The law comes after controversy earlier this year when Google stated in federal court that it was scanning student emails for advertising and other noneducational purposes. In addition to the law’s prohibitions, SOPIPA also requires online service providers to maintain security procedures to protect student data and maintain the ability to delete data at the request of a school or school district.
SOPIPA represents one of the largest student data protection laws efforts to date, and James Steyer, CEO and founder of Common Sense Media, a San Francisco-based nonprofit that helped craft the law, says it could serve as a national model.
In recent legislative sessions, 20 states enacted student data privacy laws, but California’s legislation differs because the focus is on the prohibition of data use, not collection and governance. A federal bill to update the law protecting student data privacy is now under consideration in the Senate.
California’s new law may impact existing popular services, like the Apps for Education suite by Google. Though Google announced in April the company had ceased ad-related scanning of student data, any other noneducational data scanning and use would be prohibited under the new law, which states that vendors may not use "information, including persistent unique identifiers, created or gathered by the operator's site, service, or application, to amass a profile about a K-12 student except in furtherance of K-12 school purposes."
Attorney, speaker, author and blogger Bradley Shear commented on the new law in his blog, Shear on Social Media, saying that Google’s scanning of students emails for advertising and noneducational purposes was one of the chief drivers for the bill’s passage.
“These troubling comments from Google demonstrate the need for need for stronger accountability and enforcement mechanisms to ensure that our children's personal privacy and safety are not compromised for corporate profit,” he wrote.