Following President Obama’s expressed interest in improving student privacy legislation in the K-12 domain, Reps. Luke Messer (R-IN) and Jared Polis (D-CO) introduced on Wednesday (4/29/2015) H.R. 2092: The Student Digital Privacy and Parental Rights Act of 2015. According to The New York Times, “the bill would prohibit operators of websites, apps and other online services for kindergartners through 12th graders from knowingly selling students’ personal information to third parties; from using or disclosing students’ personal information to tailor advertising to them; and from creating personal profiles of students unless it is for a school-related purpose.”
Congress has yet to receive the full text of the bill, but reporting by The New York Times reveals notably points.
First, in addition to rights already available under the Family Educational Rights and Privacy Act (FERPA), parents would have the right to download “material” their children create. It’s unclear at this point if the definition of “material” includes data and metadata gathered from digital tracking, or if it is restricted to information and documentation students create.
Second, parents would have the ability to delete information that schools “do not need to retain.” Until we see the bill’s text, it’s difficult to determine how this right will be constructed in policy and enacted in practice. I will be concerned if schools will be able to liberally define a “need to retain” in order to block a right to delete. In an era of Big Data and data-driven accountability, some advanced schools in this domain will make the argument that historical student data works to the benefit of their analytical aims, and deleting such data will hinder some of their projects. Perhaps the more concerning element of this right to delete is how it narrowly focuses in on schools and exempts educational technology companies from providing the same right to parents and students once they come of age. Of course, this may be clarified in the bill’s construction later on.
Finally, the bill provides edTech companies great liberties to use, disclose, and even sell anonymized data to improve the effectiveness of their products or financially benefit from the sale of data during mergers and acquisitions. I should note that the bill does limit the use of personally identifiable information and restricts personalized advertising to students. Yet, I argue that we need to be wary about freedoms to use anonymized data given that data aggregators and brokers in the long term may be able to reidentify students given enough data.
Rep. Polis defended the bill in a conference call, stating that it enhanced student privacy and allowed for “the promise of education technology to transform our schools.” But, as The New York Times article points out, the efficacy of educational technologies, despite their proliferation in the market, is questionable, and many school districts do not have the skill sets to adequately assess and manage the growing mélange of technological tools in the classroom.
As I wrote about previously when President Obama first explained his intention to improve student privacy, it still concerns me that such a bill fails to include protections for higher education students, especially since many of the same issues apply to this class of students as well.