Student Privacy Advocates Praise Bill, But Say It Needs Strengthening

*Originally appeared in PoliticoPro*

The bipartisan student privacy bill introduced today is getting mixed reviews, with privacy advocates praising the effort to update federal privacy law — but also warning that the legislation doesn’t go far enough.

The bill, introduced by Sens. Ed Markey and Orrin Hatch, prohibits the use of personally identifiable information to target advertising to students. It requires districts to minimize distribution of identifiable data and companies to destroy the information when they’re done with it. It also gives parents the right to see — and correct — the information that third parties, including for-profit companies, hold on their children.

Jim Steyer, the CEO of Common Sense Media, called the bill “a step forward” to “update the primary federal education privacy law for the digital age.” And Joel Reidenberg, director of the Center on Law and Information Policy at Fordham Law School, said the draft “addresses an urgent and critical need to draw clear red lines for the protection of student privacy” and to give parents more control over their children’s information.

But the Protecting Student Privacy Act leaves a huge loophole: It covers only official educational records. That leaves unprotected the vast quantities of data that companies collect as students work through online textbooks and apps — including information about their academic skills, work habits and learning styles.

“We need a far stronger bill to do the job that parents are demanding,” said Leonie Haimson, co-chair of the new Parent Coalition for Student Privacy.

She and her co-chair Rachael Stickland expressed concern that the bill does not require parents to give consent before a school or district can share their child’s educational record with third parties. They said they were disappointed as well that districts aren’t required to inform parents exactly what type of data is being shared — or which third parties are receiving it.  And they called for stricter and more specific security requirements to be imposed on companies and organizations that handle student data.

The bill “falls short of what’s needed,” Stickland said.

— Stephanie Simon