Policy Falls Behind in Protecting Students’ Privacy

Written by: Jason Burns

Primary Source: Green & Write, March 16, 2016

The privacy of students is an important right – one that has been protected by federal laws since the 1970s. However, technological change is currently outpacing the ability of government regulations to protect student privacy. As such, policymakers need to find ways to ensure that students’ personal information is protected.


The main federal policy concerning the confidentiality of student records is the 1974 Family Educational Rights and Privacy Act (FERPA). In the words of Senator James Buckley, one of the co-sponsors of FERPA, the aim of the law is to prevent the “abuse of student records” by giving parents, or students after they turn 18 or leave high school, control over who can access their school records.

Under FERPA, schools are not allowed to share student records unless the student or parent consents. There are, though, some exceptions such as when a student transfers schools or the school/district needs student data for evaluation purposes. FERPA also gives students the right to inspect their records and stipulates a procedure to correct information deemed inaccurate.

For the last four decades, FERPA has provided important protections for students’ privacy. However, the greater adoption of technology in recent years by educators and schools presents new challenges to maintaining the confidentiality of students’ information.

Personal Information in the Digital Age

Image courtesy of pixabay.

When we use services such as Google and Facebook, these companies document our activities to learn about our tastes and personality. Generally, this information is used on a massive scale for targeted advertising (and product improvement). According to Data Center Knowledge, a trade publication of the information technology industry, Facebook’s Swedish data center is nearly 3 times the size of the National Security Agency’s controversial Bluffdale, UT data center. Data Center Knowledge also believes that Google has 2 data centers larger than the Bluffdale facility and has plans to build a third. The collection of massive amounts of personal information has become the subject of controversy as privacy advocates claim that this violates people’s privacy. Apple CEO Tim Cook has even weighed in, calling out tech companies for exploiting users’ personal information to make money.

Student Privacy in the Digital Age

The increasing use of technology in classrooms raises concerns about maintaining the privacy of students’ digital information. For example, Google Apps for Education (GAFE), a set of applications designed for students and teachers, has seen its number of users grow from 8 million in 2010 to 40 million in early 2015, and it is projected to have over 110 million users by 2020. As this trend continues, students may become more and more susceptible to breaches of privacy. And because this information is not collected or maintained by schools themselves, it is not protected by FERPA.

In 2014, Google admitted in a lawsuit that it had been “scanning and indexing” emails sent using Google Apps for Education to create profiles of GAFE users, which could then be used for targeted advertising. Since that time, Google has amended its agreement specifying the relationship between the software company and schools to state that Google will not collect user data from GAFE products.

Just last month, Google again caught flak for mining student data – this time with non-GAFE products. For instance, data generated from a student typing an assignment in Google Docs was not collected, but if that student used Google Search to find information about that assignment, or anything else, that data was collected. This issue has drawn the attention of Senator Al Franken, who has begun to investigate what Google does regarding student information and privacy. A response from Google to a letter from Sen. Franken can be found here.

Protecting Students’ Right to Privacy

It is important to note that in the instances mentioned above, it was not found that Google broke the law by collecting information on students. Even the constraints on data collection spelled out in the agreement that Google signs with schools are voluntarily imposed.

But that’s the problem. In an age where data is one of the most valuable commodities, policymakers need to curb the trend that has seen young people’s information increasingly collected for profit.  This is an “abuse of student records.” As FERPA was written before the internet, it may need to be expanded to include non-school entities that collect, or could collect, information on students. Currently, FERPA applies only to records collected by schools because in 1974 student records were things like transcripts, course grades, and attendance records.  In the age of the internet it seems unreasonable to think that students’ right to privacy should be limited to these school-collected records, and as such, FERPA should be expanded to protect students from any entity that collects their personal information. It may also be wise to establish a more general right to privacy for students that would require all who work with student data to protect students’ information. Without adequate privacy protections, it is likely that students’ private information will continue to be exploited without their knowing.

Contact Jason: burnsja6@msu.edu

The following two tabs change content below.
Jason Burns
Jason Burns is a second-year doctoral student in Educational Policy. His research interests include the application of theories from economics, behavioral economics, and psychology to understand how teachers, students, and administrators use information to make decisions. Before coming to MSU, Jason taught high school social studies, wrote curriculum, and developed assessments for Howard County Public Schools in suburban Maryland. Jason holds a bachelor’s degree from Kent State University and a master’s degree from the Johns Hopkins University.