While daily news articles bombard us with egregious examples of “surveillance capitalism” and misuse of our personal data, well-intentioned businesses are struggling to comply with a shifting patchwork of privacy laws that regulate how they collect and manage the personal data they need to function. Websites that reach the European Union (EU) need to assure that their privacy policies extend the protections afforded to EU residents under the General Data Protection Regulation (GDPR). Although website privacy policies might once have been ho-hum boilerplate, they now demand close scrutiny for legal issues and liabilities.
Likewise, educators for some years have been trying to balance the opportunities to incorporate new educational and commercial technologies into the classroom against privacy concerns. These issues accelerated dramatically in the transition to remote and hybrid learning environments necessitated by the COVID-19 pandemic. Schools have had few tools ready to resolve the collision between the enabling technology – videoconferencing platforms, data analysis, educational assistants, interactive learning activities – and student privacy.
In the United States we have limited protections in place to balance technological advances and personal privacy. Unlike the EU, which adopted GDPR in 2018, the U.S. has no unified privacy scheme. Although the U.S. Constitution does not mention privacy, legal scholars and courts have devised a body of principles and legal decisions regarding privacy. The few federal privacy statutes on the books are sectorial – HIPAA for the health industry, the Children’s Online Privacy Protection Act (COPPA) for children under 13, the Gramm-Leach-Bliley Act for the financial industry – and often sadly outmoded for today’s fast-paced technological transformation. While there are some proposed bills in Congress, they are not likely to go anywhere anytime soon.
Because of the lack of an overarching federal law, states are taking matters into their own hands. California has taken the lead by enacting the California Consumer Privacy Protection Act (CCPA). Many other states have data privacy bills in play, further exacerbating the patchwork confusion.
Astounding technological advances in artificial intelligence (AI) are enabling businesses to engage in ever more sophisticated targeted marketing. Likewise, AI-enabled programs are allowing educators to support students of all abilities. However, AI feeds on massive amounts of data and involves highly interconnected networks, resulting in intrusions into the personal privacy of consumers, students and their families that are largely unrecognized.
Privacy concerns are impacting our daily lives in innumerable ways. Social media encourages individuals to share personal information, which in turn is sold to advertisers and exposes sensitive information to unknown and potentially unscrupulous eyes. And now contact tracing for COVID-19 pits privacy concerns against global health and economic stability.
We routinely help online businesses navigate data privacy regulations and adapt to changing requirements while transparently disclosing their data collection practices to consumers. Through legal services and our blogs and FAQs, we are advising educators on appropriate practices for the physical and remote classrooms and the safe use of technology in both environments.
- Reviewing and preparing website privacy policies that comply with GDPR, COPPA and other applicable laws and ensuring the use of appropriate cookie notices
- Preparing an internal GDPR compliance checklist and data protection policy for a nonprofit organization to govern its handling of customer and employee personal information
- Advising clients on actions to take in the wake of the European Union Court of Justice decision invalidating the Privacy Shield as a basis for international data transfer
- Advising an association of educators on privacy issues in the classroom and online
- Helping a children’s musical theater organization adapt its in-person procedures and consent forms for protecting personal information to virtual educational and performance programming during the COVID-19 pandemic