What lessons can we learn about data privacy in the education sector?
No. 82: Bringing you the news that matters in video privacy and security
From interactive apps and virtual classrooms to personalized learning software, these technologies collect vast amounts of information about students' academic performance, behavior, and even personal preferences. However, as educational platforms expand their digital footprints, the responsibility to protect the personal data of students, particularly minors, grows stronger.
In the US, digital education company edX LLC is facing a proposed class-action lawsuit for allegedly sharing users' private video data and personal information with third-party vendors without consent. The lawsuit points to potential violations of the federal Video Privacy Protection Act and underscores the vulnerability of personal data on educational platforms.
Meanwhile, in the Isle of Man, two secondary schools were directed to turn off surveillance cameras inside their bathrooms, after it was revealed they failed to comply with data protection legislation.
These cases exemplify the broader challenges and responsibilities faced by educational institutions and tech companies. While the aim is often to enhance learning experiences and ensure security, the methods employed must not compromise the privacy of students.
These cases exemplify the broader challenges and responsibilities faced by educational institutions and tech companies. While the aim is often to enhance learning experiences and ensure security, the methods employed must not compromise the privacy of students. It is crucial to conduct thorough data protection impact assessments to identify and mitigate risks. Obtaining explicit consent for data collection is essential for data compliance, and to respect and protect students' (and other consumers') privacy rights.
As always, please send any feedback or topics of interest you would like to be covered.
Seena, Editor
News
US lawmakers propose measures to limit TSA biometric screening in airports
Lawmakers in California are proposing a bill to limit the biometric identification service Clear from using standard TSA lanes at airports, due to concerns over its unequal line-skipping service. Federal Senators are also pushing legislation to restrict the TSA's use of facial recognition technology in traveller verification programs, citing privacy concerns and the need for stricter oversight.
Biometric Update: Airport biometrics bans proposed in US state and federal legislation
Report uncovers global surveillance spyware networks imported into Indonesia
A new report by Amnesty International has found that a wide range of invasive spyware and surveillance products have been imported and deployed in Indonesia, by surveillance sellers and brokers across Asia, Europe, and the Middle East. Among other things, the report highlighted the potential of these tools to be used for intimidation, as well as the lack of effective regulatory oversight.
Amnesty International: Indonesia: Murky network of spyware imports exposed - new report
Infosecurity Magazine: Indonesia is a Spyware Haven, Amnesty International Finds
Digital education company face class-action lawsuit over unauthorized data sharing
Digital education company edX LLC and its parent company 2U Inc. are facing a proposed class-action lawsuit for allegedly sharing users' personal information with third-party vendors without consent. The lawsuit claims that the companies embedded multiple application programming interfaces (APIs) and software development kits (SDKs) to unlawfully share viewing data and personal information.
Bloomberg Law: Online Lecture Platform Hit With Second Consumer Privacy Suit
Columbia city officials consider automatic body-worn cameras for police
Columbia's city officials are exploring options to introduce technology that would automatically activate police body-worn cameras, to address officers failing to turn them on. This move is part of a focus on policy improvements to improve transparency and trust in police, including extended footage retention and the potential for cameras to record continuously.
Columbia Missourian: City officials considering automatic body-worn camera technology for CPD
Columbia Daily Tribune: Columbia's Citizens Police Review Board reviews policy on body-worn cameras
Isle of Man schools ordered to stop CCTV use in student bathrooms
Two secondary schools in the Isle of Man have been directed to stop using surveillance cameras in school toilets, after operating them for 18 months without proper data protection compliance. Originally installed to deter vandalism and misbehavior, the cameras were found to lack the necessary transparency and data protection impact assessments.
BBC News: Secondary schools told to turn off CCTV in toilets
Isle of Man Today: Isle of Man schools ordered to stop using CCTV in pupils' toilet areas
AI Snippet of the Week
US Senators introduce legislation to bolster AI security
US Senators Mark Warner and Thom Tillis have introduced the Secure Artificial Intelligence Act as a means to address the emerging threats of data manipulation techniques like data poisoning and evasion attacks. The legislation would bolster AI security by establishing a specialized center at the NSA and mandating the creation of a comprehensive database of AI system breaches at NIST and CISA.
The Verge: AI security bill aims to prevent safety breaches of AI models
Policy Updates
Nebraska introduces new data privacy law
Nebraska has joined the list of US states with data privacy laws, with the new Nebraska Data Privacy Act (NDPA), set to take effect in January 2025. The NDPA provides broad consumer rights, including access, correction, and deletion of personal data, and introduces stringent requirements for businesses on consent, data protection impact assessments, and handling of sensitive data.
White & Case: Nebraska Enacts Comprehensive Data Privacy Law
To subscribe to our fortnightly newsletter, please click here
Thanks for reading, if you have any suggestions for topics or content that you want to see covered in future please drop a note to: info@secureredact.co.uk