States Seek to Backstop U.S. Data Privacy Laws
California is poised to become the first state to restrict the use of student data by third-party technology vendors.
Two student data privacy bills were sent to California Gov. Jerry Brown earlier this month, including one that prescribes privacy guidelines for contracts between school districts and technology vendors. Along with contracts, California State Assembly Bill 1584 covers the privacy of student records and digital storage services along with educational software that could be used with data analysis tools for marketing purposes.
Separate legislation, State Senate Bill 1177, would prevent vendors from building student data profiles that could be used for targeted advertising and other non-education purposes.
The California bills are part of a wave of state and federal legislation cracking down on the use of personal information as big data enters the classroom via online learning and other new teaching aids.
Existing federal laws include the Family Education Rights and Privacy Act (FERPA) and the Children’s Online Privacy Protection Act. COPPA restricts the collection of personal information online from children under the age of 13.
A raft of proposed state laws stems from concerns that federal laws do not go far enough to protect student privacy as educational vendors use analytics tools to comb through vast amounts of data generated by students in digital classrooms.
Some U.S. lawmakers seem to agree. Senators Edward Markey (D-Mass.) and Orrin Hatch (R-Utah) introduced legislation in July titled the “Protecting Student Privacy Act” that aims to update sections of FERPA to strengthen privacy protections for student records. The proposed bill spells out data privacy responsibilities for education agencies and outside contractors. It also ties federal education funding to compliance with the stricter privacy rules.
Data services providers would be required under the Senate proposal to maintain the same or higher privacy standards than schools as a way to prevent the marketing of student data.
State legislation aimed at tightening data privacy rules also is aimed at shoring up compliance with existing federal laws. In California, the state assembly bill, 1584, stipulates that student records remain under the control of educational agencies and that third-party contractors must describe what actions they will take to ensure the “security and confidentiality of pupil records.”
The bill also stipulates that school districts and technology vendors must “ensure compliance with the federal Family Educational Rights and Privacy Act.”
Back in Sacramento, Gov. Brown has until Sept. 30 to sign or veto the student data privacy bills.
Some worry that the barn door is being closed after the horse has escaped. One reason is that academic metadata is already distributed among various vendors, including some who serve as data brokers. “Absent laws in place that hold vendors accountable, there will be bad actors that spoil the whole bunch, and tar and feather the whole industry,” privacy attorney Bradley Shear, told the Center for Digital Education in July.