An Evaluation of Privacy Policies with Five Apps That Can Be Used in a Music Classroom

Last Updated on

This summer, I set a professional development (PD) goal to achieve my International Society for Technology in Education (ISTE) certification. The process includes a two-day workshop, then an eight-week online course, followed by a six-month portfolio. I am currently finishing up the online course. It has been quite a PD journey that I have appreciated as it has made me dive deeper into my own teaching philosophy and practices.

Since I started teaching in 1996, I have been utilizing technology into the elementary music classroom. I love to integrate technology when it is the best tool to use. I also feel that technology is an excellent tool when it can level up your teaching in a way that a traditional tool or method could not achieve. Therefore, when the ISTE activity called for research into the privacy policies and terms of apps that you or your students use in the classroom, I jumped at the chance to do this.

Though I know most of the tools well, I have to admit that I leave the research of the terms of use to our school’s IT. However, as educators, we strive to protect our students daily. This also means knowing how the technology we use in our classrooms is protecting our students’ personal information. I chose to compare the privacy policies of three apps that are meant to give students empowerment as they showcase what they know through digital tools. In addition, I chose to compare the privacy policies of two music creation digital audio workstations (DAW).

To skip the post and see a table of what I have researched, click here.

Credit: Bitmoji

COPPA, FERPA, and More

COPPA

Using tools that collect information such as students’ names or email addresses is tricky when working with elementary students. Therefore, I was looking at their clauses that involved working with students ages 13 and younger. In the U.S., the Children’s Online Privacy Protection Act (COPPA) “is a federal law that applies to online companies and is enforced by the Federal Trade Commission. COPPA requires companies to obtain “verifiable parental consent” before collecting personal information from children under 13 for commercial purposes. Personal information can include traditional personally identifiable information (PII) such as a child’s name or contact information as well as online behavioral data—that is, what a child does online.” (2018) 

In other countries, the policies vary. For example, Canada has similar guidelines but are not enforceable by law. Depending on the European country, the ages vary from 13-16. Europe also adopted the General Data Protection Regulation (GDPR) in 2018, which is a set of rules designed to give EU citizens more control over their personal data. And in China, they take this further by creating the concept of Sensitive Personal Information, which includes geo-location as well as any information about a child, defined as anyone under the age of 14. (Alim, Cardozo, Gebhart, Gullo, & Kalia, 2017; Collins, 2018). 

FERPA

The Family Educational Rights and Privacy Act (FERPA) is a federal law that applies to districts and schools that receive federal funding. Therefore, this does not apply to all schools in all countries. FERPA forbids schools from disclosing student information without parental consent, but there are limitations as it only applies to certain types of student information. In the US, the U.S. Department of Education enforces the law, and therefore, can cut off funding to noncompliant schools. 

SOPIPA, SDTSA, Connecticut’s “An Act Concerning Student Privacy”

The California Student Online Personal Information Protection Act (SOPIPA), the Colorado Student Data Transparency and Security Act (SDTSA), and the Connecticut “An Act Concerning Student Privacy”, take further measures to protect student privacy. SOPIPA protects not only traditional PII, such as name, birthdate and student ID number, but also online behavioral data such as their activity when searching the net. Basically, edtech companies cannot target advertising to students for noneducational purposes. 

The SDTSA is similar but adds statements that require student data to be eliminated when no longer needed for purposes of the contract. They also require that state boards and schools publish the type of data points collected by third-party service providers, including why each data point is collected, how it is used, and why it is shared, on their websites. In addition, there is a clause that teachers and local staff must have training in how to handle student’s local data. Plus, the state must provide schools with sample policies to lessen the workload of the schools.

The Connecticut “An Act Concerning Student Privacy” is similar to SOPIPA and SDTSA but also adds a task force to study student privacy issues and to create resources for local and state boards about contracting services and student data collecting. (Alim, Cardozo, Gebhart, Gullo, & Kalia, 2017).

