Please ask your legislator to sponsor this bill, and contact Last Tree Laws to do so. Except for the embarrassment of a compromising photo, students hardly realize the risk of sharing everything online, of online propaganda, the influence of advertising, of manipulation, the risk of blackmail or just general creepiness. At Lower Merion School District in Pennsylvania, students were observed by webcam at home, and chat logs and websites visited were also monitored. Data can also be collected and sold by technology companies, stolen by hackers, added to a government profile, and provide information on family, neighbors, and friends.
The following is based on suggestions provided by the Electronic Frontier Foundation, including the concept that parents and students should be allowed to opt out of technology. Politicians will not be game to restrict tech due to the financial influences, and so support from citizens is needed to persuade politicians.
Bill Summary (Text further below):
NOTE--UPDATING TODAY TO FINAL VERSION
AN ACT SUPPORTING SCHOOL PRIVACY & SAFER TECHNOLOGY
SECTION 1. Section 1I of chapter 69 of the General Laws, as appearing in Title XII of Part I the 2017 Official Edition, is hereby amended by striking out paragraphs five and inserting in place thereof the following paragraph:-
The commissioner is authorized and directed to gather only the necessary information, including the information specified herein and such other information as the board shall require, for the purposes of evaluating individual public schools, school districts, and the efficacy and equity of state and federal mandated programs. All information filed pursuant to this section shall be filed in the manner and form prescribed by the department that protects the privacy of students and staff and insures that data collection is minimized.
SECTION 2. Section 1I of chapter 69 of the General Laws, as appearing in Title XII of Part I the 2017 Official Edition, is hereby amended by inserting after the fifth paragraph the following paragraph:-
The commissioner is to comply with all state and federal laws to protect student and staff privacy in establishing such a system, and shall as a matter of policy avoid placing sensitive documents online and avoid collecting nonessential data. The commissioner shall not collect biometric data as a function of school assessment or education, nor shall the commissioner collect or access biometric data from students or staff for any other purpose; provided, however, that collection of biometric data by the Department of Criminal Justice may be required under state law for criminal background checks of school and district staff, including volunteers. The commissioner shall periodically review and destroy outdated and irrelevant documents contained in the temporary record.
SECTION 3. Section 1I of chapter 69 of the General Laws, as appearing in Title XII of Part I the 2017 Official Edition, is hereby amended by striking out paragraph seven and inserting in place thereof the following paragraph:-
Each school district shall maintain individual records on every student and employee. Each student record shall contain a unique and confidential identification number, basic demographic information, program, and course information. The department shall limit collection and storage of data to that clearly necessary to allow for student transcripts, evaluations of schools, and improvement of education, and shall discourage and avoid collection of extensive personal and behavioral student data other than that required for transcripts. The department shall discourage collection of personal and behavioral data on staff, except as part of reasonable evaluations as approved by a school, district, or the department.
SECTION 4. Chapter 71 of the General Laws is hereby amended by striking the language of Section 93 and inserting thereof the following:-
SECTION 93. TECHNOLOGY PRIVACY AND SAFETY MEASURES
(a) As used in this section, the following words shall have the following meanings:
“Confidential data” is data collected on students or staff and which includes but is not limited to the following:
(1) standard identifying information:
(3) personal writings or other personal work such as art
(4) political views
(5) socioeconomic data
(6) observed and inferred data from the online data provided
(7) similar information on other individuals that are not students or staff, but may be referenced in online data provided
“Granular opt-out processes for different uses of data” is providing separate options to refuse different types of data sharing. Considerations include but are not limited to placement in a yearbook or directory, using cloud services, or using school-issued devices or personal devices.
“Opt-out alternatives for technology” is an opt-out of technology use for students and staff with a comparable non-technological assignment.
(b) Use of confidential data from preK-12 students and staff for marketing, political identification, abuse or other mistreatment shall be unlawful.
Except as necessary for defined bureaucratic, health, or educational functions, the gathering, sharing, or storing of confidential data on preK-12 school students and staff in the Commonwealth shall be unlawful, and data must be kept anonymous when personal identifying information is not relevant or necessary to the data collection.
All data gathering must be limited and carefully secured, particularly with understanding that technology may make it possible to de-anonymize data. This law requires that school vendors and public schools collect only as much information as needed to do a particular job, take steps to avoid placing confidential data at risk, and that when the information is no longer needed that it be shredded or otherwise securely erased.
It shall be unlawful to mandate the posting of public primary and secondary student work online or in public spaces as a condition of mandatory course work. Posting student work online or in public spaces shall be lawful only with the directly specified consent of the student and relevant guardian. Requests for permission to post student work or images must be related to a specific request and for specific platforms, to avoid blanket permission statements for all platforms and all types of materials.
Practices for protecting privacy include but are not limited to the following:
(c) This law shall not impede on the practice of contacting social, health, or emergency workers when required by law or in the interests of protecting student and staff from serious health risks. Neither shall this law impede on the practice of crediting authorship or achievement when recognition is desired by students or staff, and in the case of traditional reporting by media of sports events, honor rolls, and similar traditional reporting that may be construed as reporting school news, as this is in the interests of press freedom and the community.
(d) Data gathering related to educational functions may include but not be limited to educational research, professional development, counseling functions, or improvement of instruction, provided data collection is relevant to the task, reasonable, and respects privacy. Temporary data gathering for commercial product improvement may occur provided an educational benefit exists for the student, when the student may opt out at any time, and when informed consent is obtained from the student and relevant guardian.
