You have /5 articles left.
Sign up for a free account or log in.
President Obama's announcement at the F.T.C. this week that he will propose a new student data privacy bill is exciting news. For years, privacy advocates, school officials, parents, students, and others have stressed the need for student data to have the appropriate protections and backing against companies’ elusive terms that enable the use of this data for commercial gain. Now, to have the President of the United States stand behind education in one of its greatest stress points -- management of student privacy in general and FERPA in particular -- reminds us of the leadership that even a President challenged by an oppositional Congress can exercise.
As education stakeholders and government officials debate the specifics, a few significant points made in this announcement should be given further consideration.
First, it seems to suggest that existing law, FERPA, is insufficient to address the privacy issues that this legislation is designed to address such as vendor data mining of education records for business purposes or sale of that data to third parties. In fact, FERPA does prohibit the use of such data on the part of vendors already. Where it is weak is in enforcement. With no private right of action, the consequences fall entirely to the school district, college or university. The student must look elsewhere in less clearly defined law, such as negligence, or more elusive Constitutional law, such as a "right of data privacy," for personal redress. The nuclear option -- the Department of Education’s ability to eliminate federal funds -- is scary in theory but unworkable in practice. As most know, in the over forty years since its promulgation, such a fate has never befallen a college or university.
Second, the oft-quoted "sale of student data to third parties" might sidestep another great offense involving use of education records: profiling. Companies such as Google do not sell the information that it mines; it uses that data for its own core business purposes of targeted marketing, advertising, or other commercial incentives. No doubt, sale of personally identifiable information in the consumer arena is one of the most common and egregious of business practices in the global information economy. Student information is particularly problematic because it violates existing law (FERPA) and because no one can predict to what uses that data will be made in the future of a student's long life. In particular, one could see how sensitive information collected (gender, class, race, ethnicity) could be used down the road for unforeseen purposes. But the main point is this: it is not just sale but the use to which the company doing the mining will make of the data that must be included in the scope of the proposed legislation.
The third is the most important point, however: it would appear that in reflecting the California law onto a federal proposal, President Obama is excluding higher education. That is a serious oversight. FERPA protects higher education just as much as it protects the K-12 sector. If new legislation must be made to reinforce the intent of that existing law, there is no reason why higher education should excluded. College students require privacy just as much as students in elementary and secondary education. Indeed, because college is precisely when and where so many young people begin the process of self-discovery, personal expression and the exercise of citizenship rights in civil society, a very strong argument for privacy of college students could and should be made.
Perhaps this is a fine point that a press release is not equipped to capture. Maybe President Obama intends drafters to include higher education. But if this literal interpretation of the California law does define the proposed federal legislation, then higher education must act clearly and quickly to be sure that it is included in this important new presidential initiative. Transparency of technological and business practices, a level playing field for vendors, and robust notice and consent belongs to everybody. Existing law already makes it a requirement for education records and student data.
