According to The New York Times, California is poised to become the first state to comprehensively restrict how data that technology companies are collecting about students is to be used. Last month California state legislators passed a law prohibiting education sites, apps and cloud services, used by schools, from selling or disclosing personal information about students from kindergarten through high school. It also prohibits the companies from using the children’s data to market to them and it prevents the companies from compiling dossiers on the students.
The law is a response to growing parental concern that sensitive information about children, such as data about learning disabilities, disciplinary problems or family trauma, might be disseminated or disclosed, potentially hampering college or career prospects. Although other states have enacted limited restrictions on such data, California’s law is the most wide-ranging. “It’s a landmark bill in that it’s the first of its kind in the country to put the onus on Internet companies to do the right thing,” said Senator Darrell Steinberg, a Democrat who wrote the bill.
Governor Jerry Brown has not taken a public position on the measure, or on a related student privacy bill regulating school contracts with education technology vendors. If he does act, the bills will become law at the end of this month. Steinberg said that the bills had broad bipartisan support and were likely to be enacted.
The California effort comes at a pivotal time for the technology industry. Schools nationwide have been rushing to introduce everything from sophisticated online portals, which allow students to see course assignments and send messages to teachers, to reading apps that can record and assess a child’s every click. The data-driven products are designed to adapt to the abilities and pace of each child holding out the promise of improved academic achievement.
As schools embrace these personalized learning tools, however, parents across the country have started challenging the industry’s information privacy and security practices. “Different websites collect different kinds of information that could be aggregated to create a profile of a student, starting in elementary school,” said Tony Porterfield, a software engineer and father of two pre-teenage sons in Los Altos, California. “Can you imagine a college-admissions officer being able to access behavioral tracking information about a student, or how they did on a math app, all the way back to grade school?,” he asked.
Although the Family Educational Rights and Privacy Act ( FERPA) limits the disclosures of student education records by schools that receive public funding, critics have long complained that the 40-year old law, written for the file-cabinet era when student records were kept on paper, has not kept pace with digital data-mining. Furthermore, privacy advocates say that many of the details now collected by education sites and apps are not covered by the law because they do not form part of the institutional student education records maintained by schools.
Over the last year, states have introduced more than 100 bills to regulate the collection or handling of students’ information. Many are narrow in scope. Lawmakers in Florida, for instance, passed a measure to prohibit schools from fingerprinting students or collecting scans of their palms or irises, which scuttled the palm-scanning payment system in cafeterias there.
The California measure takes a fuller approach, formally extending privacy protections to a much wider array of information than the official education record covered by FERPA. Among other things, the California bill prohibits companies from selling, disclosing or using for marketing purposes students’ online searches, text messages, photos, voice recordings, biometric data, location information, food purchases, political or religious information, digital documents, or any kind of student identification code. The idea is to prevent companies from using information about students for any activity not intended for school.
“The California statute is filling the void,” said Joel R. Reidenberg, a professor at Fordham Law school who is an expert in education privacy law. “They are modernizing the protection of student privacy for the computer era in schools,” he said.
California lawmakers did make some concessions to the industry. An exception in the legislation, for instance, allows companies to use student data for “legitimate research purposes.”
Source: The New York Times, September 14, 2014, By Natasha Singer
[Editor's Note: In August of 2014, Legal Clips did an article summarizing new Department of Education guidelines on student records. In the guidance issued by the Department’s Privacy Technical Assistance Center (PTAC), titled "Transparency Best Practices for Schools and Districts," schools and districts are urged to be proactive in communicating how they use student data.]