It is a generally accepted truth that the growth of big data has had a negative knock-on effect on privacy. And whilst it’s the more high profile data breaches that stick in your mind – take last year’s infamous Sony Pictures hack – in 2014, higher education institutions were amongst those hardest hit. Governments and policymakers are increasingly moving in to close loopholes and pass legislation that protects student privacy; however, there isn’t an easy fix.
By George Bodie
An area gaining particular attention is the accelerated adoption of cloud computing in schools. A recent study in the US led by Professor Joel Reidenberg, Director of the Center on Law and Information Policy at Fordham Law School, found that 95% of schools keep their student data in the cloud.
Third party cloud providers such as Google, Amazon and Microsoft Store are often used as cheap and easy alternatives to storing data over in-house school servers. In turn schools forfeit full control of who can access student data, running the risk of it falling into the hands of aggressive marketers, keen to use it for targeted ads.
In the US, Senator Richard Blumenthal is at the forefront of pushing through the ‘Safe Kids Act’, a measure which would ban education companies such as online homework portals, student email programs, cloud services and digital teaching aides, from selling or keeping student data for targeted ads. It would also require them to keep to certain data security standards when handling the information. Hopes are that the bill, or something resembling it, will be passed this autumn. But will this be enough?
Policymakers in the US have tried to address these issues in the past. Remember InBloom? It was the software hailed as the ultimate solution for schools to store data in a secure, common format, giving them complete control over what data was collected and how it was shared. But the big idea – which involved a group of non-profit organisations, educators and politicians; millions in seed finding from the likes of the Bill and Melinda Gates Foundation; and partnerships with nine US state districts –ended up as the first major big-data casualty.
Instead of flourishing, InBloom wilted under mounting pressure from the media, parents and privacy advocates, who staged protests and filed lawsuits. InBloom was forced to shut down and delete all data. It was clear that due to fear, a lack of transparency, policy and understanding about the technology, schools just weren’t ready to embrace this approach.
Meanwhile, in Europe, the Spanish Data Protection Agency (AEPD) has introduced Europe’s first inspection of cloud computing services in education. With 8 million primary and secondary school students using cloud services in Spain, the AEPD is particularity concerned about the division of responsibilities between various companies and bodies handling personal data, particularly between software providers and schools. As an AEPD spokesperson put it: “While providers argue that they do not have the 360 insight and ignore the nature of the stored data, schools say they are not security experts and that is not their business.”
As the march of big data shows no sign of letting up, the question of privacy is one likely to continue to dominate discussions in the coming years. Whilst regulators seek to catch up with the upsurge of trends such as cloud-based teaching services, educators globally will increasingly be required to familiarise themselves with these processes.
At OEB 2015, representatives from the education, business and public service sectors will come together to explore ways in which institutions and companies can balance privacy concerns while using data to enhance learning experiences.
They will also be looking at the tools that are available now to help educators reduce risks and protect student data. For instance, tools to give students control of their own data, and companies that provide a secure service for online examinations and proctoring.
Join the discussion at OEB 2015, taking place in Berlin, December 2 – 4, 2015.