Student Privacy Legislation

Share |

As Congress considers student privacy legislation in the waning days of this session, it is important to keep in mind two major points.  First, strong, multi-layered protections are already in place: current law, contracts, and voluntary industry commitments are all working together to safeguard student privacy.  In particular, current law already forbids using student information for targeted advertising, and the industry is in compliance with this prohibition.

Second, if it rushes to act this session on this complicated issue, Congress risks adding another inconsistent set of requirements to the already confusing patchwork quilt of state and federal laws.  A new federal law that simply adds a layer of inconsistent requirements would not only be a difficult burden for innovative American companies that are supporting student learning, it would create a significant and costly challenge for our schools and educators.

One element of proposed Federal privacy legislation, for instance, would impose data breach notification requirements on schools, even though there are 47 state laws that require data breach notification, and an inconsistent national data breach notification bill pending before Congress.

As part of this debate, attention has been focused on a theoretical concern over the use of student information for targeted marketing. Here is what the Department of Education has said about how current law addresses this issue:

“Under FERPA [Federal Educational Rights and Privacy Act], the [educational technology provider] provider may not use data about individual student preferences gleaned from scanning student content to target ads to individual students for clothing or toys, because using the data for these purposes was not authorized by the district and does not constitute a legitimate educational interest as specified in the district’s annual notification of FERPA rights.”

Late last year, SIIA and the Future of Privacy Forum developed a student privacy pledge.  President Obama and numerous education and consumer groups have endorsed the pledge – and importantly, over 170 educational service companies have signed the pledge, agreeing to be held publicly accountable to specific student privacy and security commitments.

This student privacy pledge specifically addresses the advertising issue by committing signatories to:

“Not use or disclose student information collected through an educational/school service (whether personal information or otherwise) for behavioral targeting of advertisements to students.”

Student privacy legislation is not needed to address this issue of targeted advertising, but we remain committed to working with members of Congress as they look at the issue of privacy generally.  We are particularly focused on ensuring that any action does not interfere with the advancement of student information to enhance learning.  We have done this productively with state legislators around the country.

Mark Mark MacCarthy, Senior Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology. Follow Mark on Twitter at @Mark_MacCarthy.