data to design education tools. In a letter obtained by the Washington Post that is addressed to Michael Newton, the chief executive of database management firm AccurateLeads, the senators clarify their concerns for student data that is obtained and sold without student or parental consent.
“We are concerned that schools, parents, and students are at risk of having significant amounts of data stolen, collected, monetized, or sold without their permission or knowledge,” the letter said.
The kinds of data re-sold by these companies is often personally identifiable. Last year’s FBI warning said companies collect data such as:
- personally identifiable information
- biometric data
- academic progress
- behavioral, disciplinary, and medical information
- web browsing history
- students’ geolocation
- IP addresses used by students
- classroom activities
Data from those categories could be used by bad actors to bully, threaten, track or steal the identity of students, the FBI warned. In the letter to Michael Newton, the senators asked companies to disclose what kinds of student data they collect and store, where they receive data, why they store it, and if or how they disclose that storage to students or parents. In another letter to Google CEO Sundar Pichai, the senators asked similar questions, including the purpose of any data collection from educational software, whether Google has ever had a data breach related to their educational tools and what obligations Google assumes it has to fulfill under FERPA.
In both letters, the senators urge the companies to create and communicate a comprehensive data privacy statement. The letters also request a response with answers by Sept. 3.
Digital-privacy advocates are also concerned about state-sanctioned data collection. In states that have tried to develop their own student data policies, like Florida, pushback against what appears to be “privacy-invasive,” data collection, according to the Future of Privacy Forum, is already organizing. That organization is one of 32 that signed a letter of concern about Republican Gov. Ron Desantis’ “student safety” data portal, which was designed to gather student disciplinary history, law enforcement records, and social media records in one centralized location, but that stakeholders now say has fallen short of its original goals.