Digital Portfolio/Student Empowerment/Behavior Management/Communication

I chose to research the privacy policies of Seesaw (web.seesaw.me), Flipgrid (flipgrid.com), and ClassDojo (classdojo.com). Their privacy policies and terms of use are on their websites. I also used the website Common Sense (commonsense.org) to read through their research and ratings of the apps’ privacy policies. Finally, I asked a few professional networks to find out why other music educators use certain apps and if they knew about the apps’ privacy policies.

Seesaw

Credit: web.seesaw.me

Seesaw is a student engagement tool and platform. Teachers empower students by giving them the means to create, reflect, share, and collaborate. Students showcase their knowledge using photos, videos, drawings, text, PDFs, and links. It’s intuitive to get student work in one place and to share with families, all having to be approved by the teacher first.

Seesaw’s privacy policy is thorough. When researching it on their Privacy Center Page found at https://web.seesaw.me/privacy, I quickly found their policy’s outline clear and concise. This site gives you the basic information in easy-to-understand terms. As I kept digging into their policy, I found around seven more links that led me to more details and thorough information about their policies. 

Seesaw is compliant with FERPA, COPPA, GDPR, and the Australian Privacy Act. It does collect and use data limited to the product’s requirements. It does display information that only parents/caregivers of the student can see and must first be approved by the teacher. Seesaw does not own the material it hosts. If you use the free or Seesaw Plus paid versions, once you archive a class, the data will be deleted in 60 days. When you participate in the schoolwide paid version, Seesaw for Schools, the data follows the child as they progress through the grades in the school. If you delete your account, the data within the account will be deleted in 60 days.

Seesaw is hosted and operated in the U.S. and is subject to U.S. law. If your school has the Seesaw for Schools version, your school can choose to host your data in a different supported country. 

When researching further about SOPIPA, I did not find this stated in their policies. However, I did find that they have been compliant with SOPIPA as there are contracts with Seesaw and California based schools found online. As for SDTSA, I did not find any information connecting Seesaw to SDTSA. Finally, with the Connecticut “An Act Concerning Student Privacy”, I found contracts online with Seesaw and Connecticut schools. 

Flipgrid

Credit: flipgrid.com

Flipgrid is a free video discussion platform that empowers students to reflect and answer questions, as well as showcase work in a fun and supportive social learning environment. Teachers create “grids” to encourage video responses and discussions. Each grid is like a message board where teachers can pose questions and discussions, called “topics,” and their students can post video responses that appear in a tiled grid presentation.

Flipgrid’s privacy policy is easy to find at https://legal.flipgrid.com/privacy.html. Flipgrid provides additional links to give a more thorough description of its policy. In addition, there is a basic “Dos and Don’ts” page concerning their privacy policy that makes it intuitive for an educator to understand and follow. Finally, they have a link to a parent consent form so that an educator can easily attach it to an email and send it digitally, or print out to send home with the student.

Flipgrid is compliant with COPPA, FERPA, as well as the 2003 California’s “Shine the Light” law. The “Shine the Light” law (Cal. Civil Code. §§1798.83-1798.84) requires companies to disclose details of the third parties with whom they have shared users’ personal information. Since Flipgrid is owned by Microsoft, they are also compliant with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. (Flipgrid, 2019). Flipgrid holds content for 30 days after an account is deleted. However, they do note that they will retain information to resolve disputes, to enforce their policy, and to comply with the law.

ClassDojo

Credit: classdojo.com

ClassDojo originally started as a behavior tool for teachers to track and communicate students’ behaviors. As the years progressed, so did the app. It now has a messaging tool to communicate with the parents, a Student Stories portfolio for students to showcase their work, and mindfulness videos for students to learn about empathy. 

ClassDojo’s privacy policy is located at https://www.classdojo.com/privacy/#classdojo-privacy-policy. From there, I found several more links that thoroughly explain their policies. They also include a video explaining their terms of agreement.

