Privacy & Security

Maryland Dad Wants June 30 to Be “National Student Data Deletion Day”

By Benjamin Herold — June 30, 2017 5 min read
  • Save to favorites
  • Print

Bradley Shear is a lawyer who focuses on digital privacy and social media.

He’s also the father of two elementary-aged children who attend the public schools in Maryland’s Montgomery County.

A little over a year ago, Shear says, the focus of his professional life became an intensely personal concern, as well.

“I got a phone call from my son’s teacher, who said he had performed an internet search for inappropriate content on a school-issued Chromebook,” Shear said in an interview. “It got me thinking about all the data being collected about kids, and whether it will ever be deleted, and how it might be used in the future.”

That incident, which Shear attributed to the idiosyncrasies of Google Search’s auto-complete function, is one reason he is now leading a nascent effort to make June 30thNational Student Data Deletion Day.”

Here’s how he described the campaign in a recent blog post:

I am calling for all K-12 public schools to automatically delete the following data points each and every June 30th after the school year has ended: All student internet browsing history All student school work saved on platforms such as the Google G Suite All student-created emails (and all other digital communications) All behavioral data points/saved class interactions (e.g., Class Dojo data points) All student physical location data points (e.g., obtained via RFID tags) All biometric data collected and tied to a student account (e.g., meal purchase information)

“When I was young, I went to the library, I took out books on all kinds of crazy stuff, and that information wasn’t stored in the cloud to be analyzed by algorithms or sold to third-party advertisers,” Shear said. “Our kids should have the same freedom.”

Shear first started thinking about digital-privacy issues back in the late 1990’s. His first job out of law school was with the National Football League Players Association, he said, and legendary offensive lineman and union head Gene Upshaw asked him, “What are our guys doing online?”

Eventually, Shear opened his own private law practice, then a consultancy. In recent years, I’ve sought out his expert opinion on schools that search students’ cellphones, Google’s (since-halted) practice of scanning student email messages, and districts weighing whether to monitor students’ Facebook, Twitter, and Instagram accounts.

As part of his new campaign, Shear has prepared a sample data-deletion letter that parents can send to their schools. He’s sent a request of his own to the Montgomery County school district his own children attend.

So far, Shear said, there’s been no response. I put in a request for comment to the district’s communications office, and haven’t heard back yet, either.

But even thought it doesn’t appear that any schools have yet signed on, the concept of “National Student Deletion Day” is drawing interest in the privacy-advocacy community.

The Parent Coalition for Student Privacy, for example, thinks the idea is “brilliant” and has announced its support.

“Schools and their vendors collect far too much personal data—and use them in ways that are non-transparent and vulnerable to breaches,” parent-activist Leonie Haimson, who has played a major role in past student-data-privacy fights, said in an emailed statement.

“Parents are justifiably fearful that negative incidents in their children’s past may enter into their ‘permanent record’ and create damaging stereotypes that might bias their teachers against them, or be inserted into algorithms with discriminatory outcomes-creating self-fulfilling prophecies,” Haimson said.

If the concept of “student data deletion day” were to take off, it would represent a major change from how things are currently done, said Amelia Vance, the education privacy policy counsel at the Future of Privacy Forum, a Washington think tank.

The U.S. Department of Education’s Privacy Technical Assistance Center does have official guidance on “Best Practices for Data Destruction,” but the document tends to be more focused on the “how” than an on the “which data” and “how often it should be deleted.” Mostly, that’s because current federal law isn’t particularly clear on the subject.

In some parts of the country, Vance said, state education agencies or districts must review and make public the types of data they collect, and in some cases even seek permission from the state legislature to collect new information. California’s widely emulated student-data-privacy law also requires ed-tech companies to delete student information when schools request it.

To her knowledge, Vance said, only in New Jersey is there a regulation on the books that requires schools to make an annual review of student data, with information deemed no longer educationally relevant to be deleted.

Companies that sign the voluntary Student Privacy Pledge, which the Future of Privacy Forum oversees, also make a public commitment to “not knowingly retain student personal information beyond the time period required to support the authorized educational/school purposes, or as authorized by the parent/student.”

Taken together, that means that in general, the current reality is typically that schools and vendors collect the information, and then someone—in many cases, parents—have request that it be deleted.

Shear’s proposal would turn that dynamic upside down, making the deletion of a wide range of student data automatic, unless parents said they wanted the information to continue to be stored.

There’s a lot about the idea of “student data deletion day” to like, Vance said in an interview.

It provides a clear avenue for parents to get involved, without having to mount an extensive legislative-advocacy campaign or figure out how to influence a company that might be headquartered on the other side of the country. And it’s hard to imagine any valid educational reason that schools and companies would need to store some of the types of information that Shear specifies, such as internet browsing history, Vance said.

But the devil will inevitably be in the details, she noted.

What if some of the “student work” saved on an online learning platform includes student artwork or essays? What if a student’s email messages to her teacher included attachments that are part of her educational record and need to be saved? Isn’t it valuable for a 4th grade teacher to know if an incoming student needs help with reading, or might need extra supports getting homework done because her parents recently got divorced?

“I’m not a big fan of deleting all data without considering whether [they’re] useful to keep,” Vance said. “But I’d absolutely support the idea that schools should be reviewing the information that they hold on students to make sure it’s something they still need.”

For his part, Shear says he’s a big believer in technology, and he hopes his children will still be able to use it at school.

But he wants a more balanced approach to how technology is used, and part of that is better data-retention and -deletion practices, he said.

It’s especially important, Shear said, because parents have struggled to convince administrators, policymakers, lawmakers, and vendors to slow collection of student information in the first place.

“The last line of defense to protect our kids is to require that superfluous data be automatically deleted, and to require vendors to certify in writing when it happens,” he said.

“My hope is to spread this idea nationally.”

Photo: Privacy and social media lawyer Bradley Shear, photographed in Bethesda, Md.--Charles Borst/Education Week

See also:

A version of this news article first appeared in the Digital Education blog.