Mary Byrne’s letter to US Education Department regarding information collection under FERPA

This is a response to ED’s questions regarding the proposed extension of a currently approved information collection under the Family Educational Rights and Privacy Act (FERPA) as posed in the Federal Register, January 5, 2021:

(1) Is this collection necessary to the proper functions of the Department?

No. Despite the fact there is no Constitutional authority for a federal department of education, Congress justified creating the Department in “Department of Education Organization Act” (1979) as promoting “the general welfare of the United States.” That same act stated in Sec. 101 (3) parents have the primary responsibility for the education of their children, and States, localities, and private institutions have the primary responsibility for supporting that parental role; (4) in our Federal system, the primary public responsibility for education is reserved respectively to the States and the local school systems and other instrumentalities of the States.” ED is not authorized by the U.S. Constitution or the Act establishing its existence to collect Personally Identifiable Information (PII) of individual students for the “general welfare” of the United States. Furthermore, it has no need to do so as explained in an ACLU letter to ED dated May 23, 2011 stating aggregated data allows for accountability while protecting student privacy. In sum, aggregated data is sufficient for the purposes of a national level ED.

Overreach of the federal government in monitoring the education activities of individual students was supposed to be limited by the Family Educational Rights and Privacy Act of 1974 (FERPA). Two purposes of FERPA were to protect students’ PII and allow parents to access their children’s education records. In 2008, however, President G.W. Bush’s administration quietly rewrote the regulations governing FERPA to allow states, school districts, and schools to share students’ PII with any third party company from school records without parent consent. A simple change of the definition for “school official” enabled non-employees of the district to access students’ private information. Then, in 2011, FERPA regulations promulgated by the Obama administration further weakened PII protections by greatly expanding the universe of individuals and entities who have access to the student data (including prospective employers), broadening the definition of programs that might generate data subject to this access, and by eliminating the requirement of express legal authority for certain governmental activities.

The proper function of the Department as described in its founding statute does not include data collection and access to student data by non-governmental entities through processes that circumvent parents’ informed consent.

(2) Will this information be processed and used in a timely manner? (3) Is the estimate of burden accurate? (4) How might the Department enhance the quality, utility, and clarity of the information to be collected?

These questions control the narrative about PII protections, and assume that only enhancement of currently collected information (as endorsed by Big Tech-funded organizations such as Data Quality Campaign) is necessary. ED asks how it should “enhance” its current data collection activities rather how it should enhance PII protections demonstrates an ongoing lack of responsiveness to Americans’ concerns about Big Tech’s control of federal policies. This question assumes continuance of the status quo that is not consistent with the constitutional purpose of the federal government which is to protect individual rights – including the right to privacy as implied in the 14 Amendment.

Unfortunately, these questions continue a pattern of powerful influences to thwart attempts of lawmakers to update—or totally overhaul FERPA, to increase PII protections. In 2015, Senators Edward Markey (D-Mass.) and Orrin Hatch (R-Utah) reintroduced their 2014 “Protecting Student Privacy Act.” The bill would have prohibited the use of students’ personally identifiable information for advertising and marketing purposes and minimize the amount of such information that is transferred from schools to private companies, among other changes.

That same year, Senator David Vitter filed his “Student Privacy Protection Act” that would have expanded the types of student information covered under FERPA, require educational institutions to obtain prior consent from parents before sharing that information with third parties, outlaw a host of data-sharing practices that have become commonplace over the past decade, and require educational agencies and private actors who violate FERPA to pay cash penalties to individual families. Consistent with the role and authority of parents over children’s education as described in the “Department of Education Organization Act,” Vitter said, “Parents are right to feel betrayed when schools collect and release information about their kids. This is real, sensitive information —and it doesn’t belong to some bureaucrat in Washington D.C. We need to make sure that parents and students have complete control over their own information.” Regrettably, the questions posed above demonstrate that protecting the rights of individual students and their families is not the priority of the Department. ED’s questions imply ED is only interested in enhancing the violations to personal privacy conducted under the current iteration of FERPA.

(5) How might the Department minimize the burden of this collection on the respondents, including through the use of information technology?

Again, the assumption of the question is that the privacy of individuals is subordinate to the goals of Big Tech. The question should be stated in a manner that reduces the burden of individuals to protect their PII from agencies such as ED, rather than enhance the collection of PII using information technology for the convenience of unidentified third parties.

This entry was posted in Education policy, FERPA, Mary Byrne, privacy. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *