|Synopsis of Original Bill:|
|The Student Data Privacy Protection Act will enable students and educators in Delaware public schools to use technology to enhance student educational opportunities without compromising the privacy and security of student data. According to a recent survey of parental attitudes toward educational technology published American Public Media, an overwhelming majority of parents are concerned about the security and privacy of their children's data, how that data is collected and used, and access advertisers will have to children using educational technology.|
Modeled after California’s groundbreaking Student Online Personal Information Privacy Act, the Student Data Privacy Protection Act prohibits education technology service providers, primarily operators of Internet websites, online or cloud computing services, mobile service, and mobile applications used for K-12 school purposes, from selling student data, using student data to engage in targeted advertising to students or their families, amassing a profile on students to be used for non-educational purposes, or disclosing student data except as permitted by the Act. The Act also requires education technology service providers to have reasonable procedures and practices for ensuring the security of student data they collect or maintain, protecting that student data from unauthorized access, destruction, use, modification, or disclosure, and deleting the student data if appropriately requested to do so by a school or school district.
The Act also establishes a Student Data Privacy Task Force to study and make findings and recommendations regarding the development and implementation of a comprehensive framework to govern the privacy, protection, accessibility, and use of student data at all levels of the State’s public education system.
The Act gives the Consumer Protection Unit of the Department of Justice the authority to investigate and prosecute violations of the Act.
The Act exempts any projects relating to student data privacy and security approved under the Department of Education’s existing education record privacy regulation prior to the effective date of the Act.
The Act provides that its provisions are severable.
The Act provides that Section 1 will become effective on August 1 the first full year following the Act’s enactment into law, while the remaining sections of the Act will become effective immediately upon the Act’s enactment into law.
The Act is substituted for Senate Bill No. 79 and differs from Senate Bill No. 79 by (1) creating a new chapter in Title 14 of the Delaware Code creating the “Student Data Privacy Protection Act”; (2) deleting provisions addressing data security and privacy responsibilities of the Department of Education in favor of establishing the Student Data Privacy Task Force to study and report on those issues as part of a comprehensive evaluation of student data privacy and security within the State’s public education system; (3) clarifying that an operator’s security and privacy procedures must comply with certain terms and conditions required by the Department of Technology and Information for all state online and cloud computing service contracts involving non-public data; (4) clarifying the circumstances under which an operator can use student data for adaptive learning or customized student learning; (5) giving the Department of Justice’s Consumer Protection Unit the authority to investigate and prosecute violations of the Act by operators; (6) making the Act’s provisions severable; (7) setting different effective dates for Section 1 versus the remaining sections of the Act; (8) revising, adding, and deleting certain definitions; and (9) correcting minor typographical errors.