(e) When providing school technology access, each school committee in conjunction with the superintendent or the board of trustees of a charter school shall reduce opportunities for loss of confidential data by establishing:
(1) granular opt-out processes for different uses of data;
(2) identification and labeling of processes and equipment which may risk confidentiality;
(3) respectable informed consent procedures;
(4) shredding or secure erasure of unneeded data
(5) access to clearly described vendor data collection policies and data security to relevant students, guardians, and staff;
(6) opt-out alternatives for technology; and
(7) staff training on procedures for confidentiality and privacy; and
(8) policies on all digital devices to protect confidentiality and safety; and
(9) student education to protect confidentiality; and
(10) preferred technology vendors, software, and equipment for privacy protection; and
(11) revolving goals and established processes for reducing reliance on and use of technology.
(f) Each school committee in conjunction with the superintendent or the board of trustees of a charter school shall provide for a scope and sequence for a Safer Technology & Digital Citizenship Curriculum, hereafter called STDC, which shall include age-appropriate practices in healthier, safer and more environmentally-friendly and responsible technology use, behavior, and communication. The STDC shall include, as age-appropriate, education in individual and societal risks from technology, including but not limited to risks stemming from privacy loss, automation, digital addiction, loss of human contact, environmental costs, reduced health, and aptness as propaganda and shaping tools.
Each district or charter school shall establish a Technology Safety Council with relevant expertise or abilities to develop, examine, and review the STDC, and shall invite and not exclude parents, guardians, or local public school teachers as members. The STDC shall be flexible to allow for integration of concepts across disciplines, current events, and to respond to rapidly evolving technology. Upon initial completion, the STDC shall be provided to the local public school teachers and the local community for a 45-day review period to allow for criticism and ensuing revision.
The state Board of Education shall propose STDC model materials and a flexible template for a scope and sequence. The Board of Education shall establish a Safer Tech Council, hereafter called ST Council, to prepare materials and the scope and sequence. The ST Council shall be dominated by teachers, parents, and administrators from public schools with an interest and ability in the subject. Other members of the ST Council shall be privacy and safer technology advocates as well as technology experts who reflect current concerns: all with relevant knowledge. The Board of Education and ST Council shall take heed of the advice of privacy and safer technology advocates in drafting the model scope and sequence in order to best protect students. The initial process for development and publication of a model scope and sequence shall be 1 year from passage of this act, with a draft published within 7 months from passage of the act for public comment. The model materials and the scope & sequence shall be updated every two years or sooner to reflect the evolution of technology, time, and the advice of the parents, students, teachers, and school administration, as well as privacy and safer technology advocates.
(g) Each school district providing computer access to students shall adopt an Internet Safety Policy for the safe and efficient use of online resources. For the purposes of this Section, an Internet Safety Policy shall be provided by the school committee in conjunction with the superintendent or the board of trustees of a charter school and shall be open to a public hearing for review. An Internet Safety Policy council with relevant expertise shall be established to examine, develop, monitor, and review the Internet Safety Policy, and shall invite and not exclude parents, guardians, or teachers as members. Any such policy shall:
(1) Require the notification of the parents, guardians, students, and additional stakeholders of the policy and any changes to it every two years at the beginning of the academic year with opportunity for public input and recommendations; and
(2) Make publicly available the specific measures to block, filter, or alter websites by the Internet Protection Measures pursuant to subsection (h) paragraph (10) of this Section, the basis for including those categories, and the individuals who are responsible for making those decisions; and
(3) Make publicly available the specific measures to protect privacy pursuant to subsection (e) of this section, and the individuals who are responsible for making those decisions; and
(4) Be evaluated at minimum every two years by the Safer Tech Council and school committee in conjunction with the superintendent or board of trustees of a charter school to ensure that the policy conforms to current law, internet practices and technical requirements of teachers, provided that the results of the evaluation are made subject to a public hearing to accept public comment and input; and
(5) Make publicly available specific measures to limit, alter, or quit technology to improve health, academics, and reduce opportunities for data gathering and marketing; and
(6) Protect students from visual depictions that are obscene, pornographic, or harmful to minors (U.S.C. 54.520) within the statutes required herein addressing the use of internet protection measures for computer access in its schools; and
(7) Partner with students, teachers, principals and other administrators to ensure that the Internet Safety Policy is working and to modify policies as necessary to prevent misuse or harm.
(8) Employ a Safer Technology & Digital Citizenship Curriculum across disciplines, with the provisions contained in subsection (f) of this Section.
(9) Adopt written practices and procedures regarding implementation of Internet Protection Measures. Any such practices and procedures shall:
(i) Be managed, maintained, and operated by the superintendent or their designee; and
(ii) Insure technology usage is age-appropriate, educationally sound, and equitably accessible; and
(iii) Restrict access to online content that contains obscenity, pornography, or material harmful to minors (U.S.C. 54.520); and
(iv) Include a procedure for teachers to override a website that has been blocked by Internet Protection Measures, provided that the website does not contain obscenity, pornography, or material harmful to minors (U.S.C. 54.520); and
(v) Establish criteria for the overruling of a request by a teacher to allow access to a website that is blocked by the internet protection measures, a procedure to provide the requesting party with an explanation of the reasons for denial of a request, and a procedure to record and submit any requests and overrulings to the school committee every two years; and
(vi) State limitations on personal and school digital devices that are protective of privacy, health, and safety.
(10) Set and evaluate yearly benchmarks in conjunction with school leadership to insure the protection of students and staff from privacy and other technological threats, including to health considerations.
(h) The Massachusetts Department of Elementary and Secondary Education shall develop a template of Internet Protection Measures for use by school districts, state schools, and charter schools. The template shall include, but not be limited to, the provisions contained in paragraph (9) subsection (g) of this Section. Upon the completion of the template, which shall be no later than one year from passage of this act, all districts shall be notified of its contents and the department shall make the template available on the department website.
(i) This act shall take effect upon its passage.