Alex D. Ivan
Education Law Attorney
Kennedy & Graven, Chartered

Given widespread concerns related to school shootings and student mental health, many school districts have sought to proactively identify student safety threats by contracting with third-party vendors for the use of software that continuously monitors students’ use of district-owned devices, district-issued student email accounts, and in some case students’ public social media accounts or blog streams. Using complex algorithms, the software attempts to identify potential threats in the areas of security, public safety, harm, wellness, or acts of violence, and sends alerts to authorized district users for any appropriate response.

Though these measures can help school officials address safety concerns before harmful conduct occurs, their effectiveness is a matter of some controversy. Some argue the software does more harm than good by discriminatorily flagging language more commonly used by LGBTQ+ students or racial minorities, or by deterring students in need of mental health or other support from searching for resources due to concerns about the lack of privacy.

The Minnesota State Legislature apparently noticed these concerns, because one of the few bi-partisan accomplishments during the 2022 General Session included an amendment to the Minnesota Government Data Practices Act (“MGDPA”), Minnesota Statutes, Chapter 13. In part, the new provisions require technology providers who contract with school districts to be subject to data privacy restrictions and require schools to provide parental notice of any technology providers who will have access to educational data.

Additionally, the new law curtails Minnesota public school districts’ authority to monitor student computer activity. Tucked neatly away in Minn. Stat. § 13.32, the MGDPA’s educational data provision, is now Subdivision 14, which regulates “school-issued devices.” Specifically, absent one of the expressly identified exceptions, the law generally prohibits any school district or private technology provider with whom a district contracts from accessing or monitoring: “(1) any location-tracking feature of a school-issued device; (2) any audio or visual receiving, transmitting, or recording feature of a school-issued device; or (3) student interactions with a school-issued device, including but not limited to keystrokes and web-browsing activity.” Minn. Stat. § 13.32, subd. 14(a). The law defines “school-issued device” to mean the “hardware or software that a public educational agency or institution, acting independently or with a technology provider, provides to an individual student for that student’s dedicated personal use.” Id. at subd. 1(d). It also includes any device issued through a one-to-one program. Id.

School districts, or a private technology provider with whom they contract, may access or monitor school-issued devices only if one of the following applies:

(1) the activity is limited to a noncommercial educational purpose for instruction, technical support, or exam-proctoring by district employees, student teachers, staff contracted by a district, a vendor, or the Department of Education, and notice is provided in advance; (2) the activity is permitted under a judicial warrant; (3) the public educational agency or institution is notified or becomes aware that the device is missing or stolen; (4) the activity is necessary to respond to an imminent threat to life or safety and the access is limited to that purpose; (5) the activity is necessary to comply with federal or state law, including but not limited to section 121A.031 [relating to the separate requirement for adoption of a student bullying policy]; or (6) the activity is necessary to participate in federal or state funding programs, including but not limited to the [federal] E-Rate program.

The law further establishes a 72-hour notice requirement whenever one or more of the exceptions is met and a school district or its private technology provider lawfully surveils a student’s school-issued device. Minn. Stat. § 13.32, subd. 14(c).

These exceptions are broad and still leave schools districts with options to monitor school-issued devices when needed to respond to safety threats, online bullying, and the like. Thus, on its face, Subdivision 14 does not eliminate schools’ ability to effectively prevent or respond to safety threats. However, forms of continuous or random tracking and data mining, including the artificial intelligence software described above, likely violate this provision. At its core, Subdivision 14 requires schools, or the technology providers with whom they contract, to articulate a legitimate factual basis establishing one of the exceptions before they surveil school-issued devices for possible safety concerns.

Exactly how much Subdivision 14 limits school district authority is uncertain. As of this article, neither Minnesota state courts nor the Department of Administration has issued opinions interpreting the provision’s scope. Notably, of all places in state law, the legislature chose to incorporate the limitations of Subdivision 14 within the MGDPA. Since any individual who willfully violates the MGDPA is guilty of a criminal misdemeanor, Minn. Stat. § 13.09(a), school district officials should – ideally, with the assistance of legal counsel – thoughtfully and carefully confirm with school district legal counsel that the facts show that one or more of the law’s enumerated exceptions has been clearly met in a situation before accessing or monitoring student school-issued devices in the manners generally prohibited.

This article is intended to provide general information with commentary. It should not be relied on as legal advice. If required, legal advice regarding this topic should be obtained from district legal counsel.

Alex D. Ivan is an attorney with the law firm of Kennedy & Graven, Chartered. For more information, please contact him at (612) 337-9304 or aivan@kennedy-graven.com.

© Alex D. Ivan (2022). Used with permission.

Leave a Reply