Policy

California DOJ Warns Ed Tech Companies to Only Collect Necessary Student Data

• By Sri Ravipati
• 11/04/16

The California Department of Justice is urging education technology companies to abide by the state’s privacy laws and be cautious with data mining. California Attorney General Kamala Harris earlier this week released “Ready for School: Recommendations for the Ed Tech Industry to Protect the Privacy of Student Data,” a report outlining best practices for ed tech companies operating in the Golden State.

In California, it is illegal for third-party providers to collect and sell student information obtained through services with schools and districts (as outlined in AB 1584), or to use the information to market products to students (SB 1177). Harris encourages companies not to collect student information beyond what is necessary to accomplish the educational goals set forth by the school. Additionally, she strongly recommends that companies not sell student information, except as part of an acquisition or merger.

Other key recommendations offered in the report include:

• Minimizing data collection and data retention and using data for strictly educational purposes;
• Keeping contractual commitments to not disclose or sell student information;
• Establishing policies that enable parents and legal guardians to fully understand how collected student data is used and maintained; and
• Implementing security measures to protect student information.

To develop these recommendations and others, Harris created the Privacy Enforcement and Protection Unit. The unit consulted “a wide range of stakeholders including the Ed Tech industry, educators and privacy and consumer advocates,” the report states.  

“Organizations that make use of student data must take every step possible to be transparent with parents and schools and to protect student privacy,” Harris wrote in the report. “As the devices we use each day become increasingly connected, it’s critical that we implement robust safeguards for what is collected, how it is used, and with whom it is shared."

In addition, the state attorney general’s office created an online complaint form for the public to report any online services or mobile applications that violate the California Online Privacy Protection Act, which includes ed tech products and services.

The full report is available on the California Department of Justice site.