Digital revolution in the classroom—What protections are there for student privacy?

Two congressmen are proposing a bill to place limits on how education technology companies can use information about students.

Photo by Jeff Peterson (Flickr)

Advancing technology has become extremely beneficial and important in educating youth, ranging from elementary through high school.  Schools around the country rely on third party companies to provide services that include student email accounts, homework portals, digital grade books, and exams.  With technology, there is always the fear of what personal information is being shared across the Internet.  The current federal privacy law, the Family Education Rights and Privacy Act (“FERPA“), does not have much to say about the information gained through advanced technology.  FERPA only concerns security of basic demographic information collected and held by schools themselves.

Representatives Jared S. Polis (D-CO 2nd District) and Luke Messer (R-IN 6th District) of the U.S. House of Representatives plan to introduce a bill, the Student Digital Privacy and Parental Rights Act of 2015, which will restrict technology companies that operate school services from knowingly using or disclosing students’ personal information.  The bill applies to students from Kindergarten through twelfth grade.  In addition, the bill will bar companies from collecting or using student data to create marketing profiles and using the data to personalize ads directed at particular students.  Under the bill, a company must delete the students’ records should a school request it and must allow parents and schools to see and correct student files.

“If we are going to be connected, then we need to be protected…”

The bill’s creation was encouraged by a variety of factors.  In January 2015, President Barack Obama proposed the Student Data Privacy Act, along with other federal legislation intended to protect consumer information in response to the online security breaches that affected Sony, Target, and Home Depot in 2014.  President Obama recognized that digital education is expanding across the nation, and said in a speech to the Federal Trade Commission, “if we are going to be connected, then we need to be protected.”  Parents are concerned that this protection is especially needed against companies that could potentially collect and share sensitive details about their children.

In February 2015, Tony Porterfield, a father of two sons and software engineer, became curious about the reading assignment his two sons had to complete online on a site called Raz-Kids.com.  Porterfield told The New York Times that he was shocked to discover that the site had no security protections, allowing unauthorized users to gain access to details like students’ names, voice recordings, and skill levels.  Concerned for this potential security breach, Porterfield immediately contacted the website to inform them of his concerns.  Porterfield decided to examine twenty other digital education products, and found other potential security problems on products used by millions of teachers and students across the nation.

Most recently, Pearson Education, a leading educational publisher, has been under scrutiny for monitoring students’ Twitter posts and other social media accounts.  Pearson teamed up with schools to give math and English tests called the Partnership for Assessment of Readiness for College and Careers, or PARCC, to measure students’ preparedness for life after graduation.  Pearson monitored students’ social media accounts after the test was administered to make sure students did not disclose test questions.  Parents, teachers, and administration became outraged with the invasive and unfair practices of Pearson.

Parents are not informed if and when such security breaches occur, and do not know if this information will harm their child’s future college applications, ability to get a job, credit scores, and overall reputation.

Although the bill is seen as a first step in increasing the trust between the public and education technology companies, there are many flaws, loopholes, and criticisms regarding the legislation.  The concerns fall under the broad umbrella of student privacy, including the fear of hackers taking a child’s information and causing the child to become a victim of identity theft, cyber bullying, or unwanted contact by strangers.  Parents are not informed if and when such security breaches occur, and do not know if this information will harm their child’s future college applications, ability to get a job, credit scores, and overall reputation.

Unfortunately, school districts lack the resources to be able to monitor how technology vendors use and secure their students’ records.  For instance, parents are troubled by the thought that companies can share sensitive information including students’ grades, disciplinary actions, or health data with college or job recruiters.  The use of this information only would cause negative implications for these children’s futures.

Critics have complained that the bill does not require parental notification or consent before schools share personal data to third parties.  The bill also does not address any of the weaknesses in FERPA.  Companies such as Pearson will still be able to collect and share huge amounts of private information, sell that information to third parties, or use the information for data-mining to improve their products.  Opponents feel that the bill fails to uphold what President Obama promised the nation—that data collected in an educational context could be used only for educational purposes.

The educational technology industry has lobbied against any kind of federal regulation.  The industry feels that too many restrictions would slow down innovation.  Instead, the industry proposes that companies sign a voluntary “Pledge to Safeguard Student Privacy,”,which has been signed by 125 educational technology companies of all sizes and including such industry giants as Apple and Google.  By signing this pledge, companies promise to maintain security programs reasonably designed to protect “[s]ecurity, privacy, confidentiality, and integrity of student persona information against risks.”

Drafters of the bill also note that states have the freedom to enact laws that are more restrictive if they see fit to do so.

Supporters of the bill, including Microsoft and Common Sense Media, believe this is a great first-step in addressing the concerns of parents while also allowing the promise of education technology to transform our schools.  The bill was created with input from the White House and joins a previous Senate proposal and much action on the state level from regulators and sector leaders.  Drafters of the bill also note that states have the freedom to enact laws that are more restrictive if they see fit to do so.

The public will have to wait for the final draft of the bill to be released and to see how Congress will react to this proposal.  Representatives Polis and Messer believe only time and the future development of technology will determine how much further states will want to go in addressing these privacy concerns.  Until Congress receives the message that more needs to be done, the writers of this bill feel that this is a reasonable floor of protection.

Avatar photo
About Danielle Feller, Associate Editor (16 Articles)
Danielle Feller is a 2016 graduate and served as an Associate Editor for the Campbell Law Observer during the 2015-2016 academic year. She is originally from Mooresville, North Carolina and graduated from North Carolina State University in 2013 with a degree in Political Science with a concentration in Law and Justice and a minor in Business Administration. Following her first year of law school, Danielle interned at the Mecklenburg County Public Defender's Office in the Felony Unit. Following her second year of law school, Danielle interned at the Office of the Federal Public Defender for the Eastern District of North Carolina. Danielle is also worked as Professor Bobbi Jo Boyd's research assistant during her third year of law school.
Contact: Email