There is a massive amount of data out there, and it is being created at an astonishing rate every single day. The information is being mined by many different organizations that use the data to provide many different types of services. Data mining was mostly used in science and mathematics, but now even marketers use it to find consumer data from websites.
The growth of this data is partially being driven by cloud computing, because it provides an affordable solution for storing large amounts of information. Public organizations facing budgetary pressure are making the move to the cloud, bringing with them the data from schools and other agencies. It is this particular subject regarding school data in the cloud environment that has officials worried. Placing sensitive information about school children in the cloud poses potential risks if the data is compromised or used for something other than education.
SafeGov.org has conducted research to address many of the issues organizations like schools can potentially face by using cloud computing. The researchers interviewed more than a dozen European Data Protection Authorities (DPAs) and a number of European Commission officials regarding data protection policy. While there was support for initiatives to protect the data of school children, the EU is still functioning under an antiquated set of regulation established in 1995 as part of the 1995 Data Protection Directive. Although the EU is debating legislation of the proposed General Data Protection Regulation (GDPR), the urgency of the matter should not be underestimated.
The research can be applied to other governmental agencies, but the focus is primarily on school children. As schools around the world start using cloud infrastructure to give parents a more interactive solutions to their children's education, they run the risk of being tracked and profiled for online advertising purposes, or worse. SafeGov.org hopes to bring awareness to many of the issues facing this demographic by implementing codes of conduct by service providers which includes "a binding pledge to ban the processing and secondary use of students' personal information for advertising purposes while in school."
"The use of commercial cloud services by schools in Europe is growing, and while the benefits of such adoption are indisputable – ease of use, cost and simplicity -- the education sector contains particularly vulnerable users who require special privacy protection. We're comforted by the support voiced for safeguarding school children, and today we're asking for a clear, principled commitment from cloud, policy and education actors banning targeted advertising in schools," said Jeff Gould, President of SafeGov.org.
Current EU data protection laws prohibits the gathering of this data so it can be used for advertising purposes, but SafeGov.org is calling on Europe's DPAs, the European Commission, national education ministries, European schools and parent associations for regulations throughout the EU with better control measures.
The privacy of the children could be violated in a number of ways including: lack of privacy policies suitable for schools; blurred mechanisms for user consent; potential for commercial data mining; user interfaces that don’t separate ad-free and ad-based services; and contracts that don’t guarantee ad-free services.
The interviews were conducted in April and May of 2013 with a broad range of topics relating to data protection in Europe focusing on two key questions:
Do vulnerable populations of data subjects, such as school children, require more protection when using cloud services than individual consumers?
If so, what mechanisms in current and future European data protection legislation might provide such additional protection?