ClassDojo is compliant with COPPA, FERPA, GDPR, SOPIPA, is certified by TRUSTe, and has been granted the iKeepSafe COPPA Safe Harbor seal. This seal signifies that their website and apps have been reviewed and approved for having policies and practices surrounding the collection, use, maintenance and disclosure of personal information from children consistent with the iKeepSafe COPPA Safe Harbor program guidelines. (ClassDojo, 2019). Finally, ClassDojo specifically addresses Do Not Track (DNT) signals. Due to the behavior component with ClassDojo, they do not track its users over time and across third-party websites to provide. (ClassDojo, 2019).

ClassDojo does not own your data and will never sell your personal information to third parties. They will only share personal information to selected third parties that are necessary to develop their services. In addition, they will delete inactive accounts after one year. Since behavior points are a big feature, ClassDojo states that the feedback points awarded in schools will expire after one year. If the account is deleted by the teacher, then the award points are deleted as well. They do note that some content will be kept until they have direction from the school, as being compliant with FERPA. 

What Does This All Mean to You?

Credit: Bitmoji

Permissions

Basically, all three apps are compliant with the U.S. COPPA and FERPA acts. They all state that students under the age of 13 need parental permission to use their apps in school. This is achieved by having the parent sign a form to hand in. Or, having the parent sign a school policy that allows their children to use the apps listed on their website. This is commonly referred to as “school consent” and allows the teacher to set up the account on the student’s behalf. However a school chooses to do so, they must obtain permission from the parent.

If you choose to use Seesaw, Flipgrid, or ClassDojo in your personal classroom, you must go to the administration and ask their permission for use of the app in the classroom. If they approve, then you must find out if the parents have signed a “school consent” policy where you can immediately begin using the app, or if you need to personally get each parent’s written permission. 

Loopholes

There have been numerous articles about the concerns of students’ privacy being compromised by using these apps. Back in 2014, ClassDojo was in the news due to concerns that the behavior points assigned to a student could be shared with their secondary schools or colleges and hurt their chances of attending a school of their choice. (Singer, 2014). In addition, a report put out by the Electronic Frontier Foundation titled, Spying on Students – School-Issued Devices and Student Privacy, finds loopholes in the US acts that the edtech companies state they comply. For example, FERPA is a federal law for schools that receive federal funding. If a school does not receive federal funding, then they do not have to comply with this law.

In addition, schools can declare the edtech company as a “school official” to bypass directly acquiring parents permission for their child to use the app in school. However, FERPA states explicitly when a school can declare an edtech company a “school official.” COPPA has the school determining whether the edtech company is going to use the student’s information for its own commercial purposes in addition to the provision of services to the school. If so, then the company must directly acquire direct consent from the parent. However, the school must research, discuss, and ask themselves questions about the purpose of the educational technology before contracting with the company to use their edtech in the classrooms. (Alim, Cardozo, Gebhart, Gullo, & Kalia, 2017).

Commonsense.org

As an educator, when you are questioning an edtech app, Common Sense (commonsense.org) has researched and rated many apps, as well as evaluated their privacy policies. This is located at https://privacy.commonsense.org/. This is a great place to begin. For example, Seesaw scored a 66 for their privacy policy. Flipgrid a 50 and ClassDojo a 70. Common Sense will break down their evaluation into four categories: Safety, Privacy, Security, and Compliance. They help you understand the numerous pages of policies that each app’s website provides. 

Finally, do the research. Check the ratings of the app. Read their privacy policies. Ask your administration if you can use it with your students. Tell them why it would level up the learning in your classroom. If they say yes, protect yourself by checking the permissions needed for students to use the educational technology in your classroom.

