In the growing hubbub around student data privacy and security, it can be hard for edtech companies to identify concrete steps to demonstrate their commitment to protecting student information. But last week, Clever made a commitment to transparency by making their privacy policies open source, posting the policy on GitHub so anyone can track changes.
For Clever, the move to post its privacy policy on GitHub was prompted by conversations with edtech privacy advocate Bill Fitzgerald, who has pointed out flawed and vague policies of several edtech companies on his blog, FunnyMonkey. “When the AFT announced that ShareMyLesson integrated with Clever, I asked some questions about what this meant for teachers and their data, as information was going from one entity to another,” Fitzgerald tells EdSurge. Fitzgerald’s questions led the startup to realize that it needed to explain its terms in much clearer language. “It was boilerplate language, and we wanted to raise the bar,” explains Clever co-founder Dan Carroll.
Open sourcing its privacy policy prompted the Clever team to make several changes to the terms. The revised version, which Fitzgerald lauds as “significant improvements,” strengthen the policies around notifying schools in the case of transferring student information as a result of a merger or acquisition. “If Clever becomes part of another company, we don’t ever want the Clever data to be separated from the Clever service,” explains Carroll.
“The most important thing around privacy policy is to be transparent--they exist so you can express clearly your intentions and your practices,” says Carroll. “You can say you’re going to be transparent, but when you make [your privacy policy] open source, [that step] enforces it.”
Fitzgerald agrees. “The ability to get an annotated changelog of how policies evolve--this adds a layer of transparency that has never existed in the privacy policy world before.”
Carroll hopes the move will encourage educators and parents to reach out to Clever about its privacy policy. “Before, if you didn’t like the terms, you could write a blog post or tweet at us, but those are fragmented conversations,” he says. “Now, it’s a public forum. It enables us to get feedback and respond to it.” As he sees it, open source policies can change the way individuals engage with student data privacy. “People often only look to privacy when there’s a problem,” says Carroll. “With friendly language that you can actually comment on, we want people to look at it proactively.”
Carroll also hopes publishing Clever’s privacy policy on GitHub will encourage other companies to do the same, and to borrow clear language from each other’s policies. “Making this public and open source legitimizes a practice that’s happened for a long time--sharing and borrowing and developing on top of each other,” he explains. “For an edtech company starting tomorrow, we would encourage them to use Clever’s policy as a basis for what they’re doing: borrow our terms, as long as you also put them in practice.”
Several other companies have also taken recent steps to make privacy policy changes public. After Twitter conversations calling for clearer privacy terms, LearnSprout has uploaded their privacy policy to GitHub. Kickboard has committed to posting notifications about changes to its privacy policy on its site.
Carroll warns that open sourcing terms is no panacea for the issues around protecting student data privacy. “This is not going to solve the problem--we need to change our policies, our practices,” he explains. “But this can make the problem more visible and more tangible.”
Carroll and Fitzgerald both urge all edtech companies--and companies outside of edtech--to take the time to be transparent about how they handle consumer data. And how much time will it actually take to open source your privacy policy? “It can be done within half an hour,” assures Fitzgerald. “And that includes time to make a sandwich.”