USC Annenberg

Is student privacy the killer app?

In a series of columns, alums of USC Annenberg share stories of their time at the school, discuss their career, and offer advice to students.

Legal Disclaimer: The information contained herein is for information only and should not be construed as legal advice. The views and opinions expressed in this article are those of the author and do not necessarily reflect the official policy or position of the Privacy and Technology Project, the Institute for Innovation Law, the University of California Hastings College of the Law, or the USC Annenberg School.

Will student privacy rights expand from children, to young adults, to all users? A killer app is the new use for a device or technology that makes it a best-seller. There are economies of scale in addition to public relations advantages for offering all users the same upgraded experience. Further, once a privacy-protective service becomes available, some users “can’t un-see” the advantages of privacy for themselves. If privacy is available to children, adults might notice these services as well.

Most student privacy legislation, including some in the works like the Student Privacy Protection Act, and some enacted legislation like last year’s new California law the Student Online Personal Information Protection Act, focus on K-12 student privacy. However, student privacy issues extend beyond high school graduation, especially as students leave home and begin to assume more control over sensitive personal information related their educations that their parents previously managed for them. There are a host of privacy and security concerns with data gathered from students of all ages not covered by the outdated and limited Family Educational Rights and Privacy Act of 1974.

Data breach and broader data protection laws have been introduced, debated, and then swept under the carpet by U.S. legislators for several years running. Yet there is one small issue that garners attention and praise whenever it is raised as part of a federal bill: Protect the children. Who is going to vote against that concept? So at a high level, student privacy has been the one area that has gotten some traction against the rather established presumption in American society that if you make something (a database) you get to capitalize on it (sell it, use it for marketing).

As with all data protection initiatives, students would benefit from data minimization principles. Only the minimum data about students should be collected, and older data should be destroyed. For instance, Social Security numbers should be used for the provision of Social Security services, not as an easy proxy for identification. Social media identification is problematic as well, especially given the coexistence of erasure laws and the Children's Online Privacy Protection Act.

Once an erasure law emerged in California, slowly but surely online content purveyors might provide similar services for customers in other states and allow not only children but also adults to remove content associated with their personal information. Similarly, some social media companies have begun to allow editing of previously-posted text, including Facebook, and rumored, Twitter.

Possibly, the next step in the U.S. would be to go to a full “Right to Be Forgotten” as is ensconced in the European Union. This gives users the ability to take down not only copyright violations, revenge porn, and other limited categories of objectionable material, but also to permit a broader right to request that personal material be taken offline, or at least off a search engine or two. Before starting this process in the U.S., there will be a fair amount of First Amendment and commercial concerns raised by those who want to continue operating in a largely unfettered Internet. Before we go all the way to Europe, however, let’s see whether student privacy takes off on a national level in the U.S., and whether it takes the rest of the community along for the ride.