By: Zaq Lacy

The debates surrounding the use of technology in the classroom have raged for many, many years, arguably beginning with the introduction of the blackboard in 1801 and evolving as society has advanced.[1] Regardless of what position you take as to whether technology is beneficial, there can be no doubt that it has become prolific in K-12 classrooms across America, integrating into a wide variety of facets of the classroom and school that directly interact with students.[2] With the level of sophistication that today’s technology has, the rapid expansion of that technology being used by students, and the sheer amount of information being transmitted, these students’ privacy is at risk in three ways: illegal data collection, susceptibility to criminal activity, and identity theft caused by hacking.[3] Many of these students are under the age of 13 and are supposed to be protected by the Child Online Privacy and Protection Act (“COPPA”), a federal statute passed enacted in 1998 which was designed to restrict the collection of personal information from children online.[4]

Unfortunately, a combination of ambiguities and confusion in COPPA’s language[5] and a lack of enforcement by the Federal Trade Commission[6] has resulted in a failure to protect children, particularly those using technology in school.[7] Despite the glaring flaws in COPPA and other current federal laws dealing with student privacy, Congress has made it clear that it will not take steps to remedy this situation, leaving it up to individual states’ legislatures to address the rising concerns.[8] California paved the way with their Student Online Personal Information Protection Act (“SOPIPA”) in 2014,[9] which is regarded as the “most successful and strict piece of privacy legislation” and is the template for a number of other states’ attempts at bolstering protections for students.[10] It was written to fill in the gaps left in federal privacy laws and was the first to target “operator[s] of [I]nternet web site[s], online service[s], online application[s], or mobile application[s],” and applies to any educational technology (“edtech”) companies that reach California K-12 students, regardless of whether such companies are based outside of California.[11]

SOPIPA provides a number of restrictions on what information edtech companies connect collect and what they cannot do with the information they have collected, including selling data for commercial purposes.[12] It also includes affirmative obligations for such companies, requiring that they maintain and enforce appropriate security procedures to prevent “unauthorized access, destruction, use, modification, or disclosure” of student data, and to delete any such data upon request.[13] These are major steps in student privacy, but SOPIPA is still considered an imperfect solution.[14] Among other things, SOPIPA does not appear to hold to the Federal definition of de-identification of data, which companies may use for commercial use.[15] Additionally, questions over enforcement could prove troublesome, particularly where teacher awareness of SOPIPA standards regarding free edtech products is concerned.[16] Despite this, SOPIPA answers a number of the issues that were left untreated by federal law.

Recognizing the potential of SOPIPA, numerous other states have introduced similar legislation, and fifteen other states adopted variations of this law in 2015, adjusting it to fit their needs.[17] Even though there are still some kinks to work out, it is clear that SOPIPA is paving the way to stronger protections for our students’ data privacy when using technology at school.

 

[1] See Michael Horn, New Research Answers Whether Technology Is Good or Bad for Learning, Forbes.com (Nov. 14, 2017 8:28 am), https://www.forbes.com/sites/michaelhorn/2017/11/14/new-research-answers-whether-technology-is-good-or-bad-for-learning/#69fbd08f19d7.

[2] See Zaq Lacy, Is Classroom Technology Making Student Privacy Obsolete?, U. of Rich. J. of L. and Tech.: Blog (Nov. 9, 2018), https://jolt.richmond.edu/2018/11/09/is-classroom-technology-making-student-privacy-obsolete/.

[3] See Alexis Peddy, Note, Dangerous Classroom “App”-titude: Protecting Student Privacy from Third-Party Educational Service Providers, 17 B.Y.U. Educ. & L. J. 125, 128 (2017).

[4] 15 U.S.C. § 6501(1) (2012).

[5] See Peddy, supra note 3, at 130.

[6] Id. at 135.

[7] Id. at 136.

[8] Id. at 142.

[9] Student Online Personal Information Protection Act of 2014, Cal. Bus. & Prof. Code §§ 22584-22585 (Deering 2014).

[10] See Peddy, supra note 3, at 147.

[11] Dylan Peterson, Note, Edtech and Student Privacy: California Law As a Model, 31 Berkley Tech. L.J. 961, 973 (2016).

[12] See id. at 973-74.

[13] See id. at 975-76.

[14] See id. at 983.

[15] See id. at 992.

[16] See id.

[17] See Tanya Roscorla, More States Pass Laws to Protect Student Data, Govtech.com (Aug. 27 2015), http://www.govtech.com/education/k-12/What-States-Did-with-Student-Data-Privacy-Legislation-in-2015.html?utm_source=related.

Image Source: http://blog.identityautomation.com/6-things-schools-can-do-to-ensure-student-data-privacy