The Chicago Public Schools are preparing for compliance with the changes to IL's Student Online Protection Act, passed in spring 2019 and going into effect next summer, and we provided input on their proposed district policy on SOPPA. As the largest district in IL, CPS's policy will have important implications for the rest of IL's public schools.
You can read our comments submitted to the Board of Education on November 2, 2020 here re their draft policy on Student Online Personal Protection that was to be voted on at the November 18, 2020 meeting of the Chicago Board of Education. The vote was postponed until January, and IL-FPS has met with CPS lawyers and the IT department to discuss the proposed policy in the meantime.
Statement presented at the Chicago Board of Education meeting on Nov 18 2020:
Good afternoon. Cassie Creswell, IL Families for Public Schools. First I want to lift up 4 year old Jamari Wright. He deserves a truly safe school. We need police out of CPS, whether SROs or security guards. What will it take?
Second, thank you for delaying the vote on the Student Online Personal Protection Act policy until next month. Public Act 101-516 has many important protections to strengthen the original SOPPA law. The provisions of the law will apply whether or not they’re in the district's policy. But clear policy helps all the stakeholders in CPS. And as the largest district in IL, our choices for what operators and vendors must do will have a ripple effect for all the children in the state. We can lead the way in protecting students’ sensitive data and families’ rights.
Our two major concerns about the policy as written:
First, we’d like the Board to make it crystal clear that students’ data is not for sale---no matter what verb you use: sell, rent, lease, trade or license. To that end we urge you to include a definition of “sell or rent” that covers any transfer of data in exchange for any consideration. The College Board in particular has been selling data and using the flimsy excuse that licensing does not count as selling. CPS should put a stop to this practice, and also ensure that the policy has no loopholes allowing it in the future.
Second, the protections of the law hinge on the fact that any sharing of student data between the school and a third-party must take place under the protections of a written agreement that meets stringent criteria.
Unfortunately, none of these protections will matter if operators are permitted to force children into individual contracts separate from the districts’ own contract that don’t have to meet these standards or the requirements of other state and federal student privacy laws. This is currently happening, again with the College Board as a prime example.
The policy you pass should put it in writing that this won’t be permitted any longer. Ed tech contracts are something that district employees should be responsible for evaluating and enforcing; not my 14 year old, and not any child getting their free, compulsory public education from CPS. I look forward to working with the Board to improve this policy before it is up for a vote again.