Welcome to the April edition of the FPF Youth & Education Privacy newsletter. I’m Miles Light, policy counsel on the Y&E team and the lead author of this month’s newsletter; you can read last month’s edition, led by Bailey Sanchez, here. Recently, my work has focused on research regarding privacy protections in the child welfare system and analysis of the four child privacy proposals pending in Congress. Next month you will hear from Lauren Merk, Policy Counsel. There is a lot happening in student and children’s privacy, as both topics have been the subject of national attention in recent months. By rotating FPF experts, we will spotlight different perspectives on important issues in these areas.  

This month, we’re highlighting several recent developments in child and student privacy, including:

  • A new report on student activity monitoring by Sens. Ed Markey and Elizabeth Warren

  • Student data security in the wake of a substantial New York City schools data breach.

  • The House passed the long-gestating College Transparency Act; will it survive conference committee negotiations?

  • Investigative reporting on the long term challenges faced by parents placed on Child Abuse and Neglect Registries.

  • The FPF Youth & Ed team’s takeaways from the 2022 IAPP Global Summit.

  • New data from Common Sense Media about the growing amount of time kids spend on social media, and how few report enjoying that time.

  • New state legislative activity in California, Connecticut, and Minnesota.

As we are continuing to refine the content and format of this newsletter, we want to hear from you -- what’s on your mind, and how can we help? Reach out to us anytime by replying to this email.

Senators Shine Spotlight on Snoopin’ Schools

Earlier this month, Senators Ed Markey (D-MA) and Elizabeth Warren (D-MA) releasedConstant Surveillance: Implications of Around-the-Clock Online Student Activity Monitoring,” which discusses privacy and equity concerns surrounding student monitoring programs that continue to be widely deployed in schools. Among other things, the report calls on the FCC to issue new Children’s Internet Protection Act (CIPA) guidance to provide clarity regarding the law’s “monitoring the online activities” provision. Read more about the findings in The 74 Million and more from FPF on the privacy and equity implications of self-harm monitoring.

Students’ physical movements are increasingly being tracked, too, as facial recognition and AI-powered cameras once used for fever detection and to enforce mask wearing and other COVID protocols are now being used for discipline and school safety, despite questions about the ethics and efficacy of this approach.

Good Kids, Mad City

As we discussed last month, schools and edtech companies have collected unprecedented amounts of student data during the last two years. While helpful in many cases, large scale data collection creates heightened risks that can expose student data. These risks were laid bare in January when a New York City Schools vendor was hacked, exposing the personal information of 820,000 current and former New York City public school students as well as students in Connecticut. Just last month, FPF Senior Technologist Jim Siegl spoke with EdWeek about the New York City Schools hack and why so many schools are struggling to protect student data. While state AG investigations into the New York/Connecticut student data breach are ongoing, Vox takes a look at a more common occurrence: “Companies lose your data and then nothing happens.”

Hail Alma Mater!

The College Transparency Act, a longstanding proposal that aims to collect (and on a limited basis, share) more data about “how colleges perform at educating students” recently took a significant step forward when it passed in the House as part of the larger America COMPETES Act of 2022. However, the Senate version of the bill, United States Innovation and Competition Act of 2021, lacks the House’s language on college transparency. All eyes now turn to the conference committee tasked with resolving differences between the two chambers; depending on the outcome of committee negotiations, the College Transparency Act could make it into the final shared bill. While versions of the bill have long enjoyed bipartisan support, the proposal is not without controversy. This is the closest the bill has come to passing since its initial introduction in the 2017 legislative session.

In other higher education news, a recent report co-published by Chalkbeat and The Markup revealed that millions of current and prospective college students filling out the Free Application of Federal Student Aid, or FAFSA, may have had their names, email addresses, and ZIP codes shared with Facebook, even when a visitor to the FAFSA site did not have a Facebook account. This is a developing story, and more information is likely to be available in our next newsletter.

FPF published additional perspectives on student data privacy in higher education from guests Dr. Kyle M.L. Jones, Professor Michael Brown, and Dr. Kristen A. Renn. Dr. Jones’ article explores the “datafication” of student life in higher education and its consequences for student privacy. Professor Brown’s blog scrutinizes how the use of massive datasets in higher education affects governance and research. Dr. Renn’s post discusses takeaways from a recent survey exploring how student affairs and student success professionals view student data privacy.
Child Welfare and Parental Privacy
BuzzFeed News recently released an investigative report highlighting equity concerns regarding the long-term effects of registration on state child abuse and neglect registries. The report documents numerous instances where parents–disproportionately parents of color–were placed on registries for the legally nebulous charge of neglect, often for idiosyncratic or disproportionate reasons. Once placed on a registry, these parents faced challenges finding employment and government services. This reporting raises questions around personal data included on registries, the lack of process and notice requirements, and the difficulties parents face appealing registration.
Youth Privacy at IAPP
While it wasn’t surprising, we were heartened to hear so many discussions about youth privacy at the International Association of Privacy Professionals’ 2022 Global Summit in Washington, DC. Discussions included sessions focused on trans-national child privacy enforcement, age-appropriate design, and issues specific to teens’ privacy. On the conference floor, several privacy management vendors promoted products focused specifically on COPPA compliance. We also saw copies of IAPP’s new publication, Children’s Privacy and Safety, flying off the shelf!
Round Robin: Social Media Screen Time, Childrens’ Privacy Enforcement, and Legislative Updates

