Clever Updates Their Privacy Policy, and Does It Well

3 min read

Clever recently updated their privacy terms, and their method and process provides a good example for other companies to replicate.

First, they checked their privacy policy and terms of service into Github. This is a simple step that any edtech company can do. By having terms checked into git, we automatically get an annotated changelog of how terms evolve. This log is a great step toward increased transparency. All companies are using some form of version control to manage their codebase; extending this to their terms of service and privacy policy is incredibly straightforward.

In terms of the actual content, Clever made two substantial changes around how data is treated in case of a sale, transfer, or bankruptcy.

Here is Clever's original language, before the updates:

In the event of a change of control: If we sell, divest or transfer the business or a portion of our business, we may transfer information, provided that the new provider has agreed to data privacy standards no less stringent than our own. We may also transfer personal information – under the same conditions – in the course of mergers, acquisitions, bankruptcies, dissolutions, reorganizations, liquidations, similar transactions or proceedings involving all or a portion of our business.

Here is Clever's updated language, after the updates:

In the event of a change of control: If we sell, divest or transfer our business, we will not transfer personal information of our customers unless the new owner intends to maintain and provide the Service as a going concern, and provided that the new owner has agreed to data privacy standards no less stringent than our own. In such case we will provide you with notice and an opportunity to opt-out of the transfer of personally identifiable Student Data.

The updated language contains two important distinctions. First, the terms now clearly state that personal data will not be transferred as part of any transaction unless the buyer is going to maintain the service, and do so under sound policy. This goes a long way toward mitigating the risk of another ConnectEdu or Corinthian Colleges fiasco.

The second important change in this section is that the terms now guarantee notification in case of sale, paired with user opt-out of data transfers. This puts control in the hands of end users. I'm also assuming here that end users could be both schools that contract with Clever, and people who attend those schools.

The last line of the policy shows an additional minor change: the privacy policy has the date the policy was updated, and the date the updates went into effect. This is a great shift because it shows that a review window of updated terms is a standard part of doing business.

These changes get a lot of things right. By identifying that a sale to a company that wants to maintain and grow the service is a different type of event than a liquidation, Clever combines good data stewardship as a parallel to maintaining the continuity of their service. By committing to notification and user opt out, Clever demonstrates a confidence in what they offer, and a respect for the trust people place in them. By putting their terms in Github, and maintaining solid commit messages, they make it very clear how their terms evolve over time.

Most importantly, both the process that Clever has used, and the content of these changes, show how this can be done well. I'd love to see other companies follow Clever's lead here.

, ,

What Problems Get Solved by the AFT, Clever, and ShareMyLesson Collaboration?

5 min read

On Friday, Benjamin Herold wrote a piece where he outlined the new collaboration between ShareMyLesson and Clever, and how the American Federation of Teachers is backing this collaboration. His piece also stated that connections with Clever could support OER creators. There were a few elements that seemed off in both the deal, and in how it was being described. This piece looks at Clever, ShareMyLesson, and OER, and breaks down some of the implications of the collaboration.

Clever

Clever collects data. Clever specifies ways in which they can share data. Clever can change terms of service at any point, with no notice, meaning that the terms you agree to today might not be the terms you operate under tomorrow. Also, given that the purpose of Clever's Unified Login is to streamline access to other apps, Clever creates a web of connections between different apps, and it is almost certain that each application has its own privacy policy and terms of service. So, even though Clever's terms of service and privacy policies are less than ideal, users of Clever will be shuttled between apps with different terms of service. It's unclear what notice, if any, end users have when they are shifting into activities governed under a different privacy policy. It's comparable to apps on Facebook, where user data is protected largely at the discretion of the individual app developers.

It's also worth noting that many aspects of Clever are very similar to inBloom, particularly in streamlining data that is pushed to student information systems. This EdSurge article from August, 2014, closes with the same conclusion:

“On Clever, when you have students working on half a dozen apps on engagement and performance, the teacher has to login to each to see how the students are doing on each individual app,” Krull notes. “At this point, the next step after customizing the platform for teachers and students is, how can the data from each app come back to a reporting panel?”

Bet that's something we'll see more clever solutions for soon.

Clever's marketing department deserves a lot of credit for avoiding the same notice and backlash experienced by inBloom.

ShareMyLesson

The terms of ShareMyLesson have been baffling for a long time. I've gone into this in the past, and don't have much new to add now except to note that the terms haven't improved at all. It's also worth highlighting that ShareMyLesson could mitigate many of the more obvious problems just by adding licensing options to the screens where members share resources. But currently, ShareMyLesson collects data on end users, claims control over user content and data, and their terms prohibit even basic reuse of content. There is a direct disconnect between the "pledge" on ShareMyLesson, and their terms.

OER

OER doesn't need single sign on to succeed. Lack of access to OER isn't the issue, and OER adoption has been on the rise in recent years for a range of (largely human/organizational, non-technical) reasons. Barriers to OER adoption include widespread use of formats that aren't open or reusable, and misunderstanding around the rights granted via open licensing. In short, when we work with OER, train people on how to use OER, and build systems that support increased use and creation of OER, the barriers are largely human, and not technical.

If AFT had just partnered with CK12, they could have connected with a pre-existing OER community and organization, with a track record in K12, and a large body of resources that are licensed for reuse and increasingly Common Core aligned. AFT could have avoided the privacy issues of Clever, the privacy and licensing issues of ShareMyLesson, and could have gotten down to the business at hand: supporting their members as they teach.

Conclusions and Next Steps

However, both Clever and ShareMyLesson will get some immediate benefits.

Both Clever and ShareMyLesson will get another 1.6 million users. Note, these aren't active users, but in VC-funded EdTech land, the size of your member base is an easy metric to show funders your "value." And, while ShareMyLesson isn't VC funded (to the best of my knowledge - please correct me if I'm wrong), getting another 1.6 million users provides justification and cover for any expense incurred in developing either the site or its resources. Additionally, the increased userbase and corresponding collection of user data makes ShareMyLesson more attractive to any potential buyers. And yes, according to the SML privacy policy user data gets transferred in a sale.

In addition, the AFT is doing some stellar marketing and outreach for Clever. I hope that Clever is paying the AFT a large sum to compensate AFT for marketing directly to teachers and schools on their behalf.

If I was a member of AFT, I'd have a lot of questions about this deal, but I'd start with these five:

  1. Has any of my personal information been shared with either Clever or ShareMyLesson? If yes, what information has been shared, and why? NOTE: I'm assuming that the answer to this question is "no", but it bears asking.
  2. What are the financial details of this arrangement? Is AFT getting paid by Clever, is Clever getting paid by AFT, and/or is there any outside funding helping to subsidize this work?
  3. What data is collected on me by Clever, and by the different applications that Clever integrates?
  4. How can I review, modify, and delete the data collected on my by the Clever, ShareMyLesson, and other applications integrated via Clever? If there is no way for me to do this, how will AFT leadership guarantee the safety of my personal information, and of my site usage information for all apps accessed through Clever?
  5. Why is AFT leadership pushing and championing use of ShareMyLesson, a site that claims control over my work, and claims that my personal information is a business asset?

The responses to these five questions would shape any follow up.

, , , , ,