A growing number of primary and secondary (K-12) school systems nationwide are adopting cloud-based educational technologies ("ed tech"), tools which "enable the transition of computing resources — including information processing, collection, storage, and analysis — away from localized systems (i.e., on an end user’s desktop or laptop computer) to shared, remote systems (i.e., on servers located at a data center away from the end user accessible through a network)" in the course of educational and/or academic administrative work. Cloud-based ed tech possesses unique innovative potential that can best be unlocked when the opportunities it presents are considered alongside the importance of protecting student privacy.
This paper, building upon findings of the ongoing Student Privacy Initiative under the auspices of the Berkman Center for Internet & Society at Harvard University, provides a snapshot of key aspects of a diverse — and heated — law, policy, and implementation debate that is taking place in the rapidly evolving cloud-based ed tech landscape. It aims to provide policy and decision-makers at the school district, local government, state government, and federal government levels with greater information about and clarity around the avenues available to them in evaluating privacy options. This analysis focuses on three overarching questions: who in the educational system should make cloud-based ed tech decisions; when is parental consent needed for the adoption of these technologies; and how can data transferred, stored, and analyzed through these products be kept secure and, as necessary, de-identified?