Gaggle is one of the firms that has signed the pledge.
There are also legislative efforts in the works to increase controls on the use of data collected on students. The Protecting Student Privacy Act (PSPA) of 2014, sponsored by senators Edward Markey, D-Mass., Orrin Hatch, R-Utah, John Walsh, D-Mont., and Mark Kirk, R-Ill., would deny federal funds to any educational institution that doesn't implement security measures to protect the PII of students or that "knowingly" allows that information to be shared for marketing purposes.
The proposal would also give parents access to any PII of their children held by schools, let them challenge and correct or delete any inaccurate information and let them know of any other individuals or organizations that are allowed access to that data.
However, the last action on the bill was three months ago, when it was referred to the Committee on Health, Education, Labor and Pensions.
And privacy advocates like Herold say both current and pending laws don't go nearly far enough to protect student privacy, because they don't address the more recent types of data collection.
While FERPA covers educational records and PII, it "generally does not include the privacy-invasive data that is used for monitoring/tracking students," Herold said.
And she contends that enforcement of FERPA is suspect. "Without audits and active regulatory oversight of school systems, it is likely that a large portion of schools do not follow the requirements," she said, noting that the law, "allows for 'research' activities for student information, so that is a broad, generally subjective loophole," and it doesn't cover private schools that are not government funded.
"Thousands of schools are doing pretty much anything they want to with student data, unless there are state or local laws prohibiting such uses -- and there are very few of these," she said.
Schneier is also unimpressed. "The laws suck," he said, adding that the fact that Gaggle complies with those laws offers some proof. "I would use the fact that they're in compliance to condemn them," he said, noting that the "thousands of warnings" the company sends to school departments are, "pretty much all false alarms."
"The whole "bull---- about safety -- that's what the NSA (National Security Agency) says when it collects information on all of us," he said.
Cohen said he thinks the PSPA would improve on FERPA, which was enacted 40 years ago. But he agreed with Herold that enforcement is a problem. "Even if the bill is enacted, I don't know if it corrects the problem of the lack of enforcement," he said.
When it comes to safety, Polonetsky argues that schools need to remain sensitive to privacy. "We want schools be attuned to clues that a particular student is a danger to others, but we need to be vigilant that we don't criminalize kids for the sometimes irresponsible or provocative things they may say or write," he said.
Sign up for CIO Asia eNewsletters.