President Barack Obama proposed Monday a new Student Digital Privacy Act aimed at preventing companies from selling sensitive student information collected in schools and from using such data to engage in targeted advertising to children.
The proposed legislation, the full details of which have not yet been released, will be modeled on recently passed state legislation in California. The president’s announcement, made at the Federal Trade Commission, also included proposals for a new law aimed at protecting consumers’ privacy, including the establishment of a single national standard that companies must notify their customers within 30 days of any breach that results in personal data being stolen or misused.
“If we’re going to be connected, then we need to be protected,” Obama said.
In an interview, James Steyer, the CEO and founder of Common Sense Media, a San Francisco-based non-profit that was influential in the passage of the recent California law, hailed the new proposal as a necessary complement to the Obama administration’s efforts to expand broadband access for schools.
“You cannot wire every classroom in America and put laptops and iPads in there without establishing clear and rigorous privacy protections,” Steyer said. “This is a major win for kids.”
Many observers from both industry and education tempered their responses to Monday’s announcement, saying they wanted to see the details of the legislative language that is eventually proposed. But reaction was still overwhelmingly favorable.
For example, the Electronic Information Privacy Center, a Washington-based advocacy group that has been sharply critical of the U.S. Department of Education on the issue, called the president’s proposal “very promising.”
And the National Association of Secondary School Principals, based in Reston, Va., said in a statement that educators supported the news.
“We hope the new legislation will ultimately have the effect of reducing the confusion caused by the patchwork of guidelines” currently in place, said the group in a statement.
There are a number of potential hurdles to getting a strong new federal student-data-privacy law passed, however.
The president is unlikely to find much support for his policy priorities in the newly elected, Republican-controlled Congress, although student privacy is one area where he may be able to woo some GOP members.
And while Obama praised a voluntary initiative in which 75 companies have pledged to offer protections to students and families, industry groups were also not thrilled with the proposal.
“At a time when our nation has increasingly stiff global competition, we must balance privacy protection with the critical need for local schools and teachers to have access to advanced learning technologies,” said a statement from the Washington-based Software & Information Industry Association.
The trade association has argued that self-regulation, and not new legislation, is the optimal way to protect students while allowing for innovation.
“We are concerned that, unless a new federal law pre-empts all state laws, it risks adding another layer to the confusing patchwork of regulations now facing local schools and service providers,” the SIIA’s statement said.
That points to another significant potential challenge facing the proposed new federal legislation: States have already been active in enacting their own laws on the issue. It remains unclear if a new federal law would trump those statutes.
“There are multiple different ways that states have defined and circumscribed how student data needs to be handled,” said Douglas Levin, the executive director of the State Educational Technology Directors Association, based in Glen Burnie, Md. “A new federal law could lead to a situation where those laws are in direct conflict. Or, if it doesn’t preempt state law, it could create an even more complicated playing field for companies.”
New student-data-privacy measures were enacted in 21 states during recent months.
The Current Landscape
Ideally, the nation would have a “single high-quality federal standard” around how student data should be protected, said Joel Reidenberg, a law professor at Fordham University who authored a much-cited study on privacy concerns surrounding schools’ contracts with cloud-service providers.
Obama’s proposal, called the Student Digital Privacy Act, could serve in that capacity, he said, but “right now, we don’t know what the proposal actually says.”
Reidenberg and others also expressed concern about a how a new federal statute would interact with the three major federal student-privacy related laws already on the books: the Family Educational Rights and Privacy Act, the Children’s Online Privacy Protection Act, and the Protection of Pupil Rights Amendment. Many educators and privacy advocates have long argued that those laws are outdated, poor fits with each other, and poorly enforced.
The California legislation upon which the new proposed federal law will be modeled, meanwhile, is widely regarded as the strongest state-level response to date. The Student Online Personal Information and Protection Act, signed into law by Gov. Jerry Brown in September, prohibits operators of online educational services from selling student data and using such information to target advertising to students or to “amass a profile” on students for a non-educational purpose. The law also requires online service providers to maintain adequate security procedures and to delete student information at the request of a school or district.
But some critics, including Parents For Privacy, a recently formed coalition of advocates, argue that even that statute is riddled with loopholes and fails to provide notification requirements for parents.
The industry pledge praised by Obama during his speech at the FTC is a project of the SIIA and the Future of Privacy Forum, a Washington think tank.
“We want to encourage every company that provides technology to our schools to join this effort,” the president said. “If you don’t, we intend to make sure that those schools and those parents know that you haven’t joined this effort.”
Obama also announced new tools from the U.S. Department of Education and its Privacy Technical Assistance Center. A new “model terms of service” and new teacher-training assistance will be forthcoming, according to the White House fact sheet.
The Data Quality Campaign, a Washington-based nonprofit, described those efforts as encouraging.
Today, many model terms of service put forward by educational technology companies of are not written in any way that district officials, teachers, and parents will understand, said Paige Kowalski, the director of state policy and advocacy for the DQC.
Creating model examples could give states and districts the ability to craft policies setting clear expectations up-front, Kowalski said . And for digital products that are already in the market, she said, the model terms of service could also help K-12 officials identify clear “red flags” for potentially high-risk apps and other tools to be avoided.
No specific timeline for either the new tools or the proposed legislation has yet been announced.
Obama expressed optimism that something will get done.
“This should not be a partisan issues,” the president said. “It’s one of those new challenges in our modern society that crosses the old divides.”
(Update: This post was updated to include details from President Obama’s announcement and reaction from experts and interest groups.)
Sean Cavanagh and Michele Molnar contributed reporting to this story.
Photo: President Barack Obama, center, instructs guests on how to sign a digital pledge on their electronic tablets as he hosts ‘ConnectEd to the Future’ at the White house in November. (Pablo Martinez Monsivais/AP)
- ‘Landmark’ Student-Data-Privacy Law Passed in California
- Ed-Tech Industry Weighs Impact of New Data-Privacy Laws
- Senators Introduce New Federal Data-Privacy Legislation
A version of this news article first appeared in the Digital Education blog.