Cloud Used in Schools Pose Risk to Student Privacy

27 September 2013 Internet, IT & e-Discovery Blog Blog
Authors: Peter Vogel

Many schools require children to use apps on the cloud, and as a result privacy groups are asking the cloud providers to promise better privacy protection. On September 23, 2013 SafeGov.org issued a Report about EU data privacy for students which among other things that among other things stated that the:

...advertising-oriented cloud services may jeopardise the privacy of data subjects in schools, even when ad-serving is nominally disabled.  

The Report identified these threats to student “... online privacy occasioned by the use of such services in the school environment include the following”:

Lack of privacy policies suitable for schools: By failing to adopt privacy policies specifically crafted to the needs of schools, cloud providers may deliberately or inadvertently force schools to accept policies or terms of service that authorise user profiling and online behavioural advertising.

Blurred mechanisms for user consent: Some cloud privacy policies, even though based on contractual relationships between cloud providers and schools, stipulate that individual data subjects (students) are also bound by these policies, even when these subjects have not had the opportunity to grant or withhold their consent.

Potential for commercial data mining: When school cloud services derive from ad-supported consumer services that rely on powerful user profiling and tracking algorithms, it may be technically difficult for the cloud provider to turn off these functions even when ads are not being served.

User interfaces that don’t separate ad-free and ad-based services: By failing to create interfaces that distinguish clearly between ad-based and ad-free services, cloud providers may lure school children into moving unwittingly from ad-free services intended for school use (such as email or online collaboration) to consumer ad-driven services that engage in highly intrusive processing of personal information (such as online video, social networking or even basic search).

Contracts that don’t guarantee ad-free services: By using ambiguously worded contracts and including the option to serve ads in their services, some cloud providers leave the door open to future imposition of online advertising as a condition for allowing schools to continue receiving cloud services for free.

Computerworld reported that a SafeGov.org spokeswoman stated:

We think any provider of cloud computing services to schools (Google Apps and Microsoft 365 included) should sign up to follow the Codes of Conduct outlined in the report.

The cloud privacy issues identified in this Report present no surprises. Even though the Report is focused on students in the EU, clearly the privacy issues impact students world-wide. What the cloud providers to do remedy the situation will be interesting to follow.
 

This blog is made available by Foley & Lardner LLP (“Foley” or “the Firm”) for informational purposes only. It is not meant to convey the Firm’s legal position on behalf of any client, nor is it intended to convey specific legal advice. Any opinions expressed in this article do not necessarily reflect the views of Foley & Lardner LLP, its partners, or its clients. Accordingly, do not act upon this information without seeking counsel from a licensed attorney. This blog is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Communicating with Foley through this website by email, blog post, or otherwise, does not create an attorney-client relationship for any legal matter. Therefore, any communication or material you transmit to Foley through this blog, whether by email, blog post or any other manner, will not be treated as confidential or proprietary. The information on this blog is published “AS IS” and is not guaranteed to be complete, accurate, and or up-to-date. Foley makes no representations or warranties of any kind, express or implied, as to the operation or content of the site. Foley expressly disclaims all other guarantees, warranties, conditions and representations of any kind, either express or implied, whether arising under any statute, law, commercial use or otherwise, including implied warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Foley or any of its partners, officers, employees, agents or affiliates be liable, directly or indirectly, under any theory of law (contract, tort, negligence or otherwise), to you or anyone else, for any claims, losses or damages, direct, indirect special, incidental, punitive or consequential, resulting from or occasioned by the creation, use of or reliance on this site (including information and other content) or any third party websites or the information, resources or material accessed through any such websites. In some jurisdictions, the contents of this blog may be considered Attorney Advertising. If applicable, please note that prior results do not guarantee a similar outcome. Photographs are for dramatization purposes only and may include models. Likenesses do not necessarily imply current client, partnership or employee status.

Authors

Related Services

Insights

CMS Proposes Enhanced Scrutiny over Medicaid Supplemental Payments
20 November 2019
Health Care Law Today
The Purpose of a Corporation
November 2019
Legal News: Business Law
Should This Be a "Mobility" Industry Blog?
19 November 2019
Dashboard Insights
Data Processing Patent Eligibility: Federal Circuit Finds Claims Eligible in KPN v. Gemalto
19 November 2019
IP Litigation Current
PATH Summit 2019
18-20 December 2019
Arlington, VA
Madison CLE Days
18-19 December 2019
Madison, WI
MedTech Impact Expo & Conference
13-15 December 2019
Las Vegas, NV
HFMA MA-RI Annual Compliance Update
12 December 2019
Boston, MA