Privacy and Education

 TL;DR: I think there is a fundamental flaw to think that your data is your data. Regardless of how much the law tries to close loopholes. Your data is not yours. Unless you are willing to host it yourself, not only do you pay with your data when you are on a free service, you pay with your data even when you dish out the paper. Free is not free.

# Let us begin

I want to make it clear that we all want to ensure we protect our data not only for ourselves but those we are responsible for. Our data is the very thing that tells us about ourselves, in digital format. We want to believe that we do our best to protect that data and that the institutions where we do business do the same. I don't think that is always the case.

There was an event I went to recently. One of the talks was about AI. Mostly dealt with some things we don't consider. The biases of the data training the AI, the cost of the AI as we use it, how to properly use it to evaluate work. It also touched on privacy. Is my data being used to train it. The room was with some educators and some IT folks, talking about different use cases and questions about how this would work out. The biggest thing for me was the data privacy. In the education space there are a lot of rules in regards to student privacy. There are rules that govern what types of apps that can be used with students to ensure that student data is not used. Some states even have additional rules that are built on top of federal ones to enhance what the federal ones might miss. However, I think we have to be honest with ourselves to think that there are not ways around this from the company end.

# Breadcrumbs

For any service you use there are terms of service. In those it lays out what can and can't be used and how data is used. Of course in the education front the short of it is, they can use data that is identifiable or used to tailor lets say ads. There is more that is the gist. You want to protect as much as possible. However, if a problem arises with a user account or a service, the data being collected can be used to determine the cause and the fix. That is the loophole. Even if the data is kept in a way that does not identify the person. The behaviors of that user are still collected for troubleshooting or enhancing the service, which can still identify the who. This my friend is the problem. Take for example Google workspace for education, a free service that is provide to schools for free to ensure email and cloud storage. Pair that with chromebooks and google classroom and a school has a amazing platform for teaching. All covered legally to use. However, the amount of data that is store at google even if they comply with all the laws, does not mean that data can not be used to identify how or what you are. From the moment a student gets there account is created, the breadcrumbs of that behavior is traced from as young as Kindergarten all they way though high school and even college. Even if the data is not identifiable, the patterns of usage are there. That is not the only problem, some laws and companies give themselves flexibility that if the student users there account on a third party site, they are not responsible. So once they go a bit over that fence there data is no longer there's or the schools. Even if you have a very lock down system, the data moves, terms of service change and an app that was compliant might not be anymore. Is there audits when a service no longer meets those laws criteria and no longer can be used by the school. No, how do you confirm that once you leave that data is erase. A company can easily say, we have to ensure we keep for x amount of years for legal purposes or to enhance our service during that time. That data is valuable to make the experience better. However, those breadcrumbs of behavior can easily be trace back to a user on a different account to say these 2 people are the same. Those breadcrumbs of what was clicked, when it was clicked, can be matched by machine learning to say oh I think this person is this person. Its those crumbs that stick around that follow a person into adulthood. You can not get away from that. You need those breadcrumbs to ensure the service works as intended, to find issues and to help the user when needed. The dark side to that is we know who you are.

# What can be done?

That is a question. I am not sure if people can really answer that and be honest about there data. As adults themselves give up a lot of there data willingly for free. We all have a gmail. Bam they track your every move. Have a android phone, we know where you go, you use a credit card, we know what your shopping pattern and we know when you are out of something. Same for apple regardless of how much they push the privacy. Its still the same. Even as adults and security folks if you use any service out there, the data you give about yourself is self evident. You give it up willingly without a second thought. If we do it as adults, how do you expect to protect that data for the young ones. I think the best thing that needs to be said is people just need to understand what they are doing and what is being given up. This is not a call to stop using those services. They are great tools, they help with our everyday lives, work and education. This is a call to say, be aware your data is not your data. That you should push more so to find out how it is being used and willingly be okay to be inconvenienced to have stricter rules in place. That is really the thought here. If you are wanting to have these conversations, but not be inconvenienced, then what's the point in having it. The talk about privacy or ethics in tech is not just about oh look at this bad thing, its about are you willing to also be inconvenienced for the solution. If you use google drive and google drive is said to use X amount of fossil fuel for energy a year. You are concerned about climate change. Are you willing to stop using it? Are you willing to stop using that service. Are you willing to selfhost? Or are you willing to say, maybe the amount I use of it, I will do less and store my data at a place that cost me for my concerns on climate. If people are super concern about privacy the solution is simple. Host your own data. The amount of that would bankrupt most people or is not feasible. So you give up a little bit about yourself, to have a place. Acknowledge you are making a sacrifice and your potential views and data.

# The end

Your data is not your data if you use any service that you do not run. Free is not free, you pay in some way shape or form even if its not a monetary physical value of funds being passed. However, my piece is simply we need a better grasp as to what we consider privacy of data. Your data is not as private as you think you believe in regardless of the industry you are in.