A Belated Win for Student Privacy

Photo credit: Nick Youngson (CC BY-SA 3.0)

The U.S. Department of Education recently found that the Agora Cyber Charter School in Pennsylvania did violate the Family Educational Rights and Privacy Act (FERPA). Rules established during the Obama administration weakened FERPA, and there has been concern about how outdated it has become considering the rise of educational tech. So it’s remarkable anyone would be found in violation.

Unfortunately, the original complaint was filed on December 16, 2012, and it took the Department of Education almost five years to respond.

EdSurge reports:

Last November, after reviewing responses from Agora, the Department found that the cyber charter did violate FERPA. To use services from Agora, which contracted with third-party service providers such as K12 Inc., Blackboard, and Sapphire, parents were required to agree to policies set forth by those providers. K12’s Terms of Use policy required students to enter identifiable data and granted the company and its affiliates “the right to use, reproduce, display, perform, adapt, modify, distribute, have distributed, and promote [information put into the platform] in any form, anywhere and for any purpose.”

The Department ruled that requiring students to use third-party services that share student data with unauthorized parties as a condition of enrollment is a violation of FERPA. In its letter, federal education officials wrote that “a parent or eligible student cannot be required to waive the rights and protections accorded under FERPA as a condition of acceptance into an educational institution or receipt of educational training or services.“

Perhaps this is a sign that the Education Department under the Trump Administration will be responsive to parents’ student data privacy concerns. This ruling is a good first step. Let’s hope they significantly reduce the response time.