A new report from SafeGov.org questions if schools are properly protecting their students’ private information. According to the group, the main issue is that cloud providers force schools to accept usage polices that allow for user tracking and usage-based advertising. This is fine for a normal user, but in many cases students are also subject to this agreement, without even having signed for it or being made aware that it exists.
Similarly, cloud providers often do not disable tracking systems for their ad-free student versions, meaning that students are tracked even when no ads are being shown to them through the service. This can happen when the cloud provider finds it too technically difficult to turn off the tracking system.
Even in cloud environments where no tracking is conducted, some providers encourage students to engage further with other related services that do track for ad purposes, without informing students these services are not part of their private cloud. As a result, these students may be exposing their private email, video, networking and other activities while still under the impression that they are within a private, restricted environment.
Last month, the Swedish Data Protection Authority (DPA) ordered a school to stop using its cloud provider because the agreement between the school and the provider wasn’t specific enough in describing how students’ personal data was being collected and used. A similar ruling was handed down by Norway’s DPA earlier this year.