Privacy, consent and cyber-security
Recently we have had several queries from subscribers relating to consent and children’s online privacy with digital platforms in schools. These have posed interesting questions, which have not been easy to answer. Here is a range of questions, feedback and resources on this topic.
“My 6 year old has been asked to sign an IT student user agreement form in class. I’m not happy with some of the things happening in his class on devices (watching shows and online stories during morning tea and lunch; playing online on rainy days and before school starts; IT is being used as a reward for good behaviour), and I’m not keen on some of the apps my child is using. The agreement he has been asked to sign is beyond his understanding, let alone his reading ability. I don’t want him to be ostracised by being the only child not using a device but this just seems wrong to me, what should I do?”
“I thought that schools didn’t have the right to disclose personal information to other organisations outside of the school, but this is what happens with third-party agreements. Does this mean student data is at risk? Are schools putting themselves at risk (legally) by doing this?”
“My child’s school can’t give us any clear answers about how long the kids are using devices for each day. How do I know what I’m agreeing to on my child’s behalf?”
“Are there risks to children’s privacy and data with using Google platforms?”
“Netsafe’s previous guidelines advised schools that primary and intermediate-aged children were too young to be able to consent to digital contracts, and parental consent was required. Now they do recommend that children sign agreements, and the requirement for parental consent is gone. I don’t think my child is old enough, and I would like a consent form. Could it be that this creates potential problems for schools if some parents don’t consent?”
For most issues, the first port of call would be talking to the school. Sharing the information below led to a partial resolution for one parent, and ongoing discussions have been constructive.
· Ministry of Health guidelines that explain why it is not recommended that children eat in front of a screen
· Recommendations for parents and teachers that screen time shouldn’t be used as a reward
· Recreational screen guidelines (regarding screen use outside of lessons)
Many of these questions are outside of our scope of expertise, so we have made some enquiries. Some we are still waiting to hear back from, and we’re interested to hear any other thoughts.
Privacy and cyber-security
Most parents we have directed to contact Netsafe or to look at their website:
For cyber-security the Ministry of Education have resources:
Privacy, data sharing and third-party agreements
Why does it matter if children’s data isn’t protected? Privacy is a right, and online privacy is important, to avoid manipulation or victimisation. Data is collected, analysed, and it can be sold and stolen. In the future, we don’t know what might become an issue.
We sought feedback from a tech industry manager after receiving a question on this topic, and received this opinion regarding the data sharing, third-party agreements and student privacy query (shared with permission but name withheld).
“This parent’s concerns are likely valid. The parent is right in the fact that they haven’t been signed up for a service where data is being collected by a third party and that the parent hasn’t agreed to the terms and conditions, the school has done that on the parents behalf without full disclosure (probably as it’s deemed the school is acting in the best interest of their students). The parent’s experience is specific to their school, so while generalisations could probably be made to other schools, the first port of call would be to raise these points with the teacher, leadership team and Board of Trustee’s. But this is easier said than done.”(In fact, this has all been unsuccessful for the parent involved).
In the US, CCFC and the Children’s Screentime Action Network have created opt out forms, where parents can advise schools that they may not disclose directory information to third parties without the parents’ consent.
This topic is interesting in light of recent international news, including in the Netherlands, where Dutch Education ministers have briefed MP’s on research indicating that products designed by Google for schools do not have sufficient privacy safeguards in place.
While this is certainly not the first occurrence, news that a secondary school had been held hostage and paid a ransom after a cyber-attack threatening student data as well as curriculum and exam disruption, highlights the importance of security, privacy and consent, both for students and schools.
We have asked for a legal opinion about these complex issues in relation to New Zealand law, and look we forward to hearing back.