An eye-opening new study out of Fordham Law’s Center on Law and Information Privacy finds that state educational databases are lacking when it comes to protecting the personal information of K-12 children. Some states hand off the storage of this information to outside firms and do so without any restrictions on use or confidentiality for the children’s information, the study found.

The information on children collected in these electronic data warehouses includes matters related to teen pregnancies, mental health and juvenile crime; the report says that this information is often stored in a manner that “violates federal privacy mandates,” the study says.

From the report’s summary:

“Some striking examples are that at least 32% of the states warehouse children’s social security numbers, at least 22% of the states record children’s pregnancies, at least 46% of the states track mental health, illness, and jail sentences as part of the children’s educational records, and almost all states with known programs collect family wealth indicators.”

The study isn’t all finger pointing, it also outlines several critical recommendations to help increase the privacy, transparency and accountability of these databases. The study comes just as Congress is considering expanding and integrating the data collection process among the 43 states that currently collect this type of information on K-12 children.

Recently, CDT’s Adam Rosenberg authored a guest blog post for Wired.com’s GeekDad blog, a parenting blog for tech-savvy parents. The post is the first in what will be a series of “how-tos” on raising an Internet savvy child and discusses some of the issues parents confront when setting up a child’s first email address. CDT has been outspoken about the importance of child safety online and it’s clear that the tips for keeping children safe could apply to adults as well. The blog post is a timely, informative read and comes a few days after a great New York Times piece on guarding your kids online. Thanks to WIRED for the opportunity.

CDT and TRUSTe recently hosted “Social Networking: The Challenges of Privacy and Openness,” a discussion in their continuing Internet Policy Series. A five-minute video recapping the highlights of the event can be found here.

Held on the Google Campus in Mountain View, CA, on Oct. 7, the discussion was moderated by Fred Vogelstein of Wired Magazine and included a potent lineup of speakers: Chris Conley, Technology and Civil Liberties Fellow at ACLU Northern California; David Glazer, Engineering Director at Google and Board member of OpenSocial Foundation; and Tim Sparapani, Director of Public Policy at Facebook.

The speakers discussed the tensions that exist between privacy and openness in a social networking environment that is primarily intended for people to share information.

The discussion touched on trust between users and social networking sites, new definitions of privacy in the social networking world, the continuing evolution of users’ privacy expectations, and the limitations of giving users granular control of their personal information.

I had the honor of participating in my first Oxford-style debate at The Economist’s Media Convergence Forum in New York City on Wednesday. The proposition before us was: Consumers have more to gain than lose from sharing personal information. Dave Morgan, Chief Executive Officer of Simulmedia joined me on the ‘Con’ side of the debate. Matthew Wise, President and CEO of Q Interactive and Jeff Jarvis, author of “What would Google do?’ and the Buzz Machine Blog led the pro side.

Before the debate started the audience was polled and voted 75% to 25% in favor of the proposition. I was not surprised considering that many attendees of the conference were new media marketers. Clearly, Dave and I had our work cut out for us.

Jeff and Matt gave a spirited argument that sharing information was good for business and good for those consumers who willingly chose to share their data. Dave and I responded that we agree that, if users did control their data today, they might be better off choosing to share it, unfortunately, law, technology and corporate policy are often at odds today with providing users anything resembling control. Obviously, I’m vastly summarizing all arguments here, but this gives you a taste.

In the end, there was a revote that went 42% to 58% opposed to the proposition.

A lot of things account for the change of heart of the crowd. First and foremost, Dave Morgan was clearly a good partner as a veteran and well-respected leader in the online behavioral targeting industry who believes that we can have both targeted ads and privacy. Second, I believe that most industry players understand that the Web 2.0 world demands that individuals be granted greater control be given over their information. They know that we have simply outgrown of the 1980s direct marketing world that says that the company owns the consumer’s data.

When presented a coherent argument that is pro-advertising and pro-privacy, even those who earn their money as advertisers but don’t represent the industry in policy debates are willing to support it.

Recently Syracuse University, my alma mater, took steps to increase campus security by installing a video-surveillance system in all entrances and exits of residence halls and one academic building. This took two years of planning for the 168 new cameras being installed on campus, but it is unclear how the University is ensuring the privacy of students as they begin to monitor the campus over video.

When implementing a video surveillance system of this scale, people often forget that it’s not just the “bad guys” and criminals that end up on the tape, it’s every person walking through the building. Every day, these tapes will archive the movements of thousands of students, faculty and staff members at the university, most of which will never be involved in a crime.

Students may worry that “big brother” is watching them even as they go about the mundane details of their day, moving in and out of their buildings, but they should also be aware of data retention issues associated with this system and demand answers and that appropriate privacy policies be put in place. Before they are surveilled, students need to know how long the tapes are kept if no crime is involved, what steps are taken to prevent theft of the footage, and who has access to the footage for what purposes. Will the footage be used only for criminal investigations, or will the scope of the project creep as new groups want to use it?

