Urge the NYC Chancellor to strengthen their proposed student privacy regulations now!

Please send a letter today to the NYC Schools Chancellor, the Dept of Education Chief Privacy Officer and the members of the Panel for Educational Policy,  the NYC school board, opposing proposed revisions to the regulations pertaining to student privacy.

These proposed revisions would essentially allow the NYC Dept. of Education to share the names, email addresses, phone numbers, home addresses, and birth dates of students with anyone they like, and with no restrictions except an unreliable parent opt out method. They would also weaken privacy protections for student health records as well as the security provisions in state law to defend against hacking and breaches.

The letter urges the DOE to postpone the vote on these regulations, now scheduled for Oct. 30, until they are fundamentally revised, and until DOE officials have met with parents and advocates to hear more about our concerns. A letter sent on behalf of Class Size Matters and the Parent Coalition for Student Privacy with more detail about these and other significant weaknesses in the proposed regulations is posted here and below.  Thanks!

Serious concern with proposed Chancellors regulation A-820 10.21.24

Our follow-up letter to the City, reaffirming our concerns with Teenspace violations of student privacy

Oct. 17, 2024

On Sept. 10, along with NYCLU and AI for Families, we wrote the Mayor, the DOE Chancellor, and the Commissioner of  Health about our deep concerns with the way in which the online mental health company Teenspace allows for the sharing of personal information with unnamed third parties for marketing purposes in a manner that would be illegal if the contract was signed by the DOE rather than the Dept. of Health. Their parent company, Talkspace, is being paid $26 million over three years by the city to provide free counseling to students, and the Mayor, the Commissioner of Health and the DOE have all been aggressively encouraging NYC students to sign up for these services, with no mention of how their personal data may be used for predatory marketing and other commercial purposes which could further undermine their mental health.   More on this here.

On Sept. 23,  Dept. of Health responded, arguing that they did not have to abide by the state student privacy law since they were not an education agency, but assuring us that their contract was no less  protective.  On Oct. 8,  we received the Talkspace contract via a Freedom of Information Law request.

The contract did not dispel our concerns.  Since we sent our initial letter, we had discovered that when a NYC student visits the Teenspace website on their phone, their personally identifiable information is shared with 15 ad trackers and 34 cookies, as well as Facebook, Amazon, Meta, Google, and Microsoft among other companies, which we saw from using the Blacklight  privacy audit tool. These findings were later confirmed by a security company that does privacy analyses.  These findings are particularly concerning, given how the city is suing many of these companies for undermining children’s mental health and designing their platforms to be addictive  in order to maximize their revenues via targeted advertising.

Our follow-up letter to the Dept. of Health is  here and below, copied to  other city officials.  If you’d like to hear more about Teenspace and other threats to student privacy, please attend our privacy briefing on Wed. October  23 at 7 PM EST; you can register here.

NYCLU PCSP & AIF response to DOHMH regarding Teenspace privacy violations 2024.10.16

Our comments to the Attorney General on how to regulate the NY Child Data Protection Act

Sept. 23, 2024

See here and below; our comments to the Attorney General’s office on how to implement regulations for the Child Data Protection Act, passed by the NY State Legislature in  June 2024, so that it doesn’t inadvertently weaken student privacy and instead strengthens the privacy of children and teens, in and out of schools.

For more on the AG’s request for comments see their website here.  The deadline is September 30, 2024 to be sent to [email protected] 

If you’d like to send in your own comments, here is a sample message:

As a parent [or teacher], I support the comments provided by the Parent Coalition for Student Privacy and urge you to make it clear in the CDPA regulations that 1- nothing in the law should weaken the stronger student privacy protections in federal and state law, including parent consent  provisions and prohibition against using student data for marketing purposes; 2- that the monetization of children’s data through transfer to third parties for commercial purposes should be prohibited just as the outright sale of that data; and 3- clear and concise privacy policies and consent documents must be required, or any consent on the part of a parent or minor cannot be meaningful.

Signed with your name, address, email

PCSP Comments on regulations to implement the CDPA 9.23.24

Privacy concerns with NYC student use of Teenspace online counseling service

Update Sept. 12, 2024:  Our letter was covered by  Daily News , Chalkbeat , State Scoop  and K12 Dive so far.  We just learned that in California a class action lawsuit was filed against Talkspace, the parent company of Teenspace, for sharing with TikTok the personal information of clients and visitors to its website, including the information of minors. We also learned that when a NYC student visits the Teenspace website on their phone, their personally identifiable information is shared with 15 ad trackers and 34 cookies, as well as Facebook, Amazon, Meta, Google, and Microsoft among other companies, which we saw from using the Blacklight  privacy audit tool,.

note:  corrected email address for Ann Williams-Isom is [email protected]

Sept. 10, 2024

See below and here: a letter sent today to NYC Mayor Adams,  Chancellor Banks, the NYC Health Commissioner, and the Deputy Mayor for Health and Human Services.  The letter was written and signed by the Parent Coalition for Student Privacy, NYCLU and AI for Families, and expresses our collective privacy concerns with the Teenspace telehealth mental health service.  The city is paying $26 million for this service, which has been widely promoted by the Mayor and NYC DOE to be used by NYC students.  

Teenspace is owned by a company called Talkspace and collects a huge amount of very sensitive personal information from teens before they even can create accounts  or access the privacy policy – and much of this information would be barred from collection by the federal student privacy law PPRA without parental consent or opt out if the district had contracted for these services rather than the city’s Department of Health.  The list of these questions is included in the appendix to our letter.

To make things worse, Talkspace says personal student data can be used for marketing purposes, which would be prohibited by the NY Student privacy law 2D, again if the DOE had signed the contract.

In 2022, several US Senators wrote to Talkspace, pointing out how the company also appeared to be taking advantage of a “regulatory gray area” in HIPAA, to exploit their patients’ data for profit.

Especially with all the breaches and misuse of student data by DOE contractors, the privacy of NYC students should be better protected than this. Finally, there have been widespread consumer complaints about Talkspace’s inadequate counseling services and overcharging of clients.  All of this and more is touched on in our letter below.   

 Teenspace Letter 2024.9.10