Ed Tech Spike Catches the Eye of Regulators
At the federal level, there is also heightened activity. The Federal Trade Commission (FTC) and the Department of Education (ED) recently held a joint workshop on December 1, 2017 focusing on Student Privacy and Ed Tech. Both the FTC and ED acknowledged that these technologies have tremendous potential, while this transformation in Ed Tech has raised questions about how the Rule implementing the Children’s Online Privacy Protection Act (COPPA) applies in the school context, and how it intersects with the Family Educational Rights and Privacy Act (FERPA). The workshop was intended to gather information to help clarify how the FTC and ED can ensure that student privacy is appropriately protected without interfering with the promise of Ed Tech. This workshop convened representatives from parent groups, school associations, Ed tech providers and regulators to discuss a variety of issues related to the intersection of COPPA and FERPA.
Some of the key themes discussed at the workshop and included in written comments were the need for greater clarity from the regulators and modernization of the laws. The groups voiced concerns that certain definitions need to be clearer. Specifically, further guidance is requested from the FTC concerning the definitions of “educational purpose” and “other commercial purposes” in COPPA. From ED, further clarification was requested concerning the definition of “education record” in FERPA and whether or not that includes product improvement/adaptation by Ed Tech providers. The Ed Tech community, in particular, would like to better understand when do they need to obtain consent from parents as mandated by COPPA versus when the School Official Exception under FERPA is sufficient to cover their use of student data for product implementation and further development. For background, the “School Official Exception” in FERPA provides an exception from the consent requirement normally required from the parent/student; However the exception applies only if the information is needed for an educational purpose of the specific school. Both the FTC and ED didn’t provide any timeline for upcoming actions or guidance but indicated that they would take into consideration the comments received and determine next steps. Stay tuned for more from these regulators.
As we mentioned, there is explosive growth in regulation, and below is a brief summary of the state and federal laws in these areas and some recommended next steps.
Numerous other states including Arizona, Colorado, Georgia, Idaho, Illinois, Louisiana, Maine, Nebraska, New York, Oklahoma, Rhode Island, Texas, Virginia, Washington D.C., and West Virginia, have laws that address student data privacy. Notable trends in state student privacy laws include guaranteeing access to data, regulating service providers, data breach response requirements, and restrictions on nonacademic data such as biometrics, socio economic information and surveys for nonacademic purposes.
Clients can proactively develop compliance programs taking into consideration state and federal law requirements. We can help with all your compliance efforts and will be sure to keep up-to-date of legal developments regarding student data privacy.
Arent Fox’s Privacy, Cybersecurity & Data Protection and Nonprofit groups monitor issues concerning student data privacy, and the Government Relations group tracks and assists clients with legislative efforts. For more information, please contact Donna McPartland, Alex Manning, or the Arent Fox professional who regularly handles your matters.