Legislative Analysis

American Privacy Rights Act Redline

American Privacy Rights Act (APRA) Redline Official version posted to Congress.gov on 6/25/2024. Changes from this draft are in purple (note different color codes in the COPPA 2.0 section). Small changes that do not have an impact (likely or substantive) on the bill may not be included as purple below, but we erred on the side of caution and colored most changes. Blue text is from amendments and cuts to the version circulated June 22, 2024 linked here. Black text below struck through is from cuts to the version circulated May 22, 2024 linked here from the version circulated on […]

American Privacy Rights Act Redline Read More »

American Privacy Rights Act Redline – June 22

American Privacy Rights Act (APRA) Redline Redline based on Punchbowl-circulated version received by PIPC on 6/20/2024. Changes from this draft are in blue (note different color codes in the COPPA 2.0 section). Small changes that do not have an impact (likely or substantive) on the bill may not be included as blue below, but we erred on the side of caution and colored most changes. Black text below struck through is from cuts to the version circulated May 22, 2024 linked here from the version circulated on April 7, 2024 linked here. Want more colors to see which changes were made when to

American Privacy Rights Act Redline – June 22 Read More »

Well-Designed Student Privacy Bills

The Pillars of Well-Designed Student Privacy Legislation June 2024 Jessica Arciniega, Katherine Kalpos, Morgan Sexton, and Amelia Vance   CC BY-NC 4.0 Introduction A previous wave of state student privacy bills arose Over a decade ago, a wave of state student privacy bills arose on the heels of high-profile data breaches and growing concerns about privacy in general. In 2014, 36 states introduced 110 student privacy bills, with a high-water mark of 180 student privacy bills introduced in 49 states in 2015.1 Since then, over a thousand student privacy bills have been introduced in all 50 states, 146 passing into

Well-Designed Student Privacy Bills Read More »

Fixing FERPA: Strengthening Transparency & Confidence in FERPA Enforcement

Strengthening Transparency & Confidence in FERPA Enforcement June 2024 Jessica Arciniega, Katherine Kalpos, Morgan Sexton, Amelia Vance, and Casey Waughn   CC BY-NC 4.0 There is a pervasive myth among stakeholders concerned about student privacy that FERPA is not enforced––that it is toothless. This misconception stems from a lack of public transparency throughout the whole FERPA enforcement process at the Department of Education (USED). The public-facing parts of USED’s FERPA enforcement portray FERPA enforcement as weak, specifically due to the low number of punitive enforcement decisions and past systematic problems detailed in a 2018 USED Office of Inspector General (OIG)

Fixing FERPA: Strengthening Transparency & Confidence in FERPA Enforcement Read More »

Fixing FERPA: Increasing Transparency to Make FERPA’s Privacy Protections More Meaningful

Increasing Transparency to Make FERPA’s Privacy Protections More Meaningful June 2024 Katherine Kalpos, Morgan Sexton, Amelia Vance, and Casey Waughn   CC BY-NC 4.0 Schools must communicate about their data collection and privacy policies so that parents and eligible students can effectively exercise their FERPA rights to access, amend, and request deletion of personally identifiable information (PII) in education records. But in their efforts to be more transparent, schools should strive to provide clarity rather than simply providing more information. Transparency does not require (and should not equate to) information overload. While FERPA provides a good starting point toward transparency

Fixing FERPA: Increasing Transparency to Make FERPA’s Privacy Protections More Meaningful Read More »

Fixing FERPA: Enhancing EdTech Accountability

Enhancing EdTech Accountability June 2024 Katherine Kalpos, Morgan Sexton, Amelia Vance, and Casey Waughn   CC BY-NC 4.0 Sharing student data with a 4th grade teacher, Mr. Stevens, so he can tailor his lesson plans for the upcoming school year? Use the school official exception. Sharing student data with an edtech company to create student profiles on a new app that customizes lessons based on students’ strengths and weaknesses? Use the school official exception. Although it may seem counterintuitive, schools must use the same exception to FERPA’s consent requirement in order to share student data with teachers and with edtech

Fixing FERPA: Enhancing EdTech Accountability Read More »

Fixing FERPA: Distinguishing Between Core & Secondary Technology Uses

Distinguishing Between Core & Secondary Technology Uses June 2024 Katherine Kalpos, Morgan Sexton, Amelia Vance, and Casey Waughn   CC BY-NC 4.0 Schools use technology to take attendance to ensure they create accurate records of which students are present, and FERPA protects this personally identifiable information (PII). Students might wear heart monitors as part of gym class, which also creates PII. FERPA protects this very different type of PII in the same way and to the same degree that it protects attendance data. A fundamental problem with FERPA is that it includes all-or-nothing protections for data regardless of why the

Fixing FERPA: Distinguishing Between Core & Secondary Technology Uses Read More »

Fixing FERPA: Clarifying Data Sharing Through a Defined Pedagogical Exception

Clarifying Data Sharing Through a Defined Pedagogical Exception June 2024 Katherine Kalpos, Morgan Sexton, Amelia Vance, and Casey Waughn   CC BY-NC 4.0 A second-grade teacher, Ms. Montana, is teaching her class about multiplication. She writes “2 x 3 = _” on the board and asks if anyone would like to come forward and write the answer. When a student raises his hand, Ms. Montana says, “Yes, Jackson, come on up.” Jackson walks to the board, writes the number “6”, and goes back to his seat. Ms. Montana congratulates him on getting the correct answer and continues the lesson. Sounds

Fixing FERPA: Clarifying Data Sharing Through a Defined Pedagogical Exception Read More »

Fixing FERPA

Did you know that the Family Educational Rights and Privacy Act (FERPA), a student privacy law that has been around for nearly 50 years, was influenced by the rise of computers? Did you know that FERPA restricts educational apps from using student’s personally identifiable information for anything other than the educational purpose approved by the school? Did you know that, contrary to popular belief, FERPA is continuously and actively enforced by the U.S. Department of Education? Despite its continued applicability and relevance in today’s data-driven education landscape, FERPA is often criticized as outdated and insufficient. But the prevalence of inaccurate

Fixing FERPA Read More »

Comparing Provisions in KOSMA and KOSA

Comparing Provisions in KOSMA and KOSA The Kids Off Social Media Act (KOSMA) and the Kids Online Safety Act (KOSA) are progressing through Congress, both with the shared objective of protecting children online. KOSA attempts to achieve this goal with broad requirements that are aimed at making the platforms minors use safer. KOSMA, on the other hand, aims to protect children from social media in two main ways: Prohibiting minors under age 13 from creating or maintaining social media accounts Prohibiting social media companies from targeted content to to minors using algorithms Requiring schools to block and filter social media

Comparing Provisions in KOSMA and KOSA Read More »