CDT recently put forth a draft federal privacy bill for discussion as well as expanded its focus on student privacy. As momentum grows toward passing federal legislation that provides comprehensive protections for personal information that can’t be signed away, it is important to understand how these bills will affect the education sector. As a first step, the following analysis identifies the considerations of CDT’s draft bill for the education sector that will warrant thoughtful discussion in the new Congress.
|Preemption: Data and technology vendors||
|Federal laws: Children’s Online Privacy Protection Act (COPPA)||CDT’s consumer privacy bill does not preempt COPPA with the exception of the limits on the disclosure of children’s information to third parties and the use of children’s information for targeted advertising purposes (Section 5 of CDT’s bill).|
|Federal laws: Family Educational Rights and Privacy Act (FERPA)||CDT’s consumer privacy bill does not preempt FERPA.|
|Biometric data||The bill permits covered entities to collect and use biometric data if it is necessary to provide service that has been requested but cannot use it for another purpose beyond the reason it was collected.|
|Age for portability and deletion rights||The bill does not define an age for when students and/or their parents can exercise portability and deletion rights.|
|Prohibition of targeted advertising for children under age 13||CDT’s bill prohibits covered entities from using information collected from children under age 13 for targeted advertising purposes; however, the bill does not include a definition of targeted advertising.|