Some of the hardest-fought battles over education in recent times have involved the use of digital technology in the classroom, whether to personalize student learning or to track grades in real time. Silicon Valley’s interest is piqued and ed-tech investment is booming—almost $1.87 billion was poured into the sector by venture and equity financing in 2014. But the field took a significant hit last year when inBloom, a large student-data nonprofit, collapsed after facing a parent-led backlash.
Private companies in the U.S. ed-tech space allow schools to collect data points about everything from lunch orders to disability status, making parents fearful that such information could be accidentally disclosed, or even follow their children into adulthood. Meanwhile, student privacy regulation is scattershot, often outdated, and varies considerably by state.
As a part of a speech Monday at the Federal Trade Commission about boosting consumer protections online, President Obama proposed the Student Digital Privacy Act, which would shield the personal information and privacy of schoolchildren online. The law would ensure that any student data collected by technology in the classroom could be used only for reasons related to education. Companies would not be allowed to sell such information on to third parties for marketing purposes, such as targeted advertising.
Once the text of the SDPA is released, privacy advocates will be looking for whether it has teeth. Khaliah Barnes, director of the Electronic Privacy Information Center’s Student Privacy Project, told me that with Monday’s announcement, Obama has set the stage for protecting students in today’s connected world. It will be important to examine how the law will actually be implemented and how it will be enforced, she said, but the framework he set out Monday is favorable to students. “We’re looking for a strong bill, and we think it will be there.”
Obama noted that many states have proposed similar legislation, singling out California’s landmark law, the Student Online Personal Information Protection Act, which California Gov. Jerry Brown signed last year. He also acknowledged the 75 companies, including Microsoft and Amplify, that have signed the industry-led Student Privacy Pledge, and he encouraged other education technology companies to do the same. The pledge commits companies to disclosing what type of information they collect about students and for which purpose it will be used. But privacy advocates are lukewarm about this piece of self-regulation, especially given big players like Amazon and the textbook publisher Pearson have not signed on. “A stated commitment to privacy is nice, but it is no substitute for strong federal baseline protections. That’s why the president’s proposal is of the utmost importance,” Barnes told me.
Sens. Ed Markey and Orrin Hatch have also proposed a bipartisan change to the Family Educational Rights and Privacy Act, which intends to protect student data from marketers. But as Politico notes, in its current form, the bill crucially does not update the definition of “educational records,” meaning that it won’t necessarily cover the complete pool of data students generate every day, from search histories to attendance. The California bill, on which the SDPA seems set to be modeled, defines student data more broadly as “covered information,” which includes personally identifiable information created or provided by a student, their guardian, or a school employee, for school purposes.
Obama said that his online privacy proposals were commonsense, pragmatic steps that crossed partisan lines. He emphasized that America invented not only the Internet, but also the Bill of Rights. “And since we’re pioneers in both these areas, I'm confident that we can be pioneers in crafting the kind of architecture that will allow us to both grow, innovate, and preserve those values that are so precious to us as Americans,” he said. He also noted that he was the first president to visit the FTC since President Franklin D. Roosevelt in 1937. “You would think that one of the presidents would have come merely by accident,” he joked.
In addition to introducing the SDPA, Obama used his time at the FTC to propose greater protection for consumer data online, including mandatory reporting within 30 days by companies that are hacked, and will deliver further remarks on cybersecurity and digital access later this week, as part of the lead up to his State of the Union address on Tuesday, Jan. 20.