Searching over 5,500,000 cases.


searching
Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

Electronic Privacy Information Center v. U.S. Department of Education

United States District Court, District of Columbia

February 5, 2014

ELECTRONIC PRIVACY INFORMATION CENTER, et al., Plaintiffs,
v.
U.S. DEPARTMENT OF EDUCATION, Defendant.

MEMORANDUM OPINION

AMY BERMAN JACKSON, District Judge.

Plaintiffs Electronic Privacy Information Center ("EPIC") and four individuals - Grayson Barber, Pablo Garcia Molina, Peter Neumann, and Deborah Peel - have brought this action challenging a Final Rule issued by defendant, the United States Department of Education ("Department of Education, " "the Department"), to implement the Family Educational Rights and Privacy Act of 1974 ("FERPA"), 20 U.S.C. § 1232g. Defendant has moved to dismiss on standing grounds or, in the alternative, for summary judgment on the merits. Def.'s Mot. to Dismiss or, in the Alternative, for Summ. J. ("Def.'s Mot.") [Dkt. # 18]. Plaintiffs have opposed defendant's motion and have filed their own cross-motion for summary judgment. Pls.' Cross-Mot. for Summ. J. ("Pls.' Mot.") [Dkt. # 21]; Pls.' Mem. Opposing Def.'s Mot. to Dismiss and Mot. for Summ. J. ("Pls.' Mem.") [Dkt. # 20].

Plaintiffs argue that the standing requirement is satisfied in this case because the four individual plaintiffs each have standing and because EPIC has both organizational standing on its own behalf and associational standing on behalf of its members. The Court disagrees and finds that none of the individual plaintiffs nor EPIC have standing to bring the claims asserted in the complaint. The individual plaintiffs have alleged nothing more than a hypothetical possibility of some vague harm, and that harm does not even flow from the challenged regulations. So they have failed to allege or show the injury in fact or causation that are fundamental to standing. And the organizational plaintiff, EPIC, complains simply that the new rules have prompted it to engage in the very sort of advocacy that is its raison d'etre. So it has not alleged an injury in fact either. Accordingly, the Court will dismiss the action for lack of subject matter jurisdiction.

BACKGROUND

I. STATUTORY AND REGULATORY BACKGROUND

This action concerns regulations that were issued by the Department of Education to implement FERPA. FERPA was first passed in 1974 "to ensure access to educational records for students and parents and to protect the privacy of those records from the public at large." Student Press Law Ctr. v. Alexander, 778 F.Supp. 1227, 1228 (D.D.C. 1991). It conditions the receipt of federal funds by "any public or private educational agency or institution" on adherence to certain requirements related to access to and disclosure of student educational records. Gonzaga Univ. v. Doe, 536 U.S. 273, 278 (2002). One of those requirements is that a student's records not be disclosed unless the student's parents provide consent.[1] See 20 U.S.C. § 1232g(b).

Generally, this restriction applies even to the disclosure of records by schools or school districts to the Department of Education or to state educational authorities. There are, however, several exceptions. The two exceptions relevant to this action are known as the "directory information exception" and the "program evaluation exception." Under the directory information exception, certain basic student information, such as name, address, telephone number, etc. - referred to as "directory information" - may be released without prior consent. Id. § 1232g(a)(5), (b)(1). Under the program evaluation exception, an "authorized representative" of the Comptroller General of the United States, the Secretary of Education, state educational authorities, or the Attorney General may receive - without prior consent - any records that "may be necessary in connection with the audit and evaluation of Federally-supported education programs, or in connection with the enforcement of the legal requirements that relate to such programs."[2] Id. § 1232g(b)(1)(C), (b)(3).

