(Note: This guest blog is by Larry Kuehn, Retired Director of Research and Technology at the British Columbia Teachers' Federation and a member of the Freedom of Information and Privacy Association of BC. We welcome further discussion about how teachers and their unions are pushing back on this problem. )

The pandemic has surfaced concerns we should have long been attending to, but were mostly ignored. One of those is the dangers to the privacy rights of our students posed by cloud computing in our schools. Moving education online for several months has exacerbated these, and the use of technology will continue to expand, even as students return to physical classrooms.
Now an explosive report shouts for us to pay attention while there is still a chance to address the dangers to privacy. It is called —Gaps Affecting Privacy Protection in British Columbia’s K-12 Education System.” The analysis was done by Matthew Levine for the (FIPA).
Cloud computing is an all-encompassing aspect of much that we do these days. It is the processing and storing of many of our online activities carried out over the internet, all on server farms that hold the data in a few centers globally, with very few of those in Canada. An increasing number of educational activities are carried out digitally, largely on the cloud.
While online activities raise privacy concerns in the digital lives of all of us, privacy should be a particular worry in relationship to children. Privacy is not only a key element of freedom, but key to the development of autonomy as a person. Young people need the space to explore and develop, without the pressure of surveillance that will affect them the rest of their lives.


The FIPA report looks not just at concerns raised by cloud computing, but also details the use and impact of a particular platform—Google Education, used in many B.C. school districts. Google Education includes the familiar gmail, docs, and the like, but also “Google Classroom.” This is a “learning management system” providing for creating an online classroom, exchange of assignments, and maintaining a record on each student as well as facilitating communication with parents.
All these are necessary aspects of teaching, and Google Education apps and Classroom are “free” to cash-strapped school boards. What could possibly be the problem?
In the era of “surveillance capitalism,” the users of a “free” service (our children) are actually the product, producing data that is the basis of the creation of value and economic return. Google is the biggest player in this market. Google promises that it will not use student data to target ads to them, but it does not identify the other uses for the data. The data from hundreds of millions of students around the globe using Google Classroom—it is available in multiple languages—gives Google the largest collection of data on education which can be used to develop future products—data not available to researchers or educators.
That is the big picture concern. The FIPA report also outlines more specific concerns for individual students. BC legislation aims at protecting privacy and includes provisions that personal data not be held on servers outside of Canada. This is protection against invasive access provided by legislation elsewhere, particularly the U.S., where most data are held—although this protection was waived by Ministerial Order during the pandemic. This is a concern not just about Google, but also about the many of educational apps and services that are available—both “free” and for a charge—that could be available in our classrooms. All these services, including Google, have user agreements and privacy statements that claim to inform. However, anyone who had tried to read one will know how difficult it is to make sense of what will actually happen with one’s data.
School districts recognize that many of the practices with education apps and the cloud do not meet the conditions required in privacy legislation. Their approach is to ask parents to sign an authorization that in effect waives the privacy rights of their child.


This is not good enough. When a parent signs an authorization, they are expressing trust in the school system to look after the interests of their child as they use these technologies in the cloud. The system is failing to live up to that trust in many of the practices in using technologies in education. The FIPA report calls for action. The province needs to take responsibility for providing services—it already has infrastructure and expertise that should be available to the education system. The Privacy Commissioner should provide more guidance for the system on complying with the legislation and draw on international expertise available.
School districts should do privacy assessments on all services used, as well as provide training and support to teachers. Above all, they must seek valid, informed and meaningful consent from individuals, i.e. students and guardians, for use of any tools that may compromise privacy.
The protection of privacy is crucial in our increasingly cloud-based education environment.