More federal and state policymakers are focusing on addressing data privacy, especially for children, because of increasing concerns about how companies collect and sell user information and how that affects users鈥 mental health.
Congressional lawmakers have introduced several data-privacy bills, some of which deal directly with children鈥檚 online privacy. At least 15 states have enacted comprehensive data-privacy laws since 2020, while other states either have narrower laws or have at least introduced data-privacy laws during the current legislative session, according to .
The problem with some of those policies, according to school data-privacy experts, is they don鈥檛 always consider how day-to-day school operations would be affected. 69传媒 use student data to support decisionmaking, to personalize learning, and for better reporting as required under federal and state laws.
In an April 15 webinar hosted by the Software & Information Industry Association, data-privacy experts discussed three bills Congress is considering and their implications for K-12 schools. The experts were: Amelia Vance, the founder and president of nonprofit advocacy organization Public Interest Privacy Center; Kristin Woelfel, a policy counsel for the Center for Democracy and Technology, a nonprofit that advocates online civil liberties; and Sara Kloek, the vice president of education and children鈥檚 policy at SIIA, a trade association for technology companies.
The Kids Online Safety Act
The , or KOSA, was first introduced in the Senate by Sens. Richard Blumenthal, D-Conn., and Marsha Blackburn, R-Tenn., in February 2022. It failed to pass during that session, so the lawmakers reintroduced the bill in May 2023. As of April 2024, the bill has 67 co-sponsors in the Senate.
KOSA would require certain online platforms to provide children with options to protect their information, disable addictive features, and opt out of personalized recommendations. Those platforms would also be required to design and operate their products in ways that prevent or mitigate negative effects on children, such as mental health disorders, bullying, and sexual exploitation. The bill would apply to any 鈥渙nline platform, online video game, messaging application, or video streaming service that connects to the internet and that is used, or is reasonably likely to be used, by a minor.鈥 It exempts internet service providers, email services, educational institutions, and other specified entities from the requirements.
鈥淭his bill seems to be in response to a lot of attention around social media and impacts that it has been suggested to have on kids,鈥 Woelfel said. 鈥淚 don鈥檛 think KOSA was intended to interfere with any K-12 education services.鈥
However, because the definition of which platforms are covered under the bill is 鈥渧ery broad, it essentially would almost certainly cover a lot of ed-tech platforms,鈥 she said.
Given that the bill would give children and caregivers the right to opt out and modify personalized recommendation systems, it could affect personalized learning software schools use to provide curated lessons and facilitate individualized learning, Woelfel said.
It would 鈥渇rustrate the purpose of that technology and undermine a core function of the school,鈥 she added.
Children and caregivers would also be able to delete accounts, which under the current language could be applied to ed-tech platforms hosting student data, such as assessments, grades, and attendance. In turn, that could 鈥渢hreaten the integrity of academic records,鈥 Woelfel said.
Children and Teens鈥 Online Privacy Protection Act
The , or COPPA 2.0, would amend the original . Sen. Ed Markey, D-Mass., first introduced the revised measure in May 2021 and reintroduced it in May 2023. As of April 2024, it has 17 co-sponsors in the Senate.
The bill would build on the 1998 law. It would prohibit online platforms from collecting personal information from users who are 13 to 16 years old without their consent (the current law only applies to children under 13), ban targeted advertising to children, and require companies to allow parents and children to erase their personal information from the platforms.
Under the proposed updates to COPPA, schools would no longer need to get parental permission to use ed tech in classrooms. COPPA 2.0 would enable schools to consent on behalf of their students to provide access to ed-tech platforms schools have thoroughly vetted and with which they have entered into contracts.
This update is a step in the right direction for superintendents, said Vance, who also heads the Student and Child Privacy Center for AASA, the School Superintendents Association.
At least 11 education organizations鈥攊ncluding the superintendents group; American Federation of Teachers; National Education Association; and the Council of the Great City 69传媒鈥攈ave endorsed the legislation.
Woelfel, however, notes that the definition in the bill is limited to public schools and argues that policymakers should make it broader to include private schools as well.
American Privacy Rights Act
The , or APRA, was introduced earlier this month by Rep. Cathy McMorris Rodgers, R-Wash., and Sen. Maria Cantwell, D-Wash. It would establish a framework for uniform national data-privacy rights for Americans and would hold companies accountable by mandating strong data-security standards.
Similar to KOSA and COPPA 2.0, APRA would have special protections for children younger than 17 years old, so it could have implications for schools.
The bill says that schools wouldn鈥檛 be required to delete data that would interfere with education services, but it doesn鈥檛 provide protections for contractors that schools might hire to provide an educational service, the panelists said.
The measure would also require any organization that uses algorithms for 鈥渃onsequential decisions related to housing, employment, education, health care, insurance, credit, or access to places of public accommodation鈥 to offer consumers a right to opt out.
Woelfel said she鈥檚 concerned about what that would mean for schools if students and families could opt out of ed tech that schools use for day-to-day operations. For instance, if a district uses an adaptive learning software, and students and parents could opt out, then it could undermine teachers鈥 ability to facilitate personalized assignments for students.