The gloves are coming off.
Even as states around the US have been working on bills to protect student privacy, Congress has been trying to craft national legislation. In July, Sen. Steve Daines (R-MT) and Richard Blumenthal (D-CT) introduced the “Safeguarding American Families from Exposure by Keeping Information and Data Secure (SAFE KIDS) Act,” aimed at establishing clear parameters for using data collected from students. The legislation would also give parents control over who uses their children’s information.
The proposed federal bill is modeled on California's Student Online Personal Information Protection Act (SOPIPA), which takes effect January 2016. It prohibits online educational services from selling student data, from using the information to target ads to students, and/or from creating profiles on students for non-educational purposes. The law also requires online service providers to maintain adequate security procedures and to delete student information at the request of a school or district.
Now comes the wrangling.
In a letter sent on Sept. 9 to the senators, the Software & Information Industry Association (SIIA) critiqued that their draft of the SAFE KIDS Act “would unnecessarily add requirements and restrictions that create conflicting definitions and obligations on school service providers that create a regulatory environment impossible for school service providers to navigate.” The industry trade group particularly takes issue with the fact that the bill could:
limit student access to advanced learning technologies that are essential to modern education by seeking to restrict behaviorally targeted commercial advertising in a way that may limit the use of student information to help educators, students and families identify educational opportunities whether a learning module, college or scholarship even absent consideration.
There are valid concerns that overregulating data privacy could make it restrictive for companies and researchers working to create better learning technologies. But there is no reason for student data to be sold for commercial purposes. It’s a line in the sand that many organizations—including EdSurge—firmly believe should not be crossed.
Leaving the door open for student data to be sold to commercial advertisers has drawn the ire of education groups including Common Sense Media. In a Sept. 21 letter sent to the senators, CEO Jim Steyer says the senators' initial draft is just fine—and blasts SIIA’s proposals as “an unvarnished attempt to undermine policies that would restrict their ability to market their products to children.” He adds:
Under the guise of protecting “advanced learning technologies,” the SIIA also advocates for additional loopholes that give vendors the legal cover to use classroom data to target ads to children and their families. Common Sense recognizes the potential of new learning technologies, but an absence of trust and transparency will undermine this potential.
Steyer also takes issue with the “SIIA’s insistence that Congress pass legislation to preempt state law in this area.” Education has always been a very sensitive issue for states, and many local governments have taken action to address student privacy. The nonprofit Data Quality Campaign reported that 182 student data protection bills were introduced in 46 states this year, and 15 states passed 28 laws.
Still, protecting student privacy has become a priority for federal policymakers. Three other federal bills have been proposed. SIIA has publicly supported the “Protecting Student Privacy Act” proposed by Sen. Edward Markey (D-MA) and Orrin Hatch (R-UT).
Let’s set a high bar for consumer protection. As other industries have shown, companies will find a way to adapt to even the most stringent of legal safeguards.