Over the next few years, federal legislators may work out some of the details on how to codify student data privacy protections.
Congress may make some progress this year as it works through the details of how to protect student data privacy.
Legislators introduced eight federal bills last year that addressed student data privacy, but only three of them seem to have a chance of moving forward in the next few years, said Amelia Vance, director of education data and technology at the National Association of State Boards of Education.
"It's been a continuing priority," Vance said. "I think the question is less about the fact that people care about this issue and much more about how should this work, what is the federal government's role in all this."
For the last two years, congressional leaders and President Obama have publicly said that student data privacy is important. At the same time, legislators and educators have raised concerns about how to find a balance between three things that have kept bills from moving forward at the federal level:
"I would caution people just not to get too prescriptive, saying, 'When you install security, do it this way. And when you're doing something, do it this way.' Because technology evolves so quickly, I'll have to replace it in another year," said Bob Swiggum, CIO of the Georgia Department of Education.
Swiggum served as an expert witness about student data privacy in a hearing before the House Committee on Education and the Workforce on Tuesday, March 22. In that hearing, representatives heard from four witnesses as they considered bills including the Student Privacy Protection Act, a rewrite of the Family Educational Rights and Privacy Act of 1974 (FERPA) that governs student records.
Reps. Todd Rokita (R-Ind.), Marcia Fudge (D-Ohio), John Kline (R-Minn.) and Bobby Scott (D-Va.) introduced the bill in July. This bill would update the law to protect student data in the digital age in seven ways:
Along with Vance, some legislators indicated that the FERPA rewrite could move forward this year.
"Insofar as we have bipartisan legislation already before the committee, I'm confident that we'll be able to pass legislation to update the Education Science Reform Act and the Family Educational Rights and Privacy Act in such a way that maximizes the available use of student information to improve student education policy without jeopardizing student and family privacy," said Scott in his closing remarks.
While the Student Privacy Protection Act could pass this year, several other bills may make progress over the next few years, Vance said:
These two bills place similar restrictions on third-party service providers and give the Federal Trade Commission authority to deal with providers that don't follow the law. A number of their provisions have roots in California's landmark Student Online Personal Information Protection Act (SOPIPA) legislation passed in 2014. They also continue the efforts of a working group that Messer and Polis started in 2014, which resulted in a Student Data Privacy Pledge that more than 200 companies have signed.
The SAFE KIDS Act would give the FTC the authority to enforce student data protections at the provider level. This bill prohibits providers from selling or sharing protected student information, targeting advertising to students based on the data they collect, and sharing data with third-party operators in ways that don't follow the law. It also requires them to establish tighter security protections.
The Messer-Polis bill prohibits third-party service providers from advertising to students based on their behavior online and in the service they provide. It also doesn't allow them to sell student information or create student profiles that don't have educational purposes.