County addresses concerns about student data privacy

School+issued+Chromebooks+were+distributed+at+the+start+of+the+school+year.

Victoria Tong

School issued Chromebooks were distributed at the start of the school year.

Last month, the Baltimore Sun reported that Baltimore County Public Schools were monitoring student laptops for signs of suicide through GoGuardian’s Beacon program, “a controversial innovation that came about during the pandemic after the system loaned families tens of thousands of the computers for use at home.”

MCPS does not implement this policy, but can still use GoGuardian to monitor screens during class and close webpages on student computers for elementary and middle schoolers, even off campus. Students’ return to a traditional school environment in the aftermath of a digital year has prompted some communities to reassess how their data is collected, stored, discarded and used.

MCPS will be conducting its third annual student data deletion week in the next few months. Over the course of five days, student data from Google platforms and other learning websites, like GoGuardian, will be erased from the county’s online databases.

This process is the culmination of a parent coalition’s advocacy efforts in 2019 for their childrens’ data to be annually expunged, on the grounds that information like mistaken search queries could potentially harm students’ futures. This may have stemmed from the Kyle Kashuv case, where the client’s ivy-league acceptance were rescinded because of old comments he had made on a Google document, raising concerns about the role of stored data in every form and whether it should impact a students future. 

Although the majority of personal data is deleted, records of attendance, vaccinations and disciplinary infractions will remain in MCPS’s system. 

“There is no legitimate reason the Internet search history, personal student emails, or the number of times a child buys dessert in the school’s cafeteria needs to be saved indefinitely,” digital privacy lawyer Bradley Shear stated in his 2019 testimony to the Board of Education. “Our students should not have to worry whether their school-related digital activities – which may out their political beliefs, their religion, their sexual orientation, personal health issues, or what they eat for lunch – may be used against them in the future.”

Every MCPS student uses a Google account, through which their emails, documents and search histories are recorded. 

“You can see everything you put in your Google accounts, you can see everything with your Gmail. Every year, your emails are wiped out. We don’t collect anything on that,” Assistant to Associate Superintendent of Office of Technology and Innovation Emily Cole Bayer said. “Your Google accounts are yours, so you see what we see. So there’s nothing behind the scenes with those platforms.” 

Dr. Cole Bayer stated that student data becomes “meaningless” after a certain amount of time, so annually deleting student data helps free up the county’s cloud-based storage accounts and reduces technology-associated costs. 

Shear also highlighted the added cybersecurity benefits of deleting student data. “Our public schools have become a honeypot for hackers and are increasingly being targeted by cyber criminals and others who want access to our student’s personal information,” Shear stated in his testimony. Because student data is annually deleted, there is less for hackers to attack. 

Despite implementing a data deletion practice that is one of the few in the country, MCPS is still required to report certain student statistics to the state and federal education systems. Data from Synergy and other administration platforms, such as grade, attendance and disciplinary infraction records, is sent to the state instead of deleted. 

“The state tells us, you know, this is what we need from the students, so that we have to collect that … they will use a database that’s seriously locked down, where only those who need to know can view it,” Dr. Cole Bayer said. 

All data collection processes and administrative access protocols are legally required to comply with a number of federal laws protecting the online privacy of minors, such as Family Educational Rights and Privacy Act (FERPA) and Children’s Online Privacy Protection Rule (COPPA). FERPA grants parents/guardians and eligible students the right to inspect and review the student’s education records preserved by the school and the right to request that a school amend the student’s education records. 

COPPA regulates how key tech companies, such as Google, “keep information they collect from kids confidential and secure,” according to Common Sense Media. Tech companies are also required to have a “clear and comprehensive” privacy policy and obtain parental consent prior to gathering information from minors. 

These policies are especially applicable when students access academic resources and social media. 

“I think one of the biggest detriments I’ve seen in terms of students’ attentiveness and behavior is … social media …. There’s full films on YouTube and Vimeo,” media specialist Michelle Alexander said. “But the real thing [is] that it has created an inability to concentrate and focus for long periods of time … I’ve seen students that were perfectly fine, from middle school, come in and become violent if you try to take their phone from them when they’re off task.”

This year, the Board of Education’s Technology offices, in coordination with MCCPTA committees, are reviewing student access to YouTube and considering a variety of opt-in or partial access options. 

The Office of Technology and Innovation receives many complaints about students using gaming websites and being off task during school.

But regulating what students do with their chromebooks continues to be a balance between privacy, security, and education.