Committee votes to advance bill letting districts cancel ed‑tech contracts if vendors share student data
Get AI-powered insights, summaries, and transcripts
Subscribe
Summary
After a BYU/Internet Safety Labs review flagged that many education apps collect and share data beyond contract terms, the committee approved a bill that would require remediation within 30 days or allow LEAs to cancel contracts without recourse; two members opposed the measure, noting existing law.
The interim committee recommended favorably a bill aimed at strengthening privacy compliance for education technology vendors, saying it will give LEAs an explicit tool — a 30‑day remediation window and the ability to cancel — to enforce data privacy obligations in vendor contracts.
Representative Auxier framed the proposal around a BYU/Internet Safety Labs review that examined 100 apps from the roughly 3,000 used by Utah LEAs and found that 52% collected student data elements not covered by data privacy agreements and 36% shared data with ad‑tech companies. The draft would require vendors found to be sharing or selling data in violation of contract terms to remediate within 30 days or face contract cancellation by the LEA without penalties.
Supporters argued districts need teeth to stop vendors that violate privacy terms. Opponents, including Senator Reby, said existing law already prohibits selling student data and urged stronger enforcement of current law rather than new statutes. Supporters replied that this measure specifically creates a contractual enforcement tool for LEAs — the ability to cancel within 30 days — and thus fills an operational gap.
The committee voted to recommend the bill favorably for the 2026 session; senators and representatives recorded 'no' votes during the roll call: Senator Reby and Representative Moss opposed the motion. Sponsors said the bill will be refined and brought back to committee for further input before session.