Kids and the cloud – who is protecting their privacy?

serversNew research for the Ponemon Institute for SafeGov.org highlights some critical issues in the increasing use of cloud-based services to store and process the confidential personal information of people using public services.

On the one hand, schools are not immune from the need to modernise how they operate and reduce costs. According to the research, a strong majority of schools expect to deploy cloud email and document services in the foreseeable future. The data shows that the ease of administering the system and lower costs are key drivers to move to cloud, while just 11% of respondents say the move will help protect student privacy. One in four already use cloud email for students and one in five do so for staff.

Yet at the same time, they also object to data mining for profit by cloud providers and say that student profiling and ad serving should never be allowed in school-provided cloud services. Many schools also say parents should be able to opt their children out of data mining services.

The key point is made starkly clear: some schools admit they are tempted to trade student privacy for lower cost services.

This is both a a privacy issue, and a competition one. If schools were forbidden from using cloud services that mine the information uploaded, then the market would move to offer privacy-friendly services. As it is, like many other cloud services, a few massive companies are rapidly building significant market share and a huge amount of information about British kids.

These findings reflect much of our own experience when dealing with issues around children’s information in schools. The Government changed the law to give parents and children the right to not use biometric systems because of the privacy issues and the use of cloud services raises many of the same concerns. At a time when it is of serious importance to educate young people about the wider issues of privacy, this kind of attitude in schools is cause for concern. Equally, as our report on CCTV in schools found last year, there is surprisingly little oversight on individual schools when it comes to choosing this kind of service.

The idea that parents can opt-out from these services is going to be extremely tough to implement in reality, unless the school wants to have two different services running. The fact some schools felt that not giving an opt-out but ensuring the service providers fully disclose what they are doing to the data is enough is remarkable and very worrying.

While the response rate to the survey was not of academic standards, it is clear that these issues require extremely careful consideration before schools rush to implement services and risk compromising their students privacy with little or no parental input.