Pages

Wednesday, April 1, 2015

Maryland's Student Data Privacy Act of 2015 Is Needed

The Internet and broadband access has led to many innovations in how we teach our children. During the past 10 years, K-12 schools have implemented new and exciting technologies that will help students learn and be prepared for life inside and outside of the workforce. Unfortunately, privacy law has not kept up with the technology that is being utilized by our schools because the primary student privacy law, the Family Educational Rights and Privacy Act (FERPA) was enacted in 1974 and it has not been updated to account for all of the new digital activities and metadata that is being created by students on school contracted digital platforms.

Earlier today, I testified again on behalf of a Maryland bill (HB 298) that would help better protect students' digital privacy without hampering educational technology companies with burdensome regulations.  Maryland's HB 298 is based upon California's landmark Student Online Personal Information Protection Act (SOPIPA or SB 1177).  I testified with the sponsor of the bill along with other advocates and some of my written testimony is as follows:

"House Bill 298 as passed by the House of Delegates is a positive piece of legislation that will help protect the personal privacy and safety of Maryland students and their families.  Three federal privacy statutes address student information that may be collected by and from schools:  The Family Educational Rights and Privacy Act (FERPA), the Children’s Online Privacy Protection Act (COPPA), and the Protection of Pupil Rights Amendment (PPRA).

FERPA was enacted in 1974 when student records were housed in filing cabinets.  This statute is essentially a confidentiality law designed to protect student paper records.  Forty years ago, schools didn’t have personal computers and Internet access.  FERPA was not designed to protect digital student information.  COPPA focuses on the online collection of personal information directly from children younger than 13 years old without parental consent.  The PPRA primarily address the use of certain types of data collected from in-school surveys as well as some marketing activities.   

FERPA covers “educational records” such as transcripts that were originally kept in a school principal or central district office.  The statute specifically carves out an exemption for “directory information” such as a student’s name, address, date of birth, telephone number, age, sex, and weight.  This 1974 definition of “educational records” and the directory information exclusion no longer makes sense in 2015.  Much of the data gathered and utilized by electronic based services is outside the scope of FERPA’s existing definition. 

As an example, the metadata gathered from a learning app used by a child in school is not considered an “educational record” and would not be protected by FERPA.  Under FERPA, the app maker and other third parties such as digital advertising networks may utilize the information obtained from our children’s use of school contracted online digital technologies.  This data which may include information regarding health, sexual orientation, religion, race, etc… may then be utilized by third parties to discriminate against our children when they apply to colleges, for jobs, insurance, etc…              
  
Absent stronger privacy protections for online student content, our children’s privacy will be compromised and innovative learning tools and educational technologies will face increased parent skepticism and opposition.  HB 298 as passed by the House of Delegates helps assuage parent’s fears while not stifling industry innovation.  HB 298 is modeled after California’s widely applauded Student Online Personal Information Act (SOPIPA) that has been called a “landmark” student data privacy bill by the highly regarded K-12 focused publication Education Week.    

Due to the well balanced approach that HB 298 takes, I am asking for your support of this legislation as it passed in the House of Delegates."  

Google and Facebook's representatives were lobbying to add amendments that would gut the bill's privacy protections for our children. Behind the scenes, these two companies appeared to be not just the two primary opponents of this bill but of other similar bills around the country (watch/listen to the testimony).  Google's behavior is not surprising since it has been caught by Politico spending hundreds of thousands of dollars to lobby against privacy bills that would better protect the personal privacy of students and their families around the country. Facebook's participation in this process appears to demonstrate that it wants to enter the education market. Due to Facebook's agreements with data brokers and its troubling privacy practices and policies, student data should not be entrusted on their platform.

The bottom line is that if you care about student privacy and cyber safety, our laws need to catch up with the technology that is being deployed.  To support Maryland's Student Data Privacy Act of 2015 please reach out to the senators on the Education, Health & Environmental Affairs Committee to voice your support.

 Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
No comments: