Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
On Jan. 12 President Barack Obama announced a set of privacy and security initiatives, including calls for special protections for students. The initiatives were unveiled in a lead-up to Obama's Jan. 20 State of the Union address.
Bloomberg BNA Privacy & Security Law Report Senior Legal Editor Donald G. Aplin posed a series of questions on the student data protection initiative to Jules Polonetsky, executive director and co-chair of the Future of Privacy Forum in Washington. Before joining the forum, Polonetsky worked as a privacy leader for AOL Inc. and DoubleClick, as the chief consumer law enforcement official for New York City and as a New York state legislator.
The Future of Privacy Forum (FPF) and the Software & Information Industry Association’s (SIIA) program in which companies pledge to protect student privacy was, I believe, the only industry self-regulatory effort specifically noted by the president in unveiling his privacy and data security initiatives. What is it about the program that you think made it of such interest to the Obama administration?
The pledge was designed to create trust between schools and families by addressing parent concerns about their children’s information. It is an enforceable program developed in response to a bipartisan call in June 2014 from Reps. Jared Polis (D-Colo.) and Luke Messer (R-Ind.) for “industry leaders, parents and teachers to come together” to identify privacy expectations, and create good commitments on data privacy in schools.
The Obama administration has been a supporter of e-learning and of ways to use technology and data to improve education for students. The big data report from John Podesta, counselor to the president, details many of the benefits of personalized learning, but also flags the importance of responsible rules to address privacy concerns.
The pledge delivers on the goal of supporting responsible uses of data, while demanding compliance with baseline privacy rules.
How did your experience working for a large online advertising company help in identifying issues of concern in protecting student data and in working with industry partners to bring the project to life?
I have been a consumer protection regulator and a chief privacy officer at technology companies, and at FPF we have launched multiple best practices efforts and codes of conduct in different sectors.
In each case, developing a standard that is respected by parents, businesses, advocates and government requires understanding the concerns of each constituency and respecting their values.
For education, it meant working with the SIIA, the National PTA, the National School Boards Association, the Council of Chief State School Officers, Data Quality Campaign, small ed-tech start-ups and parents. Coming to the table with an understanding of data and technology certainly helped.
When you first announced the program in October 2014, there were only 14 signatories, a number that grew to 75 by Jan. 11 right before the president’s announcement. What was it that made the participant list expand so quickly?
We launched with a core group that included big players in ed tech like Microsoft Inc. and Amplify, as well as prominent small companies like Edmodo and others.
The numbers started to grow immediately and were boosted by early support from the White House; the numbers grew again when Obama made a strong demand for companies to step up and promise parents strong privacy measures. We are also seeing schools and school districts raising the pledge with prospective vendors.
We’re at 96 signatories as of the morning of Jan. 23.
The president also announced an effort to pass a student digital privacy act—akin to the student privacy bill introduced by Sens. Edward J. Markey (D-Mass.) and Orrin Hatch (R-Utah) in the last Congress—to restrict many of the same things as the self-regulatory effort, like restricting data collection to educational purposes and banning the use of student data for behavioral advertising. Is a student privacy law a necessary complement to or perhaps a compliance enforcement backstop for the voluntary pledge?
Any legislative effort is an uphill battle in Congress, and school issues have traditionally been a state priority.
The pledge is enforceable against companies the minute they sign on. We hope that it will be possible for legislative proposals and the pledge to set a national standard, so that online textbooks and learning apps don’t need to be designed differently in each state and then again to comply with federal law.
Obama said the proposed law would be modeled on California’s Student Online Personal Information Act, which was enacted to fill what the sponsors said is a hole in the federal Family Educational Rights and Privacy Act and implementing regulations. Do you agree that there is a hole in FERPA that needs fixing?
FERPA was written in the 1970s when security was a lock on a file cabinet, so there have been some growing pains in applying it the evolving digital world. Nevertheless, there has been some pretty consistent agreement on how to apply the principles behind FERPA.
It was originally written as an access law—to make sure parents could see, and if necessary, correct information in their child’s educational record. That same level of transparency and control is still the foundation of trust between parents and schools today, but now it also extends to companies who may provide some of the services that schools used to do themselves.
Notify me when updates are available (No standing order will be created).
Put me on standing order
Notify me when new releases are available (no standing order will be created)