On the heels of President Biden’s endorsement of new privacy protections for kids online, policymakers continue to seek ways to better protect kids. New data from Common Sense Media reinforces the urgency of these efforts, finding that kids’ screen time rose 17% in the last two years. A good portion of that time (nearly 1.5 hours a day for teens) is spent on social media; but only 34% of teens reported enjoying using social media. 

A group of 43 attorneys general asked Snap and TikTok to work more closely with third-party parental control apps, tighten their own parental control options, and do more to filter out harmful content; in the meantime, The Wall Street Journal published a helpful guide to using parental controls. The World Economic Forum released a toolkitto help companies develop trustworthy artificial intelligence for children and youth” and BBB National Programs’ Center for Industry Self-Regulation created a new teen privacy and safety roadmap for businesses.

AdExchanger published a good explainer of COPPA’s “actual knowledge” standard and the difference vs. a “constructive knowledge” standard; the FTC’s recent COPPA enforcement action against WW International and its kid-focused weight loss app, Kurbo, also caught the attention of digital marketers

FTC Chair Linda Kahn addressed the Kurbo settlement during her remarks at IAPP, emphasizing that the settlement requires more than just a penalty or fine. Kurbo was also required to “delete its ill-gotten gain and destroy any algorithms derived from that data.” What exactly does that mean? FPF explains algorithmic destruction in our blog post and in conversation with NPR.

On the legislative front, the California Assembly took a big step forward in adopting new children’s privacy rules that would align with the U.K.’s Age Appropriate Design Code. On April 20th and 28th, respectively, the Connecticut Senate and House of Representatives voted overwhelmingly to pass its own comprehensive data privacy bill. On May 10th, Governor Lamont signed the bill, making the Connecticut Data Privacy Act the 5th comprehensive state data privacy law. The law includes several provisions specific to child privacy, including a consent requirement before companies can monetize the data of teens 13-15. Meanwhile, the Minnesota legislature continues to debate a controversial proposal to ban the use of algorithms by social media companies to target users younger than 18. Ultimately, as highlighted in a recent report from the U.K.’s communications regulator Ofcom, “support for young internet users needs to come from parents, teachers, governments, and the social media industry.”
8 hours 39 minutes: average daily screen time for a teen in 2021, according to a new survey by Common Sense Media.
7: EdWeek shares seven questions parents should ask (and educators should be ready to answer) about data privacy.
7.4 million: the estimated number of identity fraud cases that could occur by 2030 as a result of parents oversharing online, according to research by the Bank of Barclay’s via Good Housekeeping. The estimated price tag: $900 million.
4: ways to improve your district’s data privacy, via ManagedMethods and eSchoolNews.
10 billion: YouTube users watched 10 billion hours of YouTube Gaming live streams in 2020.
99: percent of kids ages 3-17 went online in 2021, according to a new report by Ofcom, and 64 percent of kids ages 8-11 used social media.

2: The U.S. has enacted just two “narrow” tech laws in the last 25 years, falling well behind Europe, the New York Times reports.

Through expert panels and our expo booth, FPF remained active during this two-day, in-person conference. CEO Jules Polonetsky moderated a conversation with FTC Commissioner Noah Phillips.
Former Youth & Education Policy Counsel Juliana Cotto presented her co-authored paper “Preparing School Leaders to Use Data Ethically” at WestEd’s 2022 AERA Annual Meeting. For more resources on this topic please see Juliana’s work on FPF’s Student Data Privacy and Data Ethics Scenarios User Guide.
FPF Senior Technologist Jim Seigl talked to EdWeek about why schools are struggling to protect student data, and to EdTech Magazine about schools’ shift to cloud computing and how that impacts FERPA and other student privacy laws.
FPF's Privacy Metrics Report
Senior Fellows Omer Tene and Mary Culnan recently published FPF’s Privacy Metrics Report. This report provides useful guidance on how privacy professionals in any setting should integrate metrics to ensure their program is operationalizing data handling best practices.
Come work with us! FPF is hiring multiple roles, including on the Youth & Education team.
Meet the Seattle teenager advocating for a groundbreaking new law to protect young kids who appear in often highly-profitable family vlogs. And read the proposed legislation here.
Copyright © 2022 Future of Privacy Forum, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.