On September 18, 2014 Lisa Shultz, public education advocate and member of the Parent Coalition for Student Privacy, tagged @leoniehaimson and @parents4privacy in a tweet about Pearson’s new collaborative partnership with an edtech startup called LearnSprout. Her tweet linked to a public document (link now here) that listed the data schema used for their product. At the time we knew little about the company, but their name was familiar because they had once been listed as a partner of inBloom.
Lisa’s tweet also caught the attention of Paul Smith, Marketing Director for LearnSprout. He quickly engaged in a thoughtful and productive Twitter exchange between @lisa4schools, @leoniehaimson and @parents4privacy. In 140 characters or less, we asked Paul numerous questions about the types of data his company collected, how they used the data, their data retention and deletion policies, and how they contracted with schools and school districts. Though Paul did his best to field the barrage of questions, we agreed it was best to take the conversation offline.
Paul reached out to us by email and encouraged us to provide feedback on LearnSprout’s Privacy Policy and Terms of Service. We were happy to help but first we wanted to know more about the company ‘s services and customers. What we learned didn’t put us at ease. Paul described how, at the time, schools would setup LearnSprout with limited-access administrator account to the student information system (SIS) in order to send data to LearnSprout for analysis. This included a number of personally identifiable data fields from the system. LearnSprout would then analyze the data and present the school user with a series of graphs and charts to “identify historical trends, track college readiness and spot at-risk students.” Authorized school/district personnel could then access reports profiling individual student’s attendance, gender, free/reduced lunch status, etc. (See image below.)
Further, to sign up for this free service, the “customer” or school employee simply accepted the “click wrap” agreement. There was no negotiated contract between LearnSprout and the school/district – a teacher or administrator merely agreed to the Terms of Service which, of course, favored LearnSprout by stating: “We reserve the right, at our discretion, to change the Terms on a going forward basis at any time. Please check the Terms periodically for changes.”
Upon learning more about LearnSprout, we were clear with Paul that we disagreed with the underlying principles of their service and would we never endorse their product because we believe strongly that profiling individual students – no matter how pure the intention – stigmatizes children and can harm or limit their future chances for success. We also insisted that the “click wrap” agreement insufficiently protected schools/districts (and their students) and at the very least LearnSprout should require an electronic signature so the school employee signing up for the service would consider the gravity of his/her decision before sharing sensitive student data. Paul assured us that he understood our position about the value of the service but respectfully disagreed, and he was committed to improving their “onboarding” process. With that behind us, we started digging into their policies.
We found LearnSprout’s Privacy Policy and Terms of Service to be vague, contradictory, and full of legalese and outdated terms for products and services that the company no longer supported. It was clear to everyone that a lot of work needed to be done. But after several months, a handful of long but congenial conference calls, and dozens of clarifying email discussions, the resulting policies are a vast improvement from where LearnSprout started in September. Paul outlines the comprehensive list in his blogpost http://blog.learnsprout.com/ but highlights include:
- Termination of the “free” service model and an end to “click wrap” agreements. LearnSprout is now a paid service and Paul assures us the “Terms of Service and Privacy Policy are attached as a condition of each new contract.”
- If LearnSprout should go bankrupt, all data in its possession will be deleted in 30 days.
- When the Terms of Service are changed, customers will be notified and must accept the terms in order to continue using the service.
- They post on their website the full data dictionary of what data they store for schools/districts.
- Breach notification within 24 hours of a suspected incident.
- Student’s personally identifiable information will not be used to improve or enhance LearnSprout’s products or services, and will be removed 60 days after the student is not longer enrolled in the school/district.
Paul’s collaborative nature and sincere desire to improve their policies set a great example for other ed tech companies to follow. We still don’t agree with LearnSprout’s business goals but we do believe they are a leader in forging partnerships with parents and advocates to safeguard the data entrusted to them. Our hope is that others will engage in equally civil and productive dialogue.
(Correction: The previous blogpost stated that LearnSprout would “backdoor” SISs. The term “backdoor” was an oversimplified description of the technical process, and was not intended to imply that LearnSprout was accessing student information stored in the SISs in an unauthorized manner.)