IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Maryland Proposes New K-12 Student Data Privacy Law

Responding to lessons learned from the implementation of a 2015 student privacy law, Maryland lawmakers want new measures to redefine protected information and require oversight of technology used by students.

maryland capitol
As schools have been adopting a plethora of new digital learning tools, legislators in Maryland are pushing for new K-12 student data privacy regulations to prohibit companies from collecting student information for marketing purposes.

Noting concerns about student privacy, state lawmakers sent Senate Bill 325 to the House for consideration late last month to refine Maryland’s Student Data Privacy Act of 2015, which requires operators of ed-tech websites and applications to protect sensitive student information from unauthorized access and data breaches, as well as vendors to delete data upon request by local school officials.

The new bill comes three years after the state established its Student Data Privacy Council to assess the implementation of guidelines from the 2015 bill. The council’s resulting report, released last year, noted that much of the burden has so far been on schools to contract with vendors and ensure compliance, in the absence of other state accountability measures or monitoring.

According to language in the bill, SB 325 would require local districts to submit a list of digital tools approved for use by educators, and it would require the Maryland State Department of Education to keep and annually update an online database of K-12 ed-tech tools used in state schools. In addition, the law would define “covered information” protected by state law as data that can be linked to individual students for marketing and advertising purposes.

State Sen. Susan Lee, the primary sponsor of the Senate bill and Student Data Privacy Council member, said the legislation is “designed to tighten our state laws surrounding privacy of students whose local school systems contract with vendors to provide digital tools.”

“There are many priorities in the space of privacy, but none as important as those for children who lack the ability to consent to contracts, but whose every keystroke can be tracked for a lifelong record that is hard to expunge,” she said in an email to Government Technology. “Children deserve to be protected before they have the ability to consent that their data be shared and sold to third parties.”

Lee expects the bill to pass the state House of Delegates in the months ahead as K-12 policymakers on the local, state and national levels place more focus on student data privacy protections amid the efforts of schools to digitize instruction.

“[The] session ends the second week of April, so we will know definitely then the status of this law,” she said.

According to the council’s report, Maryland has modeled much of its K-12 data regulations on California’s Student Online Personal Information Protection Act (SOPIPA) — the first state law to address K-12 student data privacy concerns. Maryland is among 40 states with one or more K-12 data privacy laws, and among 20 states using SOPIPA as the basis for K-12 privacy legislation, including Arizona, Connecticut, Delaware, Maine, Michigan and Nebraska, among others.
Brandon Paykamian is a staff writer for Government Technology. He has a bachelor's degree in journalism from East Tennessee State University and years of experience as a multimedia reporter, mainly focusing on public education and higher ed.