Digital Audio Workstations (DAW)

The next two apps’ privacy policies that I researched were the educational versions of Soundtrap (soundtrap.com) and BandLab (bandlab.com). Soundtrap and BandLab are Digital Audio Workstations (DAW) that allow users to create and make music online using various devices. Both have educational versions that are ideal to use in a classroom.

Soundtrap

Credit: soundtrap.com

Soundtrap’s educational version is a paid app that allows students to collaborate and make music in real time. Students can invite other students who have the educational version of Soundtrap to make music together while also texting and video chatting about how to improve their music. The educational version is controlled by an admin account (usually the teacher in the classroom), who monitors all activity as it occurs.

Soundtrap’s privacy policy is simple to find at https://www.soundtrap.com/public/legal/privacy_policy.pdf. It includes the free version as well as the paid educational version. Soundtrap’s paid educational version is COPPA, GDPR, and FERPA compliant. The free version of Soundtrap does not approve those persons under the age of 13 to use the free version. They must be a part of the educational version with a walled garden so that their privacy is protected. For user’s safety, students cannot upload their pictures. 

If a parent requests that their child’s student account needs to be deleted, Soundtrap will immediately delete it from their live database. However, they are quick to point out that if personal information was included in one of their recordings, this “may be collected and used by parties other than us and may result in unsolicited messages from other parties.” If this happens, Soundtrap is to be contacted as soon as possible with as much information so that they can locate the recording and delete it. Finally, they address that if a student was to record any personal information and Soundtrap is notified about this, they can “ (a) delete any personal information we discover or which is brought to our attention, at any time, for any reason whatsoever; (b) immediately terminate your account and/or (c) contact your parents regarding the recording.”

BandLab

Credit: bandlab.com

BandLab has a similar free educational DAW version, but currently, students cannot collaborate in real time. It requires them to collaborate by saving new revisions. BandLab for Education’s privacy policy is separate from their non-educational version and can be found at https://blog.bandlab.com/edu-privacy-policy/. Their policy reads that it is compliant with “applicable law (including but not limited to FERPA)” as well a COPPA and GDPR. They also state that they provide the user with a COPPA consent form for parents. Unfortunately, this currently leads to an inactive link. If you want to delete a student’s account, the policy reads that teh account will be deleted, but there might be content still viewable in the archives unless you contact BandLab to permanently delete them. BandLab does allow photos of the user (according to “Profile Information 2.3) and does not address information about recordings that could contain personal information.

Soundtrap and BandLab have an added concern in their privacy policies as they are both tools where students can collaborate online to make music. They are a sort of Google Docs merged with an online music-making tool. In addition, the fact that the students can share personal information by recording themselves talking, singing, rapping, etc., brings to light another level of security. Soundtrap addresses this possibility in their privacy policy and how to combat it if it occurs. BandLab does not appear to address this possibility in its privacy policy.

Both apps are compliant with COPPA, GDPR, and FERPA laws. Both provide separate versions for education. They both address that if students are ages 13 and under, they must use the educational versions. I also noticed that students could accidentally set up a non-educational account by using their personal google emails or social media accounts. Even students ages 13 and under have access to these items, even if they are not supposed to due to social media requiring children to be 13+ to create an account. For this reason, I find it better to use these apps through a learning management tool like Music First (musicfirst.com). MusicFirst creates a safewall where the students login through Music First’s Learning Management System. Therefore, they cannot accidentally access the same app through their own social media accounts or personal email addresses during school. 

What I Learned…

Credit: Bitmoji

If you stuck with me throughout this blog post, I appreciate it greatly. I now have more respect for the IT crew at my school, and I already respect them highly. They are the ones responsible for studying and researching all of these apps’ privacy policies. There is a variety of jargon in these apps and they must interpret them and decide if they should be used in the classroom. In addition, they have to choose the best way to obtain permissions that are transparent and accurate. However, I feel that the educators using edtech in their classrooms should also have a good knowledge of the privacy policies. Knowing these policies better protects their students. As educators, it is our job to protect our students. We do this every day in our classrooms by making sure we are accommodating their learning and safety needs. We should also be protecting their privacy. 

