A pair of prominent U.S. senators introduced new legislation Wednesday that would update the Family Educational Rights and Privacy Act of 1974.
Advocates offered tentative support for the proposal, saying it would help bring federal privacy laws into the digital- and cloud-computing eras. But some observers also expressed reservations that the proposed changes to FERPA may not go far enough.
The new bill, known as the “Protecting Student Privacy Act,” would prohibit the use of students’ personally identifiable information for advertising and marketing purposes, seek to minimize the amount of such information that is transferred from schools to private companies, and seek to limit companies’ ability to build and maintain permanent profiles of students, among other changes.
“This legislation ensures the parents, not private companies, control personal information about their children and that it won’t be sold as a product on the open market,” said one of the bill’s sponsors, Senator Edward Markey, a Democrat from Massachusetts, in a statement.
Orrin Hatch, a Republican from Utah, also sponsored the bill.
A draft version of the legislation has been in circulation since May.
Joel Reidenberg, a law professor at Fordham University in New York and the author of an oft-cited study of school districts’ contracting practices with cloud-computing companies, praised the bipartisan nature of the bill in a statement.
“The proposal will stop the wrongful practice of mining students’ educational records for advertising and marketing purposes and will create a safer environment for children’s data with new security obligations,” he said.
But Reidenberg also described the bill as a “narrowly designed expansion of student privacy protections” that does not address a central privacy challenge of the digital-education era: The rapidly changing nature of what constitutes a student’s educational record.
Advocates in recent months have become increasingly concerned, for example, that much of the “metadata” that students generate—such as what kind of device they use to access digital curricula, where they are using that device, or what time they are doing so—is not protected under FERPA.
“I would like to see educational records expanded to include student emails and other digital communications that contain personally identifiable information,” said Bradley Shear, a Bethesda, Md. -based social-media and digital-privacy lawyer.
[UPDATE (4:20 p.m.):The Software and Information Industry Association, the trade association for software developers, released a statement in opposition of the bipartisan measure Wednesday afternoon.
Vice president Mark MacCarthy called the proposal “well-intended,” but said the provision that prohibits the use of student information for advertising already exists, and other provisions related to data destruction may not be feasible.
“We share the privacy protection goals of Senators Markey and Hatch, but it’s critical to ensure that any new rules do not inadvertently create obstacles to the effective use of information. Innovative education technology is essential to improving education for all students and to ensuring U.S. economic strength in an increasingly competitive global environment,” MacCarthy said.]
In addition to the recent mini-surge of federal movement (last week, the U.S. Department of Education released its second set of data-privacy-related guidelines in five months), dozens of states have either adopted or are considering their own data-privacy legislation.
Check out Education Week’s complete coverage of educational data and privacy issues.
A version of this news article first appeared in the Digital Education blog.