69ý

Privacy & Security

Ed-Tech Industry Weighs Impact of New Data-Privacy Laws

By Benjamin Herold — October 07, 2014 6 min read
  • Save to favorites
  • Print
Email Copy URL

California Gov. Jerry Brown signed into law last week a sweeping bill aimed at restricting the use of students’ educational data by third-party vendors. The measure is one of the most aggressive legislative attempts to date to balance the promise of digital learning technologies with concerns about the privacy and security of children’s sensitive information.

The new law in California caps a wave of efforts this year by state lawmakers nationwide to better protect students’ sensitive educational information.

The new privacy measures, enacted in 21 states during recent legislative sessions, in some cases build on previous efforts. The new laws generally fall into one of three categories: prohibiting the collection of certain types of student data; attempting to improve state and district data-governance policies; or, in California’s case, establishing comprehensive guidelines for how third-party vendors should handle student information.

Amid the flurry of activity, the impact on educational technology vendors remains uncertain. Industry representatives have mostly expressed public support for the laws that were enacted and shared only mild concerns about possible downsides.

“A lot of the laws that were passed were not specifically aimed at the role of third-party service providers,” said Mark Schneiderman, the senior policy director for the Washington-based Software & Information Industry Association, or SIIA. “We hope there are not too many with unintended consequences that may inhibit legitimate educational purposes.”

Protecting student data has become an increasingly contentious issue over the past year, with parents and activists expressing growing concern about the nature and volume of digital data that schools now share with vendors that host student information in the cloud, track students’ educational progress, and manage administrative record-keeping.

Such worries helped prompt Florida state Sen. Dorothy L. Hukill to sponsor a bill—ultimately signed into law in May by Gov. Rick Scott, a fellow Republican—that prohibits the collection of students’ biometric data, which can include such distinguishing characteristics as fingerprints and iris patterns.

In an interview, Ms. Hukill said that the uses of such data that she found to be either in practice or under consideration by Florida schools—including electronic scanning of students’ eyes or fingerprints when they get on or off a school bus, check out a book from the library, or get in line for lunch—represented a “ludicrous” and unnecessary invasion of privacy.

“There’s no need to scan a child to give them a grilled-cheese sandwich,” Ms. Hukill said. “You don’t use the most intrusive method. You use the easiest method.”

But Mr. Schneiderman pointed to the law as one example of potential “unintended consequences.”

The statute, he said, is imprecise and could be interpreted to limit the use of valuable biometric technologies, such as software programs for foreign-language and special-needs instruction that rely on recording students’ voices.

“There’s a big learning curve for policymakers on this issue,” Mr. Schneiderman said. “We’re hopeful that, over time, policymakers will re-examine that [provision] and understand that there are legitimate, appropriate, safe uses of biometric data, just like any other data.”

During their most recent legislative sessions, more than a dozen states passed laws restricting the collection of some type of sensitive student information, including biometric data, parents’ and students’ political affiliation, and information on gun ownership.

Burden of Responsibility

Industry representatives expressed less concern about the type of legislation enacted in states such as Idaho, which framed its measure around better governance of data by public agencies.

The Student Data, Accessibility, Transparency, and Accountability Act—signed into law in Idaho by Republican Gov. C.L. “Butch” Otter in March—focuses on vesting authority over student-data use with the state board of education and providing districts with guidelines for protecting data and penalties for failing to do so. But the law does not feature any strict mandates or prohibitions.

The bill’s sponsor, state Sen. John Goedde, a Republican, said in an interview that it makes sense to put the burden of responsibility for safeguarding student information on the public sector because the private-sector companies working with schools are generally working directly for states or school districts.

A handful of states enacted similar laws, some of which were modeled in whole or in part on a statute in Oklahoma that gained support from the American Legislative Exchange Council, a legislative-advocacy group based in Washington.

In California, meanwhile, the Student Online Personal Information Protection Act, or SOPIPA, focuses explicitly on ed-tech vendors.

The law prohibits operators of online educational services from selling student data and using such information to target advertising to students or to “amass a profile” on any particular student for a non-educational purpose. The law also requires online service providers to maintain adequate security procedures and to delete student information at the request of a school or district.

