School districts across the country have embraced education technology (“EdTech”) as a means for enhancing school operations and classroom instruction. While the practice of collecting student data is not new – K-12 schools and institutions of higher education have been gathering and reporting test scores, grades, retention records, and the like for years – the means by which student information is collected, the types of information collected, and the entities that ultimately have access to this data have expanded dramatically. At the same time, misuse of student data and poor data security practices in K-12 schools, as well as large-scale breaches of universities’ data systems, demonstrate troubling side effects of unregulated data practices.
Collection of student data through sophisticated technology is widespread and there is a narrow regulatory framework in place governing how data is collected, shared, and used. Federal laws that can be used to reach EdTech directly are limited in their applicability. Over 180 state student privacy bills were introduced in the first half of 2015, and Congress is currently considering multiple federal student privacy laws, including a proposal to revamp our existing federal student privacy law, the Family Educational Rights and Privacy Act (FERPA).
CDT believes that realizing the full potential of EdTech in the classroom requires robust student privacy standards.