Finally, I like that Colorado and Connecticut have additional acts that require states to train teachers in this area. If more teachers understood the privacy policies, they might be more in tune with why the ISTE student and educator standards are so important and pertinent to the 21st-century classroom. By understanding the policies to protect students, educators can address the following ISTE student standards: 2b (Students engage in positive, safe, legal and ethical behavior when using technology, including social interactions online or when using networked devices.) and 2d (Students manage their personal data to maintain digital privacy and security and are aware of data-collection technology used to track their navigation online.).

They would make students aware of how information about them can easily be shared and the consequences of that. They would also show students the importance of understanding COPPA, FERPA, and others, how those laws protect students, and how they also include loopholes that could potentially cause their information to become unprotected. The students will learn that they are in charge of their futures.

In addition, they must speak up and change privacy policies for the better because their and future students’ information is decidedly more important than the profit made by selling information to advertisers. In the past, I have made students very aware of the importance of a musician’s copyright over their music. I am now going to include teaching them the importance of their privacy, safety, and digital footprint, especially when using cloud-based collaboration tools.

Table of Reference

Resources

Alim, F., Cardozo, N., Gebhart, G., Gullo, K., & Kalia, A. (2017). Spying on Students SCHOOL-ISSUED DEVICES AND STUDENT PRIVACY(Rep.). ELECTRONIC FRONTIER FOUNDATION.

BandLab Technologies. (2019). BandLab for Education – Privacy Policy. Retrieved August 21, 2019, from https://blog.bandlab.com/edu-privacy-policy/

Children’s Online Privacy Protection Rule: A Six-Step Compliance Plan for Your Business. (2018, November 02). Retrieved August 21, 2019, from https://www.ftc.gov/tips-advice/business-center/guidance/childrens-online-privacy-protection-rule-six-step-compliance

ClassDojo. (2019). Privacy Policy. Retrieved August 21, 2019, from https://www.classdojo.com/privacy/#classdojo-privacy-policy

ClassDojo. (2019). Privacy Policy and Terms of Service Key Terms. Retrieved August 21, 2019, from https://classdojo.zendesk.com/hc/en-us/articles/115004741703#BehaviorallyTargetedAdvertising

Collins, D. (2018, June 23). Are the new kids’ data privacy laws in China similar to COPPA and GDPR-K? Retrieved August 21, 2019, from https://www.quora.com/Are-the-new-kids-data-privacy-laws-in-China-similar-to-COPPA-and-GDPR-K

Common Sense. (n.d.). Common Sense Privacy Evaluation Program. Retrieved August 21, 2019, from https://privacy.commonsense.org/

Flipgrid. (2019). Flipgrid. Ignite Classroom Discussion. Retrieved August 21, 2019, from https://legal.flipgrid.com/privacy.html

ISTE. (2016). ISTE Standards for Educators. Retrieved August 21, 2019, from https://www.iste.org/standards/for-educators

ISTE. (2016). ISTE Standards for Students. Retrieved 2019, from https://www.iste.org/standards/for-students

Seesaw. (2019). Privacy Center. Retrieved August 21, 2019, from https://web.seesaw.me/privacy

Singer, N. (2014, November 16). Privacy Concerns for ClassDojo and Other Tracking Apps for Schoolchildren. Retrieved August 21, 2019, from https://www.nytimes.com/2014/11/17/technology/privacy-concerns-for-classdojo-and-other-tracking-apps-for-schoolchildren.html?emc=edit_tnt_20141117&nlid&_r=0&fbclid=IwAR3QTSvvVdhdRp4BhgUVxPlqpioYbTRH-ydfuEH_8GgBtvvdbXipklwwzX8
Spotify, 2019. (n.d.). Soundtrap® Privacy Policy(Policy).

Print Friendly, PDF & Email