Schools should take note of how they use social media. The following trends are very concerning.
1. TikTok used as a primary online communication tool by schools.
This week one of Australia’s leading school cyber safety experts, Susan McLean, on the Today Show again continued to support the removal of TikTok in Australia, following on from the U.S, European Commission and Canadian government employee bans, and the potential for a nationwide ban in the US. Her concern is heightened by the fact that more and more schools are choosing TikTok as a primary online communication and promotion tool to students and families.
2. Social media links posted all over school websites
In a recent Forbes article, the author requested companies generally check what links, access, or otherwise “invitations” they had to social media platforms via their websites as she believed this could violate their own privacy policies and standards given the concerning nature of how these platforms consume and use personal data, and possible tracking and surveillance. Schools have these links all over their websites.
given the litigious nature of technology right now, I think it’s a huge risk that a brand is taking. It may only be a matter of time before a well-intentioned state attorney general decides to go after retailers, brands and other companies that encourage and invite their customers to join them on these platforms without some kind of disclosure or warning. Not to mention unscrupulous legal types who prey upon the uninformed and could hang around legal loopholes on data privacy like raccoons by a dumpster.
She suggests: Have you read your policy and any social media platform user agreements side by side? Perhaps you should give it another review.
3. Social media logins used by schools to authenticate user access to internal portals and applications.
In fact, some large brands are now removing social logins from their websites altogether after years of reputational issues, stagnant user growth and consumer data security concerns. Unfortunately, this continues to be a growing trend at schools.
Sticking your head in the sand is not a data protection strategy
Add the above concerning trends to findings from a data ethics study of schools and districts in the United States (across a novel data set of 18 million Facebook posts) that showed an excessive increase in student data being shared on social media by schools, and we must come to the conclusion there is a major student data leakage problem in schools around the world that cannot be ignored.
The simple fact is that if an individual can be identified by a photo, data protection legislation must apply, and the right of the individual in an image and the use of their photographs must always be respected.
For schools in particular, social media use is at odds with their privacy policy.
Back in 2019 pixevety’s Chief Marketing Officer wrote a piece on LinkedIn warning school marketers about using social media channels so heavily, and to be mindful of protecting the privacy of students and families.
Make sure your school has the right level of insight to ensure any risks of harm are low for all your students.
Overnight, however, it felt like schools gave away access of student data to global third-party social media platforms designed for adult use, not to protect children.
This can be solved and quickly
It’s never too late to start protecting the privacy of children, and schools need to stop waiting for “something bad to happen” and start doing before it’s too late.
- Stop using TikTok as a channel for school communication when there is so much uncertainty around potential risks to children and families. Your community will understand, support and respect you if you are clear around why you have chosen not to use this channel anymore.
- Remove general social media links from your websites to stop the threat of data misuse, surveillance, and tracking. Unless you’re living under a rock, everyone knows schools have Facebook, Twitter, or Instagram pages. Most parents will go direct to those channels to find you if they’re interested in communicating with you in that way. You don’t need to publicise them on your websites anymore.
- In this era of cybersecurity mania, its just common sense to ask schools to stop using social logins, social sign-ins or social sign-ons for authentication in any way to gain access to internal school systems.
Schools must spend time now conducting their own due diligence on how they use social media, what contracts they have in place, and the “what, why and how” student personal data is being stored and shared with such global third-party channels.
Schools should also seek out Privacy-by-Design (PbD) technology solutions that are now readily available in the market to better address student and staff data protection requirements before sharing, publishing, or simply “giving away” personal data externally. PbD solutions guarantee that privacy features are built-in from day one, versus added on later as an afterthought.
For example, by using our PbD media management platform, schools have now realised that without it in this digital age, the protection of thousands of student images captured each year at school, the real-time execution of consent against those images, and the application of safer sharing practices by staff and members is simply MISSION IMPOSSIBLE!
Make the change today!
It is essential that schools start to explore ways to build stronger school communities where trust, privacy, and respect matter given their main audience is children. Providing staff, parents, and students with access to PbD and eSafety-driven technology tools gives that community greater control, access, and choice – a win-win situation all round I say!
pixevety, as a privacy-by-design media solution for schools, ensures every decision made regarding product feature inclusion is always centred on risk and the protection of children.
We made tough commercial decisions early on to support compliance of our clients and decided not to enable “interoperability” features with social media platforms – a highly requested feature by schools – to protect school data. Yes, we understood this might make life a little harder for staff when they want to sign-in using a Facebook login and share photos directly from our platform to say Facebook (because you can’t just hit a Share button to send photos direct to your school’s Instagram page), but we also knew we couldn’t deliver on our privacy data protection promise if we did provide this feature. As a result, staff must store and filter student photos by permissions on pixevety, and make active conscious decisions to share before “giving them away” to the internet. We made this decision because the potential harm in offering such a feature far outweighed the “perceived” benefits. You cannot tell me that PbD engineering will ever be fully baked into social media platforms – it simply goes against their own commercial interests.
Don’t tick any old box, tick the right box
With cybersecurity threats and incidences growing, the protection of children’s data is even more critical right now, especially when photo sharing.
The eSafety Commission’s eSafety Toolkit for Schools advises that:
- School staff should avoid storing images of, or information about, students on personal devices;
- Student information should not be posted online (including names, videos, photos or work samples) without the written permission of the school, student and parent/carer.
Schools must start to incorporate meaningful, responsible, and mindful practices surrounding the sharing of photos and use of social media. Sourcing automated solutions with privacy/safety/trust-by-design elements must be part of this process so staff feel supported and ready to meet growing compliance obligations.
When deciding which third-party provider to partner with, ask yourself:
- Do they have the right contracts and policies in place to meet the school’s own policies?
- Have they conducted an Privacy Impact Assessment (PIA) on their own technology to ensure they meet the required data privacy and protection practices when serving schools?
- Do they have the right insurances in place?
For those schools active in taking responsibility for their data and social media practices, there are also some great resources available to assist. In Australia, the Safer Technologies 4 Schools (ST4F) certification program is one such resource where pixevety was one of the first Ed Tech providers to sign up to. This Australian and New Zealand Privacy and Security Initiative for Digital Products in K-12 Education is a credible benchmark to refer to when selecting ethical digital services for schools.
If anything comes of this article it is to urge:
- Educators and school leadership to take responsibility and ask yourself whether your school’s current social media practices are aligned to your privacy policy and legal requirements in data protection.
- Parents to consider whether the school’s use of social media channels meets their desired need for online data protection of their children.
The more schools and education institutions realise the intended risks associated with social media use, the more dramatic the shift will be in responsible photo sharing.
