Big Data and Our Children’s Future: On Reforming FERPA

Daniel J. Solove by Daniel Solove, TeachPrivacy
Tuesday, May 06, 2014

Last week, the White House released its report, Big Data: Seizing Opportunities, Preserving Values. My reaction to it is mixed. The report mentions some concerns about privacy with Big Data and suggests some reforms, but everything is stated so mildly, in a way designed to please everyone. The report is painted in pastels; it finesses the hard issues and leaves specifics for another day. So it is a step forward, which is good, but it is a very small step, like a child on a beach reluctantly dipping a toe into ocean.

Why Did inBloom Die? A Hard Lesson About Education Privacy

Daniel J. Solove by Daniel Solove, TeachPrivacy
Monday, April 28, 2014

For any organization who doesn't take privacy seriously, the demise of inBoom should be a loud wake up call. Funded by $100 million from the Gates Foundation, inBloom was a non-profit organization aiming to store student data so that school officials and teachers could use it to learn about their students and how to more effectively teach them and improve their performance in school. Who would have thought that a project with so much funding and promise would be shutting down just a few years after its creation? What went wrong?

The Dangers of Apps

Mary DeRosa by Mary DeRosa, The Chertoff Group
Monday, April 28, 2014

The explosion of smartphones and their apps has improved lives in many ways: greater convenience, more information, and far less boredom, to name a few. But the dangers of apps are beginning to get more attention. Apps access massive amounts of personal data, but they lag far behind other technologies when it comes to protection of privacy and data security.

The FTC and Privacy and Data Security Duties in the Cloud

Woodrow Hartzog Daniel J. Solove by Woodrow Hartzog, Samford University, Cumberland Law School
Daniel Solove, TeachPrivacy
Tuesday, April 15, 2014

Increasingly, companies, hospitals, schools, and other organizations are using cloud service providers (and also other third party data service providers) to store and process the personal data of their customers, patients, clients, and others. When an entity shares people’s personal data with a cloud service provider, this data is protected in large part through a contract between the organization and the cloud service provider. In many cases, however, these contracts fail to contain key protections of data. Because the consumer is not a direct party to these contracts and often cannot even have access to these contracts, the consumer is often powerless, and the consumer’s interests are often not adequately represented. In this short essay, we argue that there is a remedy in Section 5 of the Federal Trade Commission (FTC) Act that prohibits unfair and deceptive trade practices. Certain key cases from the emerging body of FTC enforcement actions on data protection issues can be read together to create a double-edged set of duties – both on the organizations contracting with cloud service providers and on the cloud service providers themselves. Not only does an organization owe a duty to consumers to appropriately represent their privacy and data security interests in the negotiation, but cloud service providers have an obligation to the consumer as well, and cannot enter into contracts that lack adequate protections and controls.

Read your privacy policies, people!

Doug Miller by Doug Miller, Milltech Consulting
Monday, April 07, 2014

The issue of consumer consent has taken center stage since the U.S. District Court in California accused Google of violating the federal Wiretap Act by scanning emails for targeted advertising. However, an unfolding story reveals that this same privacy policy also applies to Google’s education, business, and government cloud offerings. A recent exposé in Education Week highlights how Google, as part of its sworn testimony, admitted to mining student data to serve its own purposes, which includes using student data to show targeted ads to minors. While this revelation could suggest that Google is in violation of the Family Educational Rights and Privacy Act (FERPA), the fact that Google mines data from all of its services should not be a surprise. Why? Because, as Google states, when consumers use its services, they are consenting to its privacy policy, which gives Google the right to use and combine the personal information it collects to improve its services, develop new products, and display more relevant search results. This subsequently works to fund advertising.

The Battle for Leadership in Education Privacy Law: Will California Seize the Throne?

Paul SchwartzDaniel J. Solove by Paul Schwartz, Berkeley Law School
Daniel Solove, TeachPrivacy
Thursday, March 27, 2014

Education was one of the first areas where privacy was regulated by a federal statute. Passed in the early 1970s, the Family Educational Rights and Privacy Act (FERPA) was on the frontier of federal privacy regulation. But now it is old and ineffective. With the growing public concern about the privacy of student data, states are starting to rev up their engines and become more involved. The result could be game-changing legislation for the multi-billion dollar education technology industry.

Lawsuit Raises Red Flags For Government Cloud Users

Karen Evans by Karen Evans, KE&T Partners
Tuesday, March 25, 2014

A California lawsuit suggests the federal government must take stronger steps to protect government data from data mining and user profiling by cloud service providers. In the technology-rich world we live in, it's critical for everyone to understand how their data is processed and used. For the government, it is arguably even more important, given the massive amounts of sensitive citizen data it possesses and stores.

Duties When Contracting With Data Service Providers

Daniel J. Solove by Daniel Solove, TeachPrivacy
Tuesday, February 18, 2014

In the world of data protection, it’s an old story: Personal data gets shared with a third party data service provider, and then something goes wrong at the provider.

Your oven may be watching you

Michael ChertoffMary DeRosa by Michael Chertoff, Chertoff Group
Mary DeRosa, The Chertoff Group
Thursday, February 06, 2014

Participants in this year's Consumer Electronics Show in Las Vegas learned that the Internet is not just for smartphones and tablets anymore. This year's show had smart ovens, cars and crockpots; cameras that take pictures automatically; and devices that track anything from your heart rate to how well you brush your teeth. This is what the technology community calls "the Internet of Things," and many believe it is where consumer technology is headed. Google does, too. That's why it spent $3 billion to acquire Nest's smart thermostats.

Google admits data mining student emails in its free education apps

Jeff Gould by Jeff Gould,
Friday, January 31, 2014

When it introduced a new privacy policy designed to improve its ability to target users with ads based on data mining of their online activities, Google said the policy didn't apply to students using Google Apps for Education. But recent court filings by Google’s lawyers in a California class action lawsuit against Gmail data mining tell a different story: Google now admits that it does data mine student emails for ad-targeting purposes outside of school, even when ad serving in school is turned off, and its controversial consumer privacy policy does apply to Google Apps for Education.