What lessons can we learn about data privacy in the education sector? 

No. 82: Bringing you the news that matters in video privacy and security

From interactive apps and virtual classrooms to personalized learning software, these technologies collect vast amounts of information about students' academic performance, behavior, and even personal preferences. However, as educational platforms expand their digital footprints, the responsibility to protect the personal data of students, particularly minors, grows stronger.

In the US, digital education company edX LLC is facing a proposed class-action lawsuit for allegedly sharing users' private video data and personal information with third-party vendors without consent. The lawsuit points to potential violations of the federal Video Privacy Protection Act and underscores the vulnerability of personal data on educational platforms. 

Meanwhile, in the Isle of Man, two secondary schools were directed to turn off surveillance cameras inside their bathrooms, after it was revealed they failed to comply with data protection legislation. 

These cases exemplify the broader challenges and responsibilities faced by educational institutions and tech companies. While the aim is often to enhance learning experiences and ensure security, the methods employed must not compromise the privacy of students. 

These cases exemplify the broader challenges and responsibilities faced by educational institutions and tech companies. While the aim is often to enhance learning experiences and ensure security, the methods employed must not compromise the privacy of students. It is crucial to conduct thorough data protection impact assessments to identify and mitigate risks. Obtaining explicit consent for data collection is essential for data compliance, and to respect and protect students' (and other consumers') privacy rights. 

As always, please send any feedback or topics of interest you would like to be covered.

Seena, Editor


News

US lawmakers propose measures to limit TSA biometric screening in airports

Lawmakers in California are proposing a bill to limit the biometric identification service Clear from using standard TSA lanes at airports, due to concerns over its unequal line-skipping service. Federal Senators are also pushing legislation to restrict the TSA's use of facial recognition technology in traveller verification programs, citing privacy concerns and the need for stricter oversight.

Biometric Update: Airport biometrics bans proposed in US state and federal legislation

AP News: Senators want limits on the government’s use of facial recognition technology for airport screening

 

Report uncovers global surveillance spyware networks imported into Indonesia 

A new report by Amnesty International has found that a wide range of invasive spyware and surveillance products have been imported and deployed in Indonesia, by surveillance sellers and brokers across Asia, Europe, and the Middle East. Among other things, the report highlighted the potential of these tools to be used for intimidation, as well as the lack of effective regulatory oversight.

Amnesty International: Indonesia: Murky network of spyware imports exposed - new report

Infosecurity Magazine: Indonesia is a Spyware Haven, Amnesty International Finds

 

Digital education company face class-action lawsuit over unauthorized data sharing 

Digital education company edX LLC and its parent company 2U Inc. are facing a proposed class-action lawsuit for allegedly sharing users' personal information with third-party vendors without consent. The lawsuit claims that the companies embedded multiple application programming interfaces (APIs) and software development kits (SDKs) to unlawfully share viewing data and personal information.

Bloomberg Law: Online Lecture Platform Hit With Second Consumer Privacy Suit

Class Action: UNITED STATES DISTRICT COURT DISTRICT OF MASSACHUSETTS HENRY DE LA PAZ, individually and on behalf of all others similarly situated, Plaintiff, v. 2U, INC. and EDX, LLC, Defendant

 

Columbia city officials consider automatic body-worn cameras for police 

Columbia's city officials are exploring options to introduce technology that would automatically activate police body-worn cameras, to address officers failing to turn them on. This move is part of a focus on policy improvements to improve transparency and trust in police, including extended footage retention and the potential for cameras to record continuously.

Columbia Missourian: City officials considering automatic body-worn camera technology for CPD

Columbia Daily Tribune: Columbia's Citizens Police Review Board reviews policy on body-worn cameras

 

Isle of Man schools ordered to stop CCTV use in student bathrooms

Two secondary schools in the Isle of Man have been directed to stop using surveillance cameras in school toilets, after operating them for 18 months without proper data protection compliance. Originally installed to deter vandalism and misbehavior, the cameras were found to lack the necessary transparency and data protection impact assessments.

BBC News: Secondary schools told to turn off CCTV in toilets

Isle of Man Today: Isle of Man schools ordered to stop using CCTV in pupils' toilet areas


AI Snippet of the Week

US Senators introduce legislation to bolster AI security

US Senators Mark Warner and Thom Tillis have introduced the Secure Artificial Intelligence Act as a means to address the emerging threats of data manipulation techniques like data poisoning and evasion attacks. The legislation would bolster AI security by establishing a specialized center at the NSA and mandating the creation of a comprehensive database of AI system breaches at NIST and CISA. 

The Verge: AI security bill aims to prevent safety breaches of AI models

Warner.senate.gov: Warner, Tillis Introduce Legislation to Advance Security of Artificial Intelligence Ecosystem


Policy Updates

Nebraska introduces new data privacy law 

Nebraska has joined the list of US states with data privacy laws, with the new Nebraska Data Privacy Act (NDPA), set to take effect in January 2025. The NDPA provides broad consumer rights, including access, correction, and deletion of personal data, and introduces stringent requirements for businesses on consent, data protection impact assessments, and handling of sensitive data.

The National Law Review: Nebraska Becomes the Latest State to Enact a Comprehensive Consumer Privacy Rights Law

White & Case: Nebraska Enacts Comprehensive Data Privacy Law


To subscribe to our fortnightly newsletter, please click here

Thanks for reading, if you have any suggestions for topics or content that you want to see covered in future please drop a note to: info@secureredact.co.uk

Previous
Previous

The privacy gamble: are we trading too much for technology?

Next
Next

Privacy under pressure: regulators continue to rein in data breaches