Who gets access to the kids’ information? InnovateEDU Inc./Project Unicorn’s Pledges are Overly Vague–Did Your School Commit?

The big unknown question is who or what exactly will have access to children’s information that InnovateEDU Inc./Project Unicorn is collecting as part of its (or maybe its funders’?) data interoperability project?

Schools are not legally required to share children’s information with InnovateEDU Inc./Project Unicorn or ed tech vendors, and notably missing from Project Unicorn’s participating schools are the Sidwell Friends School in Washington, D.C. and Seattle’s Waldorf School.  Yet, a number of schools, including the Iowa City Community School District, made the Project Unicorn pledge–perhaps your school district or charter or private school did alsoProject Unicorn is an initiative run by New York based InnovateEDU Inc. to get schools to share children’s information and data with ed tech vendors as part of a data interoperability project. However, we should ask whether our schools’ “commitment to provide secure access to student data” has been subjected to the following scrutinies?

  • Parent,
  • Legal, and
  • Most important ethical review.

Clearly, the answer is no.

That InnovateEDU Inc./Project Unicorn and its profiteering ed tech vendors have not sought explicit informed consent from parents to have access to a child’s information and data is disturbing.

Legally, contract and/or pledge language does not have to be vague yet InnovateEdu Inc./Project Unicorn’s school and vendor pledges are.


Our children are more important than our money, yet banks that protect our money cannot get away with such vagueness. The many problems of the Project Unicorn School Pledge include, but are not limited to, the following:

  • The default is for schools to share children’s information and data. Parents do not have the right to “opt in” to sharing and withdraw permission (“opt out”) at any time.
  • Project Unicorn’s school pledge fails to explicitly
    • define “secure access to student data,” “student privacy,” “digital ecosystem,” “best practices,” “data privacy and security,” “data interoperability,” “data standard alignment,” “empower educators,” etc. (Do teachers and/or parents agree a “digital ecosystem,” whatever that may be, is a desirable goal?)
    • describe what data elements will be collected on children.
    • ban the collection of sensitive data (e.g. school, location(s), free and reduced lunch status, disability status or accommodations, etc.)
    • include a time limit on how long children’s data may be may be stored and/or used.
    • provide notice about the specific purpose(s) for which data will be used.
    • prohibit any participants from using the data for commercial purposes (e.g. to develop and sell “learning tools”).
    • prohibit school vendors from sharing children’s data with third parties.
    • include a requirement that parents will be notified of a breach of privacy involving their child’s information and data.
    • include a prohibition against combining children’s data with behavior, health, employment, or other data.
  • Paragraph #4 of the above pledge deserves special attention, for under it, schools commit to the following:

4) Adopt and Integrate Data Interoperability Standards for Our Technology Use

Therefore, we commit to procuring educational tools that are ranked level 2 or higher on the Project Unicorn interoperability rubric within one year of signing this pledge. Throughout the procurement process we will purchase products that give priority to best practices that protect student data and privacy. We will prioritize secure interoperability and data standard alignment in procurement documents and RFPs. [Emphasis added.]

InnovateEdu Inc./Project Unicorn‘s rubric (screenshot) is below. Under it, data quality level 2 is described as Linguistic plus numeric student identifiers (e.g. last name and grade level). Providing a student’s last name and grade level, which is listed as an example, does not show an intent to protect children’s privacy.

Screenshot_20180906-084026_Hancom Office Editor

Screenshot of Project Unicorn Rubric

InnovateEDU Inc./Project Unicorn‘s vendor pledge, which has many of the problems noted above, is also problematic, in part because it includes: We will ensure that product meets at least a level 2 or above on the Project Unicorn interoperability rubric within one year of signing this pledge. Again, Level 2 of the rubric includes “last name and grade level” as examples.


The Project Unicorn pledges include: “We commit to maximizing equitable access and availability by advocating for data interoperability….”

  • “Equitable access” for whom?
  • “Availability” to whom?
  • And exactly how is “data interoperability” defined and how far does it go?

Even setting aside the ethical problems, the Project Unicorn pledge fails to include the name of a legally accountable business entity with sufficient financial resources to compensate injured parties should there be a privacy breach. InnovateEDU Inc.’s name is missing from the Project Unicorn pledges, and InnovateEDU Inc. was set up as a not for profit.

Ethically, school board members must understand that federal and state privacy laws are a “floor” not a “ceiling,” and their fiduciary duty requires them to do more than the legal minimum to protect children’s privacy. As part of their fiduciary duty, board members must affirmatively ensure that the employees under their control and their subordinates protect children’s information and data and that there are adequate audit and enforcement mechanisms in place to protect the privacy of children. The vagueness of the Project Unicorn pledges, the unknowns surrounding what data is being collected and what will be done with it, and the failure to secure parents’ explicit and informed consent do not support schools participating in Project Unicorn.

While an adult may voluntarily choose to “entrust” their data to Zuckerberg’s Facebook, children do not always have such choices so adults in their lives must protect them. And even if business entities, initiatives, and other profiteers could protect the data, ethically, the data should first belong to the children and their families. Making participation in a “Project Unicorn” and data interoperability project a condition for receiving a public education is an intrusion of privacy and ethically wrong. Say No to InnovateEDU Inc./Project Unicorn and its ilk.

This entry was posted in Children's Data, data interoperability, Data Mining, Ed tech, Fiduciary Responsibility, ICCSD, Iowa City Schools, Monetize children's data, Opt In, Opt Out, Privacy, Project Unicorn, School Board Ethics, Uncategorized and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s