More privacy protections proposed for data from school-issued tech devices

The start of a school year used to mean new pencils and notebooks. Now it often means a new electronic notebook or tablet issued by a school.

That’s a great advance in education, Rep. Eric Lucero (R-Dayton) told a House division Thursday, but the private student data on these internet-connected devices can be hacked and used inappropriately.

He sponsors HF1821, which would put additional privacy protections on educational data collected by technology companies that contract with schools to issue laptops and tablets for student use.

“This bill ensures that parents have authority over their students’ private data,” Lucero told the House Judiciary Finance and Civil Law Division.

The division approved the bill, as amended, and referred it to the House Education Policy Committee. Sen. Bruce Anderson (R-Buffalo Township) sponsors a companion, SF2291, which awaits action by the Senate Judiciary and Public Safety Finance and Policy Committee.

The bill would affect both public and private K-12 schools, but not post-secondary schools such as universities and colleges. Home schools would not be affected by the bill.

“There is growing bipartisan consensus that we need to bring our digital privacy laws into the 21st century,” said Julia Decker, policy director of the American Civil Liberties Union-Minnesota.

“Sensitive personal information about students that used to exist on paper, locked away in the principal’s office, is now being uploaded onto third-party cloud-based servers,” she said.

The newest electronic devices can track a student’s location, transmit a student’s web browsing history, or even remotely activate a webcam, she said.

HF1821 would prohibit “technology providers” from selling or disseminating educational data, and prohibit them from using the educational data for any commercial purposes, such as marketing or advertising to a student or parent.

As defined by the bill, “technology providers” are companies that contract with schools to issue technological devices (laptops, electronic notebooks, tablets, etc.) for student use and that receive educational data as a result of that contract.

The bill would also prohibit a government entity or technology provider from accessing or monitoring a student’s school-issued device, with certain exceptions.

Exceptions would include if the school has acquired a judicial warrant for that purpose, or if “the activity is necessary to respond to an imminent threat to life or safety and the access is limited to that purpose.”

Tracy Brovold, director of educational technology and information systems for Mankato Area Public Schools, expressed concern about provisions that would permit parents to opt out of any program or activity that accesses a student’s educational data.

That would cause difficulties for school administrators to schedule activities for students, run report cards, send out e-mail notices to parents, and report data to the Department of Education as required by law, she said.