Since President Barack Obama’s announcement on January 12 that he would propose legislation aimed at protecting student privacy, the issue of how student information is being used outside of the classroom has taken center stage in a national discussion about data and technology. But what makes this issue so important? And what, if anything, is being done to protect student privacy in the meantime?
The answers aren’t so simple. Data mining for personal information has become so prevalent that even K–12 students have become targets of behavioral marketing. This kind of commercialization of personal information has raised serious concerns about how and when student data is being collected, what information is collected, how it’s being used and stored, and whether its collection and use serves an educational purpose.
The primary federal protections aimed at addressing student information are the Family Educational Rights and Privacy Act (FERPA) and the Protection of Pupil Rights Amendment (PPRA). FERPA gives parents the right to see their child’s education records and correct mistakes if any are found. It also provides some protection of personally identifiable student information. PPRA mainly provides protection of student data acquired through federal surveys, requiring parental consent for the collection of certain kinds of data. It also limits the use of information collected for marketing purposes.
However, both of these provisions include exceptions. In certain circumstances, FERPA does not require parental consent for school officials to access personally identifiable student data or for schools to publish student information in school directories. And PPRA makes exceptions for educational products and services, allowing schools to provide student information to third party providers under certain conditions.
Another federal regulation that provides some measure of protection to students is the Children’s Online Privacy and Protection Act (COPPA), which ensures that children don’t share their personal information on the Internet without parental consent. But the protections provided by COPPA only apply to children under the age of thirteen.
Some states have already taken the initiative to introduce statewide legislation, like California’s Student Online Personal Information Protection Act. But the Student Digital Privacy Act, modeled on the California law, could extend those kinds of protections to students across the nation. For now, any future legislation pertaining to digital student data will remain an important topic for educators and parents as well as edtech companies nationwide.