The issues surrounding the surveillance project become less about whether or not students are safer on campus and more about students taking back the right to their privacy by being able to protect themselves and their identities from unwarranted third party involvement. The more hands a student’s information or image passes through, the more this project grows in scope.

With the allure of all of this information, suddenly it’s not just public safety viewing the images, it’s also the health office or the student judiciary office or the scholarship office. Without clear guidelines noting who can or cannot access these videos, students have essentially given the school a blank check on their privacy rights – with no limit on who can access their information.
(more…)

Digital signage media – video displays on screens ranging from TV-sized monitors in stores to roadside billboards – is maturing into an offline version of behavioral advertising. What effect will this have on consumers’ expectation of privacy in public spaces?

Recently, in the UK, a fresh example arose of the growing conflict between these digital signs and privacy laws. Castrol, the maker of motor oil, launched an advertising pilot in which roadside cameras scanned the license plates of passing cars and then digital billboards displayed the license numbers along with the grade of motor oil Castrol recommends for that type of car. The system was able to discern the make and model of each vehicle by running the license number through a database, containing the personal information of tens of millions of drivers, purchased from the British equivalent of the Department of Motor Vehicles.
(more…)

Earlier today, Judge Denny Chin approved an aggressive schedule for the parties in the Google Books lawsuit to submit an amended settlement agreement. Michael Boni, speaking for all parties, indicated that the parties have been hard at work since the Department of Justice raised concerns about the original settlement (arrived at after years of negotiation), and that a revised settlement will be ready in early November. Judge Chin consequently set a deadline of November 9. While no other court dates were set, the parties did indicate that the deadline for rightsholders to claim their copyright interest in works that Google has scanned would be extended from January 5, 2010 to June 5, 2010.

Boni argued that extensive additional notice to the class of rightsholders will not be necessary, as the amendments will all benefit the class. Based on this, he asserted the parties’ desire to have a final fairness hearing—formerly scheduled for today—in late December or early January. It will be interesting to see if Judge Chin agrees upon seeing the revised settlement, especially since much of the commentary on the settlement, including that of the DOJ, has raised questions about the adequacy of the prior notice to the class members, given the sheer size of the class.
(more…)

Recently, CDT’s Harley Geiger wrote a guest blog post for Business 2.0 Press discussing new developments in digital signage and behavioral advertising in the wake of the online advertising study released last week.
Check it out and let us know what you think. Thanks again to Business 2.0 Press for the opportunity.

CDT, EFF, and other commenters on the Google Books settlement sent a letter to Google’s lawyers yesterday asking the company to reconsider the privacy protections it will build into Google Books, taking advantage of the last-minute extension in the case. Google and the authors and publishers who sued the company are currently renegotiating the proposed settlement in order to resolve concerns raised by the Department of Justice last month [http://thepublicindex.org/docs/letters/usa.pdf].

CDT filed a brief on the original settlement, arguing that it should be approved, but recommending that strong, enforceable privacy safeguards be put in place. Yesterday’s letter asks that Google reconsider our recommendations, and similar ones from other advocates, in light of the extension. Google took some good steps in a privacy policy posted last month, but those commitments are incomplete and not adequately enforceable by the Court. Now that the deadline has been lifted, Google has the chance to make stronger commitments to reader privacy that the Court will have the authority to enforce.

The delay, while certainly a blow to the progress of the settlement, provides an opportunity to improve it. While the Justice Department’s concerns the parties are currently addressing did not include reader privacy, the lack of adequate safeguards nonetheless remains a problem—one that, given CDT’s brief and those of the other signers of today’s letter, Google is certainly aware of and has the resources to address. In light of the scrutiny the settlement has received and the recent setback, Google would do well to improve the settlement in all the ways it can. Protecting reader privacy should be an easy one.

For those of you in the Bay Area, CDT and TRUSTe are cohosting a lunch discussion as part of their TechPolicy Series. Today’s discussion is “Social Networking – The Challenges of Privacy and Openness” and will focus on how the growth of sharing and connecting on the web is impacted by the need for privacy protections for users. Event details are below:

Wednesday, October 7th
12:00 PM – 1:30 PM
Google Campus, Kiev Training Room, Building 40
1600 Amphitheatre Pkwy
Mountainview, CA

Speakers:
-Chris Conley, Technology and Civil Liberties Fellow, ACLU Northern California
-David Glazer, Engineering Director, Google, and Board member, OpenSocial Foundation
-Hemanshu Nigam, Chief Security Officer, MySpace
-Tim Sparapani, Director, Public Policy, Facebook

Moderated by Fred Vogelstein of Wired Magazine

More information on the event is available here and the event will be live tweeted by @CDT_LIVE with the hashtag #netpolicy.

The event also has a dial-in number:
REMOTE CALL-IN INFORMATION:

US Dial in: 866.457.4646
Global Dial in: 617.224.4646
Participant Passcode: 51458039