N. Cameron Russell, Joel R. Reidenberg, Elizabeth Martin, and Thomas B. Norton
Student lists are commercially available for purchase on the basis of ethnicity, affluence, religion, lifestyle, awkwardness, and even a perceived or predicted need for family planning services. This study seeks to provide an understanding of the commercial marketplace for student data and the interaction with privacy law. Over several years, Fordham CLIP reviewed publicly-available sources, made public records requests to educational institutions, and collected marketing materials received by high school students. The study uncovered and documents an overall lack of transparency in the student information commercial marketplace and an absence of law to protect student information.
Alice E. Marwick and Ross Miller
This interdisciplinary project focused on online speech directed at women and seeks to provide a primer on (i) what legal remedies, if any, are available for victims of sexist, misogynist, or harassing online speech, and (ii) if such legal remedies and procedures exist, whether practical hurdles stand in the way of victims’ abilities to stop harassing or defamatory behavior and to obtain legal relief. The study concluded that while online harassment and hateful speech is a significant problem, there are few legal remedies for victims. This is partly due to issues of jurisdiction and anonymity, partly due to the protection of internet speech under the First Amendment, and partly due to the lack of expertise and resources on online speech at various levels of law enforcement. Given this landscape, the problem of online harassment and hateful speech is unlikely to be solved solely by victims using existing laws; law should be utilized in combination with other practical solutions.
Joel Reidenberg, N. Cameron Russell, Jordan Kovnot, Thomas B. Norton, Ryan Cloutier, and Daniela Alvarado
Today, data driven decision-making is at the center of educational policy debates in the United States. School districts are increasingly turning to rapidly evolving technologies and cloud computing to satisfy their educational objectives and take advantage of new opportunities for cost savings, flexibility, and always-available service among others. As public schools in the United States rapidly adopt cloud-computing services, and consequently transfer increasing quantities of student information to third-party providers, privacy issues become more salient and contentious. The protection of student privacy in the context of cloud computing is generally unknown both to the public and to policy-makers. This study thus focuses on K-12 public education and examines how school districts address privacy when they transfer student information to cloud computing service providers. The goals of the study are threefold: first, to provide a national picture of cloud computing in public schools; second, to assess how public schools address their statutory obligations as well as generally accepted privacy principles in their cloud service agreements; and, third, to make recommendations based on the findings to improve the protection of student privacy in the context of cloud computing. Fordham CLIP selected a national sample of school districts including large, medium and small school systems from every geographic region of the country. Using state open public record laws, Fordham CLIP requested from each selected district all of the district’s cloud service agreements, notices to parents, and computer use policies for teachers. All of the materials were then coded against a checklist of legal obligations and privacy norms. The purpose for this coding was to enable a general assessment and was not designed to provide a compliance audit of any school district nor of any particular vendor.
Joel Reidenberg, Robert Gellman, Jamela Debelak, Adam Elewa, and Nancy Liu
When a natural disaster occurs, government agencies, humanitarian organizations, private companies, volunteers, and others collect information about missing persons to aid the search effort. Often this processing of information about missing persons exacerbates the complexities and uncertainties of privacy rules. This report offers a road map to the legal and policy issues surrounding privacy and missing persons following natural disasters. The report first identifies the privacy challenges in the disaster context and provides some recent examples that demonstrate how disaster relief information sharing raises unique privacy concerns and issues. It then outlines current missing persons information sharing activities in the context of disaster relief work and discusses how those information systems strike different balances between privacy and ease of use. The report then proceeds to identify some key legal privacy issues and examines in detail how these legal requirements apply to missing persons organizations and what interpretative challenges privacy rules present. For the analysis, this report focuses on privacy law in the European Union and the United States because these jurisdictions serve as important examples of privacy regulation around the globe. The report offers a general analysis rather than a detailed assessment of any particular activity that would depend on the application of the law of a specific jurisdiction. The report concludes with a set of options and strategies that organizations and policy makers involved in missing persons activities and in privacy could pursue to help address some of the privacy concerns.