EFF legal intern Rob Ferrari was the lead author of this post by Sophia Cope, Jason Kelley, and Bill Budington:
A new school year has started, the second one since the pandemic began. With our education system becoming increasingly reliant on the use of technology (“edtech”), especially for remote learning during the pandemic, protecting student privacy is more important than ever. Unfortunately, the Future of Privacy Forum’s 2020 Student Privacy Pledge, like the legacy version, continues to provide schools, parents, and students with false assurance due to numerous loopholes for the edtech company signatories that collect and use student data.
The Future of Privacy Forum (FPF) originally launched the Student Privacy Pledge in 2014 to encourage edtech companies to take voluntary steps to protect the privacy of K-12 students. In 2016, we criticized the Legacy Pledge after it reached 300 signatories—to FPF’s dismay.
The 2020 Pledge once again falls short in how it defines material terms, such as “Student PII” and “School Service Providers”; many of the 2020 Pledge’s commitments are conditioned on school or parent/student consent, which may inadequately protect student privacy; and new commitments are insufficiently precise.
PogoWasRight.org reached out to the FPF to ask if they had a response to EFF’s commentary. FPF’s VP of Youth & Education Privacy, Amelia Vance, had this to say:
The Student Privacy Pledge has been effective and widely adopted by school districts and companies because it takes key requirements in state and federal laws and presents them in simple terms that can be understood by parents, teachers, and schools. It has also created new enforcement opportunities for advocates and Attorneys General who have used the Pledge to take action against vendors.