Student Privacy In Online Educational Services

LR-Digital-GlobeThe commercial use of data mined by providers of online educational services, such as Internet homework portals, digital grade books for teachers, and student e-mail programs, continues to be a hot topic on numerous fronts.  On February 26, 2015, the United States Department of Education issued guidance entitled “Protecting Student Privacy While Using Online Educational Services:  Model Terms of Service.”  This guidance is intended to further assist schools and districts in implementing its prior, February 2014 guidance entitled “Protecting Student Privacy While Using Online Educational Services:  Requirements and Best Practices.”  The new guidance examines the use of Terms of Service [“TOS”] agreements by online educational services providers and offers school officials tools that are designed to assist them in identifying which providers offer strong data privacy policies and protections.  The guidance identifies and explains commonly used privacy provisions in TOS agreements, and offers examples of terms that meet best practices, as well as those that schools should deem unacceptable and decline to accept.

More recently, the New York Times reported on March 22, 2015 that Congressmen Jared Polis of Colorado and Luke Messer of Indiana were planning on introducing legislation designed to protect the privacy of students who utilize these online education services.  The draft bill, entitled the Student Digital Privacy and Parental Rights Act, prohibits online educational service providers from intentionally using or disclosing students’ personal information to tailor advertising or create marketing profiles.  While the legislation was reportedly to be introduced on March 23, 2015, it has apparently been delayed pending review and amendment in response to criticism that the bill does not do enough to protect student privacy.

Representatives Polis and Messer had previously prevailed upon school service providers to develop and adhere to a Student Privacy Pledge.  That pledge purportedly holds providers accountable to:

  • Not sell student information
  • Not behaviorally target advertising
  • Use data for authorized education purposes only
  • Not change privacy policies without notice and choice
  • Enforce strict limits on data retention
  • Support parental access to, and correction of errors in, their children’s information
  • Provide comprehensive security standards
  • Be transparent about collection and use of data

While 127 companies have signed the pledge to date, the push for legislation will no doubt continue as concerns over the commercial use of student personal data grows.