WASHINGTON, D.C. – A month after appearing in a federal district court, privacy advocates are still awaiting a judge’s ruling as to whether or not the U.S. Department of Education overstepped its bounds in late 2011 by unilaterally altering the Family Educational Rights and Privacy Act (FERPA), leaving parents and students with fewer privacy protections.

On July 24, attorneys for the Electronic Privacy Information Center (EPIC) argued before Judge Amy Berman Jackson that Education Department officials kicked the legs out from underneath the 1974 privacy law when they decided schools can release student information for non-academic purposes.

EPIC attorneys also argued that federal officials went too far when they decided schools can release student records to non-governmental organizations without first getting parental consent, reports the Washington Post.

MORE NEWS: Know These Before Moving From Cyprus To The UK

Department of Education officials want schools to have the power to collect and share more student data to assist with implementation of new national Common Core learning standards.

In their lawsuit, EPIC attorneys say the federal bureaucrats accomplished these monumental changes by re-defining key terms in the FERPA law, namely “authorized representative,” “education program,” and “directory information.”

They contend the new, expansive definitions will ultimately lead to “troves of sensitive, nonacademic” student data getting passed around to various “third parties,” including for-profit educational technology companies that could use the information to create learning software.

U.S. Department of Education officials say their FERPA changes are allowed under the language contained in the American Recovery and Reinvestment Act of 2009 – commonly known as the “stimulus” bill – and the America COMPETES Act of 2007.

However, the department’s attorney primarily used the July hearing to argue that EPIC lacks the standing to sue over the privacy act changes.

“The Education Department maintained the group has yet to show how a single one of its members now faces a greater risk of protected, personal information being released to the public,” reports Law360.com.

Judge Jackson seemed inclined to agree that EPIC lacks the legal right to challenge the FERPA changes, but that won’t be known until she hands down her decision.

MORE NEWS: How to prepare for face-to-face classes

EPIC Administrative Law Counsel Khaliah Barnes tells EAGnews protecting students’ privacy is so important that the group plans to appeal any unfavorable ruling.

“We are in a time of massive data collection and inadequate oversight,” Barnes says. “Students and parents have no control over the information they’re required to give schools.”

FERPA changes key to making Common Core work

The federal government will likely appeal, too, should Judge Jackson rule that education officials acted illegally in changing the student privacy laws.

The reason is simple: U.S. Education Secretary Arne Duncan needs the FERPA changes to survive so the new Common Core national learning standards will have their intended transformative effect on the nation’s education system.

Duncan’s oft-stated claim is that Common Core is necessary because the new standards are more “rigorous” than ones currently used by most states. There’s no doubt he believes that to be true, despite the fact the standards have never been field tested anywhere in the U.S.

But perhaps the main reason Duncan wants the nationalized learning standards is so America’s K-12 students will all be studying the same things – and working at the same pace – as their same-grade peers. That consistency will produce apples-to-apples test score data that will allow policy makers to better track which practices and reforms produce learning gains in students, and which ones don’t.

Generating and sharing in-depth information appears to be a huge goal for Duncan, a self-described “deep believer” in data-driven policy decisions. As he noted in the 2009 speech, “Data gives us the roadmap to reform. It tells us where we are, where we need to go, and who is most at risk.”

Since the federal government is legally prohibited from collecting student-specific data, the analysis of such data will have to be carried out by the states and various third-party handlers in the private sector.

Duncan’s newly expanded FERPA definitions now make such data sharing possible.

The FERPA changes will also allow states and school districts to share student-specific information with educational technology companies that can use the data – stored in longitudinal data systems which all 50 states now have, thanks to the federal government – to personalize the learning process.

Stephanie Simon of Reuters news service describes how it works:

“Does Johnny have trouble converting decimals to fractions? The database will have recorded that – and may have recorded as well that he finds textbooks boring, adores animation and plays baseball after school. Personalized learning software can use that data to serve up a tailor-made math lesson, perhaps an animated game that uses baseball statistics to teach decimals.

“Johnny’s teacher can watch his development on a ‘dashboard’ that uses bright graphics to map each of her students’ progress on dozens, even hundreds, of discreet skills.”

While EPIC officials don’t have a position about personalized learning, Barnes warns that most parents simply don’t understand that their children’s school is – or may soon start – giving sensitive information to private companies.

“Schools are not informing parents on this. A lot of these third-party (educational technology) services are offered free as pilot programs to individual teachers and schools,” Barnes says. “So schools adopt them without informing the school board because there’s no cost. They don’t feel obligated to tell school board members what they’re doing because it’s free.”

To be fair to Duncan, the data-sharing is not entirely his doing. In December of 2008, FERPA was amended by Congress to allow schools to outsource some tasks to private contractors and companies, as long as the data remained under the district’s control.

But many districts aren’t closely monitoring how companies are using student data, Barnes says.

That reflects poorly on the officials who made the changes five years ago, and only raises more concerns about the changes being pushed by the current Department of Education.

State firewalls

Some states aren’t waiting to hear how Judge Jackson rules in the EPIC lawsuit. They’ve already taken pre-emptive action to prevent student-specific data from being shared with the federal government or third-party private companies.

In June, Oklahoma Gov. Mary Fallin signed a law that places strict new “limits on the transfer of student data, including de-identified data, to federal, state or local agencies or organizations outside Oklahoma,” reports NormanTranscript.com.

The law also restricts the Oklahoma State Department of Education “from requesting delinquency records, criminal records, medical and health records, social security numbers and biometric information as part of student data collected from districts,” the news site notes.

And this past May, Georgia Gov. Nathan Deal issued an executive order proclaiming that “no personally identifiable data on students and/or their families’ religion, political party affiliation, biometric information, psychometric data, and/or voting history shall be collected, tracked, housed, reported, or shared with the federal government.”

Deals’ order also declares that “no student data shall be collected for the purpose of the development of commercial products or services,” reports Education Week.

Barnes likes the steps these state leaders have taken to protect students’ private data.

“That’s a good approach,” she says. “Federal regulations are so lax, to the point that they’re not even there.”

Barnes notes that while parents aren’t able to prevent schools from collecting data on their children, they can opt out from having “directory information” – name, address, email, phone number and certain student activities – from being shared.

“While the directory information opt-out cannot solve all of the current problems afflicting student privacy,” Barnes says, “it can minimize student information disclosures.”