California Moves to Create More Protection for Students Online

Student online security is being addressed in California with the signing into law of Senate Bill 1177, the Student Online Personal Information Protection Act (SOPIPA).  The law will prohibit companies from using information about students by way of education technologies for any purpose except for the purpose for which it was collected.

Christopher Piehler, reporting for THE Journal, says the bill also prevents companies from selling student data, puts protections on disclosure of student personal information, and stops targeted advertising on K-12 websites, services, and applications.

The bill was written by Senate President pro Tempore Darrell Steinberg (D-Sacramento), who says it closes a major gap in privacy law. The federal Family Education Rights and Privacy Act (FERPA) prevents students’ personal information from being disclosed by educational agencies, but the new law proves that “privacy and online innovation can be complimentary partners”.

James Steyer, CEO and founder of Common Sense Media, added, “SOPIPA is a true landmark in the efforts to safeguard the privacy of children and teens who are using technology to enhance and personalize their learning … schools can now benefit from the vast potential of educational technology, while keeping students’ sensitive information safe from commercial exploitation.”

Bradley Shear, a lawyer specializing in digital privacy and technology law, said that while:

“…15-25 other states have enacted similar legislation, California is a leader in privacy areas, and it wouldn’t surprise me if other states looked to California to strengthen their own laws.” What makes SOPIPA different, he said, is that “not only does it ban the use of student data for advertising purposes, but also bans the creation of profiles of K-12 students based on their schoolwork that might be used for non-educational purposes.”

He added that ed tech experts need to read companies’ privacy policies so that if there are any clauses that they believe may violate this new law, the clauses may be fixed.

The law came into effect when Google stated earlier this year in federal court that they were scanning student emails for non-educational purposes, according to Government Technology. Other states have enacted student privacy laws — 20 in total — but California’s law is different because the emphasis is on prohibition of data use, not collection of data and governance. The federal government is considering updating the law to protect student privacy. That consideration is currently in the Senate.

Google announced in April that the company had stopped ad-related scanning of student data and any other non-educational scanning. Under the new law, vendors may not use “information, including persistent unique identifiers, created or gathered by the operator’s site, service, or application, to amass a profile about a K-12 student except in furtherance of K-12 school purposes”.

Alex Bradshaw of the Center for Democracy and Technology suggests that legislators who are considering a SOPIPA-type student privacy legislation consider the importance of including user-control provisions in their bill. Bradshaw says to be sure to give parents and students a choice as to how their information is gathered, used and stored.  He adds that the lack of a federal standard could make compliance by ed tech companies complicated, since they often serve schools in more than one state.  The update of FERPA is important to improve protection of students online.

Common Sense, a non-profit helping kids live safely in a world of media technology, is in full support of SOPIPA.  San Francisco’s Virtual-Strategy Magazine quotes the founder of Common Sense weighed in:

“SOPIPA is a true landmark in the efforts to safeguard the privacy of children and teens who are using technology to enhance and personalize their learning,” said James Steyer, CEO and founder of Common Sense. “Thanks to the governor and the leadership of the bill’s author, Senate Leader Darrell Steinberg, families in the Golden State can rest assured that their kids and their schools now can benefit from the vast potential of educational technology while keeping students’ sensitive information safe from commercial exploitation.”

The magazine says that the recently passed AB 1584 (requiring privacy-related specifications in contracts between K-12 agencies and a third-part provider) and the “Eraser Button” legislation, SB568, are proof positive that California places a premium on protecting children’s online privacy.