BILL ANALYSIS
|
Senate Research Center |
H.B. 2087 |
|
85R24711 CAE-F |
By: VanDeaver et al. (Taylor, Larry) |
|
|
Education |
|
|
5/15/2017 |
|
|
Engrossed |
AUTHOR'S / SPONSOR'S STATEMENT OF INTENT
New technologies allow information to flow within schools and beyond, enabling the development of new learning environments and new tools to understand and improve the way teachers teach and students learn. While the integration of these new technologies undeniably benefits teachers and students alike, it requires the gathering of select private information from students.
While the collection of certain select data from students is required for the proper integration of new technologies into the classroom, it is necessary to ensure that this data is used and maintained in a responsible manner.
H.B. 2087 establishes rules defining when an operator is allowed to use and prohibited from using student data, as well as guidelines for how they must go about protecting and deleting collected student data. The sale of student data, as well as its use for purposes of targeted advertising would be prohibited. Additionally, the proper protection and deletion of student data would be ensured.
H.B. 2087 amends current law relating to restricting the use of covered information, including student personally identifiable information, by an operator of a website, online service, online application, or mobile application for a school purpose.
RULEMAKING AUTHORITY
This bill does not expressly grant any additional rulemaking authority to a state officer, institution, or agency.
SECTION BY SECTION ANALYSIS
SECTION 1. Amends the heading to Chapter 32, Education Code, to read as follows:
CHAPTER 32. COMPUTERS, COMPUTER-RELATED EQUIPMENT, AND STUDENT INFORMATION PROTECTION
SECTION 2. Amends Chapter 32, Education Code, by adding Subchapter D, as follows:
SUBCHAPTER D. STUDENT INFORMATION
Sec. 32.151. DEFINITIONS. Defines "covered information," "interactive computer service," "operator," "parent," "school purpose," and "targeted advertising."
Sec. 32.152. PROHIBITED USE OF COVERED INFORMATION. (a) Prohibits an operator from knowingly:
(1) engaging in targeted advertising on any website, online service, online application, or mobile application if the target of the advertising is based on any information, including covered information and persistent unique identifiers, that the operator has acquired through the use of the operator's website, online service, online application, or mobile application for a school purpose;
(2) using information, including persistent unique identifiers, created or gathered by the operator's website, online service, online application, or mobile application, to create a profile about a student unless the profile is created for a school purpose; or
(3) except as provided by Subsection (c), selling or renting any student's covered information.
(b) Provides that, for purposes of Subsection (a)(2), the collection and retention of account information by an operator that remains under the control of the student, the student's parent, or the campus or district is not an attempt to create a profile by the operator.
(c) Provides that Subsection (a)(3) does not apply to:
(1) the purchase, merger, or any other type of acquisition of an operator by another entity, if the operator or successor entity complies with this subchapter regarding previously acquired student information; or
(2) a national assessment provider if the provider secures the express affirmative consent of the student or the student's parent, given in response to clear and conspicuous notice, and if the information is used solely to provide access to employment, educational scholarships, financial aid, or postsecondary educational opportunities.
Sec. 32.153. ALLOWED DISCLOSURE OF COVERED INFORMATION. (a) Authorizes an operator to use or disclose covered information under certain circumstances.
(b) Authorizes a national assessment provider or a provider of a college and career counseling service to, in response to a request of a student, and on receiving the express affirmative consent of the student or the student's parent given in response to clear and conspicuous notice, use or disclose covered information solely to provide access to employment, educational scholarships, financial aid, or postsecondary educational opportunities.
(c) Authorizes an operator to disclose covered information if a provision of federal or state law requires the operator to disclose the information. Requires the operator to comply with the requirements of federal and state law to protect the information being disclosed.
(d) Authorizes an operator to disclose covered information to a third party if the operator has contracted with the third party to provide a service for a school purpose for or on behalf of the operator. Requires that the contract prohibit the third party from using any covered information for any purpose other than providing the contracted service. Requires the operator to require the third party to implement and maintain reasonable procedures and practices designed to prevent disclosure of covered information.
(e) Provides that nothing in this subchapter prohibits the operator's use of covered information for maintaining, developing, supporting, improving, or diagnosing the operator's website, online service, online application, or mobile application.
Sec. 32.154. ALLOWED USE OF COVERED INFORMATION. Provides that this subchapter does not prohibit an operator from:
(1) using covered information:
(A) to improve educational products if that information is not associated with an identified student using the operator's website, online service, online application, or mobile application; and
(B) that is not associated with an identified student to demonstrate the effectiveness of the operator's products or services and to market the operator's services;
(2) sharing covered information that is not associated with an identified student for the development and improvement of educational websites, online services, online applications, or mobile applications;
(3) recommending to a student additional services or content relating to certain opportunities within a website, online service, online application, or mobile application if the recommendation is not determined by payment or other consideration from a third party;
(4) responding to a student's request for information or for feedback without the information or response being determined by payment or other consideration from a third party; or
(5) if the operator is a national assessment provider or a provider of a college and career counseling service, identifying for a student, with the express affirmative consent of the student or the student's parent, institutions of higher education (IHEs) or scholarship providers that are seeking students who meet specific criteria, regardless of whether the identified IHE or scholarship provider provides consideration to the operator.
Sec. 32.155. PROTECTION OF COVERED INFORMATION. Requires an operator to implement and maintain reasonable security procedures and practices designed to protect any covered information from unauthorized access, deletion, use, modification, or disclosure.
Sec. 32.156. DELETION OF COVERED INFORMATION. Requires the operator, if a school district requests the deletion of a student's covered information under the control of the school district and maintained by the operator, to delete the information not later than the 60th day after the date of the request, or as otherwise specified in the contractor terms of service, unless the student or the student's parent consents to the operator's maintenance of the covered information.
Sec. 32.157. APPLICABILITY. Provides that this subchapter does not:
(1) limit the authority of a law enforcement agency to obtain any information from an operator as authorized by law or under a court order;
(2) limit the ability of an operator to use student data, including covered information, for adaptive learning or customized student learning purposes;
(3) apply to general audience websites, online services, online applications, or mobile applications;
(4) limit service providers from providing Internet connection to school districts or students and students' families;
(5) prohibit an operator from marketing educational products directly to a student's parent if the marketing is not a result of the use of covered information obtained by the operator through providing services to the school district;
(6) impose a duty on a provider of an electronic store, gateway, marketplace, or other means of purchasing or downloading software or applications to review or enforce compliance with this subchapter on those applications or software;
(7) impose a duty on a provider of an interactive computer service to review or enforce compliance with this subchapter by third-party content providers;
(8) prohibit a student from downloading, exporting, transferring, saving, or maintaining the student's data or documents; or
(9) alter the rights or duties of the operator, provider, school, parent, or student under the Family Educational Rights and Privacy Act of 1974 (20 U.S.C. Section 1232g) or other federal law.
SECTION 3. Effective date: September 1, 2017.