National Student Privacy Bill Stirs Praise, Renews Concerns

Published July 2, 2015

Reps. Luke Messer (R-IN) and Jared Polis (D-CO) introduced the bipartisan Student Digital Privacy and Parental Rights Act of 2015, which aims to protect student data and strengthen parental rights. The bill received mixed reviews after its release on April 29.

The bill states ed-tech companies and vendors would be prohibited from targeting advertising to a student, selling a student’s information to a third party, and creating a personal profile of a student for a non-school-related purpose. Vendors would be required to disclose publicly and directly to schools the types of information collected and the intended use of the information. In the event of a data breach, companies must contact the Federal Trade Commission and all potential victims of the breach. The bill gives parents the ability to authorize the use of student information for a non-educational purpose. It gives parents the right to access and correct a student’s information covered by the bill. Parents also have the right to delete a student’s information if it isn’t required to be maintained by the school.

“The status quo surrounding the protection of our student’s data is entirely unacceptable,” Polis said in a press release. “It’s like the Wild Wild West – there are few regulations protecting student’s privacy and parental rights, and the ones that do exist were written in an age before smartphones and tablets. Our bipartisan bill is a much-needed first step in providing a framework that can address these concerns of parents and educators while at the same time allowing for the promise of education technology to transform our schools.”

A press release issued by Polis and Messer states the proposed legislation “encourages innovation by permitting school service providers to use information for personalized and adaptive student learning purposes. Providers can also use aggregated and de-identified data [making sure that it can’t be easily re-identified] to improve their products.”

Parent Activists Show Concern

Leonie Haimson, co-chair of the Parent Coalition for Student Privacy, says the bill does not go far enough to protect students.   

“The bill still doesn’t require any parental notification or consent before schools share personal data with third parties,” said Haimson.  “It wouldn’t stop the surveillance of students, or the collection of huge amounts of highly sensitive student information by third parties, as inBloom was designed to do.”

Parents in several states fought for more than two years to stop inBloom, which eventually shut down following public outcry. Officials in some states were uploading personal student data to third-party vendor inBloom. The data sometimes included Social Security numbers and details of familial relationships such as whether a student was a foster child, and reasons for enrollment changes, such as a student leaving school as a victim of a violent incident.

“The bill still allows targeting ads to kids – as long as the ads are ‘contextual’ or selected based on information gathered via student’s single online session,” said Haimson, of the Messer/Polis bill. “We strongly believe that there should be no advertising allowed in instructional programs assigned to students at school, as ads do not aid learning but is a huge distraction to kids. Moreover, how can a parent know if their child is subjected to an ad, whether it is based on data-mining during one session or over time?”

Rachael Stickland, co-chair of the Parent Coalition and Colorado resident, says even though the final draft of the Messer/Polis bill is an improvement the measure still is not strong enough.

“We’re pleased to see some of our recommendations reflected in this draft, including enhanced transparency and some limitations on re-disclosures,” said Stickland. “This bill allows parents to delete personal information from the data collected from their children, but it doesn’t require that parents be informed by either the vendor or the school that this data is being disclosed, collected and data-mined, so how would parents know to ask to delete it? It also allows vendors to data-mine personal information to improve their products or create profiles that could severely limit student’s success by stereotyping them and limiting their opportunities.”

‘An Important First Step’

Khaliah Barnes, director of the Electronic Privacy Information Center (EPIC) Student Privacy Project, says the bill is a step in the right direction.

“[The Polis/Messer bill] codifies portions of EPIC’s Student Privacy Bill of Rights: it grants students access and amendment rights, ensures that student data will only be used in the educational context, requires security procedures [and breach notification], transparency, and above all, accountability,” said Barnes.

“As Congress continues to strengthen the bill, it should consider extending these protections to all students and granting students a private right of action,” said Barnes. “This is an important first step, and now the key is implementation and strong enforcement.”

Fred Humphries, vice president of U.S. government affairs at Microsoft, issued the following statement in response to the bill: “As one of the original signers of the K-12 School Service Provider Pledge to Safeguard Student Privacy, we agree that school service providers must be held accountable for protecting students’ data. Before parents will trust our technology, they need to know that we’ll protect their children’s information. The Messer-Polis bill helps to build that trust. We applaud both the leadership of Reps. Messer and Polis and the process they used to engage stakeholders, and we look forward to working with them as this legislation moves forward.”

Heather Kays ([email protected]) is a research fellow with The Heartland Institute and is managing editor of School Reform News.

Image by Brad Flickinger.