Lesson 3: Data Policies and Privacy
Students learn that the apps, websites, and other computing innovations they use every day require a lot of data to run, much of which they might consider to be private or personal. In the warm up students discuss which of a list of possible information types they consider private. Then students read the data policies from a website or service they use or know about. This investigation focuses on the kinds of data that are being collected, the way it's being used, and any potential privacy concerns that arise. A brief second activity reveals that even data that may not seem private, like a birthdate or zipcode, can be combined to uniquely identify them. To conclude the lesson students prepare for a discussion in the following class about the pros and cons of sharing all this data by journaling about their current thoughts on whether the harms of giving up this privacy are outweighed by the benefits of the technology they power.
This lesson is closely tied with the one that follows. In today's lesson students focus primarily on understanding the kinds of data that are collected by modern apps, websites, and computing innovations, and the ways that this may sometimes lead to sharing private information. In the following lesson students will specifically discuss the pros and cons of sharing that information.
Warm Up (5 mins)
Activity (35 mins)
Wrap Up (10 mins)
Students will be able to:
- Describe the different types of data that are used and collected by modern computing innovations
- Define Personally Identifiable Information as information about an individual that identifies, links, relates, or describes them.
- Explain how disparate pieces of personal information can be combined to identify individuals or deduce other private information.
- Check a few popular websites with students in your school to make sure they'll be able to access those sites' data policies over your school network.
Heads Up! Please make a copy of any documents you plan to share with students.
For the Teachers
- CSP Unit 10 - Cybersecurity and Global Impacts - Presentation
For the Students
- Privacy, Security, and Innovation - Activity Guide
Attention, teachers! Coming soon. Check back for these materials September 4th.
Warm Up (5 mins)
What Information is Private?
Goal: This prompt sets up the rest of the lesson where students will be exploring instances where many of the pieces of information on this list are used by the services they use every day. Aim to push students to think about what it means to say that something is "personal" or "private". This is a lens they should take into the lesson.
Also, point out to students the items on this list that are biometric data: a picture of your face, your fingerprint, and voice/video recordings. Are these considered any more private or personal than the other items? Why or why not?
Prompt: Which of the following pieces of information would you consider to be "personal", as in you wouldn't want it shared with just anyone.
- Your full name
- Your social security number
- Your favorite musician / band
- A picture of your face
- Your fingerprint
- Your birthdate
- Your address
- Where you go after school
- Your phone number
- Your medical information
- Who your best friends are
- Your racial / ethnic identity
- A list of everything you've bought this month
- A list of recordings of your voice
- Your IP address
- A video of you singing
- Your academic history / report card
- The town or city you live in
Discuss: Have students brainstorm silently at their tables, then have them share with neighbors, and finally have them share out with the room.
We know that computing innovations need data to run, but we don't always think about just how personal or private that information may be. We're about to kick off a two-part lesson. In today's lesson we're going to look at just how much personal data we share online. Tomorrow we'll debate the pros and cons of sharing all that data.
Activity (35 mins)
Dated Video: This video is from 2018 but makes the point that students should check that privacy policies are recent. Be prepared to let students know that even though this video was shot in 2018, the same principles are important and apply.
Data Policy Exploration - 25 mins
Today we're going to practice reading data policies to get a sense for what kinds of information is actually being collected by modern computing innovations like websites and apps. We're going to spend today filling out the front part of the activity guide. In the next lesson we'll think more deeply about whether we think the tradeoffs of privacy are worth it, but you don't need to worry about that side of the activity guide today.
Distribute: Give each student a copy of Privacy, Security, and Innovation - Activity Guide
What Is Their Data Policy?: Students should spend 10-15 minutes reviewing the data policies and answering the questions there.
Share Findings: Have groups meet with another group to share what they discovered.
Wrap Up (10 mins)
Review: Review the key takeaways from the lesson and have students record the definition of Personally Identifiable Information in their journal.
Users can control the permission that programs have for collecting their information. As a thoughtful user of technology, don't forget to review the privacy policies of the various apps and programs you use to protect your privacy!
Assessment: Check For Understanding
Check For Understanding Question(s) and solutions can be found in each lesson on Code Studio. These questions can be used for an exit ticket.
Question: Which of the following is NOT a reason that a company would typically collect personally identifiable information (PII)?
Activity Guide: Have students submit their activity guides from today's lesson but be prepared to hand them back out for the following lesson.
CSTA K-12 Computer Science Standards (2017)
IC - Impacts of Computing
- 2-IC-23 - Describe tradeoffs between allowing information to be public and keeping information private and secure.
- 3A-IC-29 - Explain the privacy concerns related to the collection and generation of data through automated processes that may not be evident to users.
- 3A-IC-30 - Evaluate the social and economic implications of privacy in the context of safety, law, or ethics.
IOC-2 - The use of computing innovations may involve risks to your personal safety and identity
IOC-2.A - Describe the risks to privacy from collecting and storing personal data on a computer system.
- IOC-2.A.1 - Personally identifiable information (PII) is information about an individual that identifies, links, relates, or describes them. Examples of PII include:● social security number● age● race● phone number(s)● medical infor
- IOC-2.A.12 - PII can be used to stalk or steal the identity of a person or to aid in the planning of other criminal acts.
- IOC-2.A.13 - Once information is placed online, it is difficult to delete.
- IOC-2.A.14 - Programs can collect your location and record where you have been, how you got there, and how long you were at a given location.
- IOC-2.A.15 - Information posted to social media services can be used by others. Combining information posted on social media and other sources can be used to deduce private information about you.
- IOC-2.A.2 - Search engines can record and maintain a history of searches made by users.
- IOC-2.A.3 - Websites can record and maintain a history of individuals who have viewed their pages.
- IOC-2.A.4 - Devices, websites, and networks can collect information about a user’s location.
- IOC-2.A.5 - Technology enables the collection, use, and exploitation of information about, by, and for individuals, groups, and institutions.
- IOC-2.A.6 - Search engines can use search history to suggest websites or for targeted marketing.
- IOC-2.A.7 - Disparate personal data, such as geolocation, cookies, and browsing history, can be aggregated to create knowledge about an individual.
- IOC-2.A.8 - PII and other information placed online can be used to enhance a user’s online experiences.
- IOC-2.A.9 - PII stored online can be used to simplify making online purchases.