Submission Date:
Question:
I am a school librarian, and just found out my school district is using student-device monitoring software. The software uses AI to check for searches and content that could indicate consideration of self-harm. I am concerned the software will monitor access to school library content and violate student privacy. What can I do?
Answer:
This is a very serious concern.
Use of such monitoring software (such as GoGuardian’s Beacon, Google’s Gaggle, and others) is growing rapidly.[1]
Each technology works differently, but the common function is constant monitoring of searches and content on student devices, to be alert for signs of potential danger. When such potential signs are detected, both AI and real people are used to provide further assessment and intervention.
Deployed properly,[2] such software has been shown to be somewhat effective.[3] But in New York State, as of January 22, 2025, it seems to have been deployed without much overt consideration[4] of a student’s right to confidentially use the school library.
A student’s right to privacy when using a school library is built into governing ethics, educational standards, law, and regulations.[5] It is often also assured by the policies of a particular school district.[6]
As is often the case with rapidly developing technology, it looks like the adoption of the tech may be outpacing the consideration of all relevant legal factors, including how such software will be programmed to not violate the private use of the school library for research and information access.
In the K-12 environment, this is a delicate balance. While schools are allowed to access student education records[7] and library records[8] under particular circumstances, the wholesale monitoring of such records is a violation of the law and the ethics of library privacy. In addition, it is quite possible that students will research or access school library e-content that may “trip” the search terms, and, without a careful effort to exclude library searches and content, the software could yield a false positive… along with a privacy violation.
Where does this leave school librarians?
Since the way this plays out may change from software to software and from district to district, and different districts are in different phases of considering or using such software, it is hard to say. Below is an array of possible actions a school librarian can take to raise a concern:
|
Phase of Concern |
Template language to report concern |
Considerations |
|
1. School is considering use of student device monitoring software but hasn’t purchased it or passed a policy about using it. |
Sample language for raising the concern: “As the product is sourced, please include specific language to ensure the device does not monitor the use of library services. As a policy is developed, it should affirm that library searches and content are not monitored.” Sample language for the procurement: “Product must be able to assure exclusion of school library searches and library-obtained content from searches and reports.” |
Build a supportive team[9] to: Ask to see the procurement documents before the RFP is issued. Stay engaged as a policy is developed. Know how the content is being monitored and who the response team at the district is. |
|
2. School is already using student device monitoring software, there is no policy requiring library services not be monitored, but no incident is known of.
|
At supervisor or IT level: “It has come to my attention that the school is using [SOFTWARE NAME]. Because student library records are confidential by law, it is important that any monitoring software expressly excludes use of library services (searches and content access via the library) or is otherwise respecting the privacy of student library records. I am also concerned library content could yield false positives. How is our district addressing that?” |
Prior to raising such a concern, just like in “1,” above, it is wise to build a supportive team. |
|
3. The request in “2,” above is not answered satisfactorily. |
To the Superintendent or School Board attorney: “It has come to my attention that the school is using [SOFTWARE NAME]. Because student library records are confidential by law, it is important that any monitoring software expressly excludes use of library services (searches and content accessed via the library) or is otherwise respecting the privacy of student library records. I am also concerned library content could yield false positives. How is our district addressing that?” |
Prior to raising such a concern, just like in “1,” above, it is wise to build a supportive team. If possible, having a person from that team raise the issue may be a more comfortable (and effective) approach. |
|
4. No policy is in place, the software is in use, and a possible library privacy violation is detected. |
Make an internal complaint: “It has come to my attention that the school is using [SOFTWARE NAME], and on [DATE], a student’s library search history was accessed. Because student library records are confidential by law, it is important that any monitoring software expressly excludes use of library services (searches and content access via the library). Can we address this issue and ensure the program excludes these materials from searches in the future?” |
Prior to raising such a concern, just like in “1,” above, it is wise to build a supportive team. In this case, the school librarian can raise the issue, but it is very wise to have back-up. |
|
5. Library privacy violation reported and the internal complaint was not responded to meaningfully. |
File an external complaint to NYS Education Department’s Chief Privacy Officer.[10] It is wise to work with allies when crafting this, and to have legal advice[11] if possible. This should include a copy of the internal compliant, so the Chief Privacy Officer knows your district had an opportunity to address this issue itself. |
The link to report to the NYSED Chief Privacy Officer is at: |
This is an important—even vital—topic. While the goal of student device-monitoring software is laudable, improper deployment of such technology can be a disaster. Proper deployment should consider all privacy obligations owed to the students being monitored. While there is not one solution to such a consideration (because the technology will vary from product to product), such assurance is also vital.
Thank you for an important question. “Ask the Lawyer” will be alert for further developments on this emerging topic.
[2] And by “properly”, I mean that the HUMAN team at the other end is not simply an IT professional but an established team of safety and health providers qualified to assess threats and take appropriate action.
[3] See the NYT article cited in footnote 1.
[4] If there has been covert consideration, it’s time to be more obvious, people.
[5] See the American Library Association’s Code of Ethics, FERPA, and CPLR 4509, to name a few.
[6] Such assurance will vary widely, because policy is set at the school board level.
[7] As defined by FERPA and Education Law 2-c.
[8] As Defined by CPLR 4509.
[9] I am very aware that often, the school librarian does not have the access to the school board, its attorney, or upper-level administration. Building a team of your school library system leaders, your 3R, and other support organizations can help.
[10] As of 1/23/25, there is no resolved complaint on file with the CPO as to how this type of concern will be addressed.
[11] Common places to reach out for this type of help are your union, your regional BOCES/school library system, or your regional library council/network.
