Schools need up-to-date data privacy law

NEARLY TWO DECADES ago, when Kate was a teacher in the Atlanta Public Schools, she kept her students’ records in manila folders, stored in a metal file cabinet. Each one contained student work, a diagnostic reading test proctored one-on-one at the start of the school year, and family correspondence and contact information.

Kate submitted attendance and final grades via a monochrome interface on a clunky desktop computer. Otherwise, evidence of teaching and learning was captured exclusively on paper.

In the years that have followed, our way of living and working has become increasingly dependent on digital connectivity. This certainly has been true in our K-12 schools.

Since teaching, Kate has been an education attorney supporting school districts across the country and then worked as chief legal counsel at the Massachusetts Executive Office of Education. From 2001 to 2011, Jeff was an elected school committee member in Franklin and served as House chair of the Joint Committee on Higher Education in the last legislative session. Through different lenses, we have witnessed considerable shifts in public education, significantly driven by digital learning technology.

If you somehow missed it before, the increasing use of digital solutions and applications in our elementary and secondary schools has been on full display during the pandemic.

Kate’s oldest son navigated first and second grades during remote or hybrid weeks, and she watched (and heard) him create a data footprint on a daily basis that dwarfed the information her students generated in an entire school year. Back in the school building, he – like thousands of Massachusetts students and their teachers – logs in to digital devices to access curricular materials each day.

Despite the seismic shift with technology, our education laws are written as if student data is still confined to the four corners of manila folders.

Massachusetts is one of only five states that has not updated its state laws to acknowledge the proliferation of digital education data and ensure protections for its students. Other states have established robust privacy and security requirements regarding student data. And they have codified accountability levers, providing families with greater insight into the data collected from their children.

These updated laws also place guardrails around the use of student and educator data, prohibiting commercialization and over-collection/over-surveillance.

Massachusetts needs to catch up. That’s why, at the beginning of this year, we filed the Student and Educator Data Privacy Act, House Bill 127. Building on bills that were reported favorably by the Joint Committee on Education in the last session, ours establishes comprehensive requirements for education technology service providers, enabling the Commonwealth, school districts, and schools to assert privacy and security expectations for their students and educators.

In crafting H.127, we analyzed and incorporated the best of other states’ legislation – like extending protections to certain data collected from and about our students’ educators and ensuring that protections extend to preschool programs run by public school districts. Consulting national and local education data and legal experts, we’ve crafted legislation that protects and empowers our students, educators, and families.

The act would require education technology service providers to adhere to critical security practices and prohibit them from commercializing student and educator data – e.g., targeted advertising, amassing student profiles, and selling private data. It authorizes individuals and schools to bring civil actions for noncompliance and the commissioner of elementary and secondary education to bar an operator that fails to comply with privacy and security protocols.

The act supports districts and schools by establishing a chief privacy officer at the Department of Elementary and Secondary Education to develop and provide model agreements, guidance, and technical assistance. School districts likewise will ensure that student and educator data privacy is a priority by designating an individual as a data manager. And families will be able to review publicly available lists of the student data collected and the operators that have access to that information, fostering greater trust among the community.

There is great promise in harnessing the best of technology to maximize student learning and engagement in both physical and remote classrooms. Kate has imagined how digital applications that exist for today’s students might have complemented her lessons years ago – offering multimodal delivery of curriculum, assisting with necessary remediation, and encouraging self-directed learning. Yet she’s also watched her son access a math application through school that now is the subject of a Federal Trade Commission complaint related to its aggressive marketing of fee-based perks.

To ensure education technology is employed and leveraged appropriately, Massachusetts law must acknowledge that student and educator data is overwhelmingly digital and establish high standards of privacy, security, transparency, and accountability regarding data collection and use.

It’s high time for the Student and Educator Data Privacy Act to get us there.

Kate Lipper-Garabedian and Jeff Roy are state representatives from Melrose and Franklin, respectively.