“I think this is a blunt call to industry to say that school data is for educational purposes, period,” said James P. Steyer, the CEO and founder of Common Sense Media, a San Francisco-based nonprofit that helped craft the law.

Although Mr. Steyer said that many of the “major players” in the ed-tech industry had attempted to “water down” the bill during the legislative process, Mr. Schneiderman of the SIIA said that the California measure “seems to generally strike the right balance” between recognizing the promise of digital learning technologies and seeking to protect student information.

Impact on Vendors

One way in which the new California law could have a direct impact on industry is by prohibiting vendors from using “information, including persistent unique identifiers, created or gathered by the operator’s site, service, or application, to amass a profile about a K–12 student except in furtherance of K–12 school purposes.”

Such practices came under scrutiny after Google, the Mountain View, Calif.-based online-services giant, was accused of building such profiles in a federal lawsuit that made its way through the courts this year.

The company acknowledged to Education Week that it had been scanning and data-mining student email messages sent using its wildly popular Apps for Education tool suite for purposes including targeted advertising.

Google later ceased that practice, but company representatives have for months declined to clarify whether Google continues to scan student emails and build profiles of children for commercial purposes other than advertising.

Even in California, the final legislation includes some key accommodations to industry concerns, such as specifying that operators be allowed to maintain and use “de-identified,” or anonymous, student information to develop and improve their own educational products and services.

In general, many in the ed-tech sector seem supportive of the new legislation and hopeful that it will not significantly curtail their activities.

“These are the standards and commitments that we already live up to, and that we think every company working with school districts should live up to,” said Justin Hamilton, a spokesman for Amplify, a New York City-based developer of digital products and services. (Larry Berger, the president of the Amplify Learning division, is a member of the board of trustees of Editorial Projects in Education, the nonprofit publisher of Education Week.)

Privacy advocates have also generally supported the California law.

For the bill’s sponsor, California Senate President Pro Tempore Darrell S. Steinberg, a Democrat, acceptance on both sides of the often-fraught student-data-privacy debate offers reason to believe the law can become a model for the rest of the country.

“The bottom line is that it fosters innovation and protects kids’ privacy and demonstrates that these goals can be complementary,” Mr. Steinberg said in an email. “The old notion of trading privacy for innovation is a false choice.”

A version of this article appeared in the October 08, 2014 edition of Education Week as Calif. Tackles Data Privacy In New Law

Events

School & District Management Webinar Crafting Outcomes-Based Contracts That Work for Everyone
Discover the power of outcomes-based contracts and how they can drive student achievement.
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
School & District Management Webinar
Harnessing AI to Address Chronic Absenteeism in 69ý
Learn how AI can help your district improve student attendance and boost academic outcomes.
Content provided by 
School & District Management Webinar EdMarketer Quick Hit: What’s Trending among K-12 Leaders?
What issues are keeping K-12 leaders up at night? Join us for EdMarketer Quick Hit: What’s Trending among K-12 Leaders?

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide — elementary, middle, high school and more.
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.

Read Next

Privacy & Security What Teachers Need to Know About Changes to Instagram Teen Accounts
The adjustments come as Meta faces multiple lawsuits from states and school districts.
4 min read
Close up photo of Black teen looking at Instagram photos on her cellphone.
Anastasia_Prish/Getty
Privacy & Security Download A Tip Sheet to Help Teachers Prevent and Respond to Doxxing
Teachers can be a target for malicious actors. Use this tip sheet to prevent and respond to doxxing.
1 min read
Image of digital safety against doxxing and privacy invasion.
Laura Baker/Education Week via Canva
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
Privacy & Security Quiz
Quiz Yourself: How Much Do You Know About Cybersecurity For 69ý And Districts?
Answer 6 questions about actionable cybersecurity solutions.
Content provided by 
Privacy & Security What 69ý Need to Know About These Federal Data-Privacy Bills
Congress is considering at least three data-privacy bills that could have big implications for schools.
5 min read
Photo illustration of a key on a digital background of zeros and ones.
E+