Leonie Haimson, executive director of Class Size Matters and co-founder of the national Parent Coalition for Student Privacy (and a member of the board of the Network for Public Education) writes here about the threat to student privacy in New York.

The New York Board of Regents is currently considering whether to approve a radical weakening of the state student privacy law, which would allow the College Board, the ACT and other companies that contract with schools or districts to administer tests to use the personal student information they collect for marketing purposes — even though the original New York law that was passed in 2014 explicitly barred the sale or commercial use of this data.

Starting in 2014, many states, including New York, approved legislation to strengthen the protection of student privacy, because of a growing realization on the part of parents that their children’s personal data was being shared by schools and districts with a wide variety of private companies and organizations without their knowledge or consent. The U.S. Department of Education had weakened the federal student privacy law known as FERPA (Family Educational Rights and Privacy Act) twice over the past decade, rewriting the regulations during the Bush and Obama administrations to allow for nonconsensual disclosures for different purposes.

At that time, few parents knew that federal law had been altered to allow their children’s information from being passed into private hands. Then controversy erupted over the plans of nine states and districts to share personal student data with a comprehensive databank called inBloom, developed with more than $100 million of funding from the Gates Foundation.

InBloom Inc. was designed to collect a wide variety of personal student data and share it with for-profit vendors to accelerate the development and marketing of the education technology industry to facilitate the adoption of online instruction and assessment. As a result of widespread parental activism and concerns, all nine states and districts that had originally intended to participate in the inBloom data-sharing plan pulled out, and 99 new state student privacy laws were passed across the country between 2014 and 2018.

New York was one of the first to pass a new student privacy law. In March 2014, the state legislature approved Education Laws §2-c and §2-d, which among other things, prohibited the state from sharing student data with inBloom or another comprehensive databank, and also regulated the way schools and vendors must secure student data, including imposing a complete ban on the sale of personal student information or its use for marketing purposes….

Yet to the frustration of many parents and privacy advocates, it would be nearly five years before New York State Education Department drafted any regulations to implement its 2014 student privacy law. In October 2018, the Education Department finally released proposed regulations for public comment. In March 2018, the Parent Coalition for Student Privacy, along with the statewide coalition New York State Allies for Public Education, submitted recommendations on how to strengthen and clarify those regulations, as did more than 240 parents and privacy advocates.

Yet after the initial period of public comment had ended, instead of strengthening the regulations, the state Education Department gutted them, and now proposed allowing student data to be used for commercial purposes as long as there was parental “consent” — a huge loophole that would create the opportunity for districts, schools and vendors to misuse this data in myriad ways.

Do you think it is okay to sell students’ personal data to marketers and vendors?