Mozilla Open Badges Legal & Privacy Considerations

Quick update: Last week I designed a graphic for this post that underscores the relative insignificance of the legal considerations of COPPA and FERPA when compared to the lifelong learning impact that we’ve designed Open Badges to accommodate. I forgot to put it into the original post but now here it is! 

The Open Badge Infrastructure (OBI) is based on a simple concept: make it easy for people to issue, earn and display digital badges across the open web. Sometimes the things that sound simple prove to be fairly complicated in implementation. Open Badges is no exception.

Consider that personal privacy stands as one of the primary tenets of the OBI: the individual earner resides at the center of the Open Badge ecosystem. Earners consciously choose which badges they want to earn from a variety of issuers, and they can also choose which badges they’d like to share whether through their own website or through a variety of displayers. Earners are the central axis point of the system; they are the essential social hub. We think that that delicate social hub—the badge earner—needs someone to watch out for their privacy. Consequently, we’re working to ensure that a minimum standard of identity protection is built into the Open Badge Infrastructure.

We’ve spent about the last 1.5 years working on the Open Badge Infrastructure and the last 6 months focusing on the legal and privacy questions this new project has surfaced. We’ve had some great advisors helping us to get this right: many thanks to Mozilla’s Data and Product Counsel, Jishnu Menon, as well as Karen Neuman and Ari Moskowitz of St. Ledger-Roty Neuman & Olson, LLP. You can read some of their fine work addressing legal and privacy questions on our Legal FAQs page.  You can find other aspects illustrated in the Mozilla Badge Backpack’s Terms of Use and Privacy Policy. They’re all worth a read. We’re proud that they’re written in Plain English and not legalese. We want earners, issuers and displayers to understand their rights and understand how Mozilla approaches those rights.

Because our goals for Open Badges include global deployment, the future will find the Open Badges team considering EU legal and privacy laws as well as UK concerns. And as the OBI ecosystem begins to populate across the world, individual earner’s privacy considerations will continue to motivate our work.

For those of you who are not entirely familiar with some of the major issues we’ve been wrangling, read on below to learn a bit more about two of the heavy hitters, COPPA and FERPA.

COPPA
What is COPPA? COPPA is the acronym for the Children’s Online Privacy Protection Act and it’s a US federal law designed to govern and protect children’s online privacy and safety. The Federal Trade Commission administers this regulation addressing data collection and marketing to children under the age of 13. You can read more about it directly from the source: http://www.coppa.org/coppa.htm. COPPA complicates most efforts aimed at children under 13, but there are COPPA-compliant organizations whose primary communications successfully address that audience.

Current predictions seem to point toward COPPA becoming even more restrictive rather than less. Depending on an earner’s personal sharing decisions, the Mozilla Badge Backpack can be a potentially broadly public space. Consequently, at this time, the Mozilla OBI does not permit children under 13 to push their badges into the Mozilla-hosted Badge Backpack. However, it is possible to create and host a siloed Badge Backpack.

Worth noting: we have significant hopes for some external Mozilla efforts along the lines of streamlined identity protection and will keep you abreast of any new developments.

FERPA
FERPA, also an acronym and also a US federal law, stands for the Family Educational Rights and Privacy Act. It’s aimed at providing parents with the right to protect the privacy of children’s education records. Those rights transfer to the student at the age of 18 or whenever they attend a school beyond the high school level. You can read more about it at the government’s website: http://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html. FERPA can introduce a level of complexity for badges emanating from academic institutions. You’ll find some potential best practices about FERPA on our site in the legal FAQs.

– – –
Now you know a bit more about how we designed the Mozilla Open Badge Infrastructure with built in identity and privacy considerations. As always, we welcome your thoughts, suggestions, and assistance in our ongoing endeavor.

More soon.