Over the past four years, student data privacy has been a hot topic for state legislators. In 2013 there was only one state bill explicitly focused on student data privacy. Since then there have been over 500! In 2017 alone, 93 bills (more than half of the education data legislation states introduced) and 18 new laws addressed student data privacy. This year’s education privacy legislation touched on several big-picture questions—some new and some more familiar—including how online service providers can use data, how recent privacy laws can be updated and improved, and how parents and teachers can have access to the data they need. Here’s a look at how states addressed these questions this year.

How can or should online service providers use data?

This question of how online service providers should be allowed to use data has spawned an enormous amount of attention and legislation in the past few years. States want to take advantage of the incredible opportunities that online edtech provides for personalized learning, communicating with students and families, and streamlining administrative tasks; but they don’t want to compromise student privacy.

One of the most commonly adopted legislative models over the past few years has come from California. In 2014, the state passed a law called the Student Online Personal Information Protection Act (SOPIPA) which prohibits online service providers from using student data for commercial or secondary purposes but allows them to use data to personalize learning. Since 2014, 21 states have passed laws based on the SOPIPA model to govern education service providers’ use of education data. In 2017, 32 bills were introduced to govern the behavior of service providers—16 of which were based on SOPIPA. Five of those SOPIPA-inspired bills became law in Arizona, Illinois, Maine, Nebraska, and Texas.

How can existing privacy laws be improved, updated, or implemented better?

Since 2014 41 states and the District of Columbia have passed 94 student data privacy laws. As these laws go into effect, state legislators continue to develop new ideas about how the law could be improved, updated, or better implemented. This year 27 bills were introduced to amend recently passed student data privacy laws, highlighting that privacy isn’t a one-and-done exercise—states have to keep revisiting, updating, and improving their protections.

How can laws empower parents and teachers with meaningful access to data?

Protecting student data privacy is a critical part of using data to support student learning, but it is just as important that the people closest to students, like parents and teachers, have meaningful and appropriate access to the data they need to help students succeed. However this year, only six bills were considered (and only one law was passed in Virginia) to provide parents and teachers with this access. Much more work must be done to put data in the hands of those who can support student learning.

What’s Next?

The last few years have been a whirlwind on the education data front and states have made enormous progress in keeping student data safe. In the future, they can make sure that privacy protections are complemented by smart data use policies to ensure data is used to support student learning and that teachers have the training and skills they need to use data well.

To learn about more highlights and trends from last year’s education data legislation, please visit https://dataqualitycampaign.org/resource/2017-education-data-legislation/.