FPF’s Amelia Vance on the Future of Student Privacy


Amelia Vance, Policy Counsel and Director of the FPF Education Privacy Project, is one of the foremost experts in the nation on education privacy. She has a knack for making complex regulations and technical trends accessible to individuals who are not lawyers or computer scientists, but who care deeply about student privacy – school administrators, parents, students, and others. This skill is very much in demand; whether testifying before Congress or sharing her expertise at conferences across the country, Amelia has been a valuable resource for anyone who wants to understand how federal and state laws impact data practices in the classroom. In this installment of our 10th anniversary series, Amelia discusses FPF’s work in education, the current student privacy landscape, and the debates of the future.

Why do you like working on student privacy?

Student privacy is a microcosm of every privacy issue out there, except we’re talking about kids, which makes things so much more sensitive. FPF works on algorithms and ethics, health privacy, research privacy, IOT, online trackers – which are all part of the student privacy landscape. And because children are recognized – both legally and developmentally – as especially vulnerable, any privacy discussions must be nuanced and thoughtful because getting it wrong means you can end up derailing a child’s future. Student privacy requires not only legal expertise, but also the ability to put yourself in the shoes of a parent, a teacher, an edtech company, or other stakeholders so you can figure out their concerns and how to best respond to them. Framing the conversation correctly is just as important as getting the policies right.

What sort of work has FPF done on education privacy over the past 10 years? What challenges have arisen during that time?

FPF kicked off its education privacy program in 2014 with the launch of the Student Privacy Pledge. That year, over 100 student privacy bills were introduced in 39 states; the prior year, only one student privacy law had passed. This flurry of legislation highlighted a major gap in law and resources on this issue; the federal student privacy law, FERPA, was passed in 1974, and if you get 15 FERPA experts in a room, they’ll come up with 16 interpretations of any provision. The new state laws were creating mandates for states, districts, and companies without providing the resources and training necessary to implement the laws with fidelity. FPF decided to step in and worked with partners like the Data Quality Campaign, the Software and Information Industry Association (SIIA), ConnectSafely, and the National PTA to create actionable resources for different audiences.

The Student Privacy Pledge has been one of our most successful projects. Co-founded with SIIA, the Pledge is a Federal Trade Commission-enforceable code of conduct for edtech vendors. Now with nearly 330 companies as signatories, the Pledge was designed to both raise awareness of best practices and facilitate their implementation.

We are also particularly proud of FERPAǀSherpa, the student privacy resources website. Whether you’re a student, parent, educator, administrator, policymaker, or higher education staffer, we hope to make the vast student privacy landscape more understandable. The explosion in state privacy laws has made this a challenge, but it’s one we embrace. My primary goal is that everything we release be useful and move the student privacy conversation forward.

What should our readers know about the current student privacy landscape?

39 states and DC have passed 125 new laws since 2013, so right now most stakeholders are focused on implementation and seeing how these laws play out on the ground. There are now 450+ resources on student privacy to help stakeholders on the issue, but few state legislatures provide funding and training to districts and state education agencies to implement student privacy best practices. We have also seen many unintended consequences play out over the past few years. It is unfortunately easy to mess this up – for example, a complete ban on selling student data can result in banning school pictures! One state’s law made parents opt into almost all data sharing and caused some schools to stop announcing football players’ names, hanging student artwork in the hallways, and even referring some students to the state scholarship fund. It’s easy to get lost in sensationalism and misunderstandings when discussing issues that affect children; our work injects nuance and informed analysis into the public debate.

What about the next 10 years? What privacy challenges can we expect to emerge in this space?

Now that most of the new student privacy laws have been in place for a couple years, we are likely to start seeing enforcement actions – which, in some states, could mean jail time. There are fewer big student privacy bills being introduced in states at this point, but we’re seeing more legislation with idiosyncratic student privacy requirements that could trip up schools or edtech companies. We also see legislation that should have privacy requirements but doesn’t – that’s a big issue with school safety legislation! We’re also likely to see a re-write of FERPA pass in Congress at some point in the next five years. Finally, as we’ve seen over the past year, the privacy conversation has now spread past education into the general news; this means edtech companies will have to attempt to reconcile the burgeoning universe of consumer privacy law with parallel developments in education. There will likely be times when legal obligations conflict, and it will be interesting to see how well legislators take the lessons learned from student privacy laws to avoid unintended consequences in general consumer privacy laws.