Student data privacy was the center of attention in 2018 because student data privacy consists of the collection, usage, handling, and governance of student's personally identifiable information (PII). This includes any and all information that can be used to identify, locate or contact an individual student like name, address, and student ID. It also made its foray in the European Union’s (EU) General Data Protection Regulation (GDPR). The Parent Coalition for Student Privacy passed approximately 117 bills and 22 new laws. 43 states have decreed foundational student data privacy legislation and allowed modification of existing laws including data protection obligations for third-party providers.
Industry and education institutions realized the fact that they have to work towards data privacy and there are no shortcuts. Meanwhile, the Facebook Cambridge Analytica scandal led to the largest EU data protection authority investigation to date. The Federal Trade Commission (FTC) and the U.S. Department of Education were asked a lot of questions regarding their efforts on enforcing existing privacy regulations.
The demand for federal privacy legislation is also on the rise. A lot of political parties and companies including Intel proposed general consumer privacy legislation or frameworks for legislation. The legislators’ focus on general consumer privacy quickly raises the concern of privacy of young people. The best way to protect data is not to collect it in the first place. According to the Children’s Online Privacy Protection Act (COPPA) and GDPR, data minimization is a fundamental privacy concept. One of the acts, namely The Family Educational Rights and Privacy Act (FERPA) demands school officials to collect data in which they have legitimate educational interest. Data minimization will be the foundation of privacy legislation in 2019.
The states that ignored data privacy legislation in the past will participate this year. Meanwhile, other states will continue to refine their existing laws. The Federal Trade Commission (FTC) has faced some tough questions regarding its bandwidth for enforcement of consumer privacy laws. Also, the education department has ramped up FERPA enforcement.
Amid these developments, edtech companies and educational institutions must prioritize their foundational privacy and security responsibilities. They must focus on privacy by design and security fundamentals including data minimization.