In case you missed it, the Department a of Education (ED) and the Federal Trade Commission (FTC) are hosting a workshop on December 1 to examine what they call the “intersection” of the Children’s Online Privacy Protection Act (COPPA) and the Family Educational Rights and Privacy Act (FERPA). The overall goal is “to gather information to help clarify how the FTC and ED can ensure that student privacy is properly protected without interfering with the promise of Ed Tech.”
COPPA went into effect in April 2000 and is under the jurisdiction of the FTC. It was a response to the widespread use of online marketing techniques in the 1990s that were targeting children. Any web site that collects information from children under the age of 13 must abide by COPPA. It’s prime requirement centers on requiring parental notification and consent for the collection or use of any personal information of any user under the age of 13.
So, what does that have to do with you and your school business? Imagine having to get parental consent for each new education product you sell to schools that even incidentally collects student personal information. Recognizing the nature of that challenge, the FTC has explained that schools can act as the parents’ agent for purposes of providing consent to providers.
School actions with regard to the privacy of student education records are governed by FERPA which was passed in 1974, long before technology became a given in America’s K-12 schools. In 2011 and again in 2014, the Department of Education issued guidance for FERPA that sought to clarify its requirements. In the 2014 guidance, the Department explained that the FERPA prohibition on disclosure of student data without written parental consent does not preclude the use of ed tech products in the classroom, provided that schools follow the requirements of the “School Official Exception.” Anyone who has followed the last two years of debate and legislation around student data privacy knows that the school official exception is itself subject to a large amount of interpretation.
Noting that while both ED and the FTC have been providing guidance on these less than black and white intersectional issues for several years, both agencies now “believe that further public discussion of this topic would be beneficial.” The agencies have outlined a set of questions that they hope to address and invited public comment through Nov 17. The Web-based comment form can be found at: https://ftcpublic.commentworks.com/ftc/studentprivacyedtechworkshop/
I have no reason to believe that this is anything but a sincere effort to gather public input and examine the issues in order to make it easier for schools to feel secure about the procedures they have in place and assure parents that their children’s privacy is being safeguarded. Nevertheless, the effort should be watched closely. Several of the student privacy bills that never made it through the last session of Congress are likely to be reintroduced before too long. But given the current state of Congressional dysfunction, I don’t expect too much to happen on that front – unless they give up on all the other issues they are facing. It is possible, however, that either the Department of Education or the FTC, alone or jointly, could issue new guidance that attempts to make some of the gray areas around parental consent clearer. The Department of Education may also be hoping to hear a variety of perspectives in case it decides to issue new FERPA guidance. And that’s all fine as long as all sides have been listened to and the end result doesn’t impede legitimate use of technology-based resources in the classroom. Think about making your voice heard.