The definitions of the terms "directory information, " "authorized representative, " and "education program, " as used in the statutory exceptions to the disclosure restrictions, have long been the subject of Department of Education regulations. See 53 Fed. Reg. 11942-01, 11943 (Apr. 11, 1988). On April 8, 2011, the Department of Education issued a notice of proposed rulemaking that sought comments on proposed changes to its FERPA-implementing regulations, including to the definitions of those three terms. 76 Fed. Reg. 19726, 19731-32 (Apr. 8, 2011) (codified at 34 C.F.R. pt. 99). The Department received 274 comments on the proposed regulation, including a comment from plaintiff EPIC challenging the three new definitions. Final Rule, Admin. R. ("AR") at 698 [Dkt. # 10]; EPIC Comment, id. at 515-34. On December 2, 2011, the Department issued its Final Rule, 76 Fed. Reg. 75604 (Dec. 2, 2011) (codified at 34 C.F.R. pt. 99) ("Final Rule").

A. The Directory Information Exception

FERPA expressly provides that:

[T]he term "directory information" relating to a student includes the following: the student's name, address, telephone listing, date and place of birth, major field of study, participation in officially recognized activities and sports, weight and height of members of athletic teams, dates of attendance, degrees and awards received, and the most recent previous educational agency or institution attended by the student.

20 U.S.C. § 1232g(a)(5)(A). While the statute exempts "directory information" found in education records from the statutory disclosure restrictions, id. § 1232g(b)(1), it leaves each educational agency or institution free to determine for itself what categories of directory information it will release and for what purposes. But before the entity releases any information, it must "give public notice of the categories of information which it has designated" as directory information, and give parents the opportunity to "inform the institution or agency that any or all of the information designated should not be released without the parent's prior consent." Id. § 1232g(a)(5)(B).

Since at least 1988, the Department has interpreted directory information to mean "information contained in an education record of a student that would not generally be considered harmful or an invasion of privacy if disclosed, " and it has construed the statutory list of directory information to be non-exhaustive. See 34 C.F.R. § 99.3 (2013); see also 34 C.F.R. § 99.3 (1988). For example, in the year 2000, the Department issued new regulations that recognized photographs, e-mail addresses, and grade levels as directory information. 65 Fed. Reg. 41852, 41852-53 (July 6, 2000) (codified at 34 C.F.R. pt. 99).

The 2011 Final Rule at issue in this action adds to the category by recognizing as directory information:

(1) A student ID number, user ID, or other unique personal identifier used by a student for purposes of accessing or communicating in electronic systems... and (2) [a] student ID number or other unique personal identifier that is displayed on a student ID badge, but only if the identifier[s] cannot be used to gain access to education records except when used in conjunction with one or more factors that authenticate the user's identity, such as a PIN [(personal identification number)], password, or other factor known or possessed only by the authorized user.

Final Rule, AR at 733.

B. The Authorized Representative Exception

The authorized representative exception permits an "authorized representative" of the Comptroller General of the United States, the Secretary of Education, state educational authorities, and the Attorney General to receive - without prior consent - any records which may be necessary in connection with the audit and evaluation of Federally-supported education programs, or in connection with the enforcement of the legal requirements which relate to such programs." 20 U.S.C. § 1232g(b)(1)(C), (b)(3). It also permits state and local educational officials to be exempted from the disclosure restrictions when disclosure of the records "may be necessary in connection with the audit and evaluation of any federally or State supported education program or in connection with the enforcement of the Federal legal requirements which relate to any such program." Id. § 1232g(b)(5) (emphasis added).

The 2011 Final Rule at issue in this action provides definitions for the terms "authorized representative" and "education program, " as the terms are used in those provisions of FERPA. The Final Rule defines an "authorized representative" as:

[A]ny entity or individual designated by a State or local educational authority or an agency headed by an official listed in § 99.31(a)(3) to conduct - with respect to Federal- or-State supported education programs - any audit or evaluation, or compliance or enforcement activity in connection with Federal legal requirements that relate to those programs.

Final Rule, AR at 733. It defines an "education program" as "any program that is principally engaged in the provision of education, including, but not limited to, early childhood education, elementary and secondary education, postsecondary education, special education, job training, career and technical education, and adult education, and any program that is administered by an educational agency or institution." Id.

II. FACTUAL BACKGROUND

EPIC is a non-profit corporation located in Washington, D.C. Barnes Decl. ¶ 2 [Dkt. # 20-7]; Rotenberg Decl. ¶ 2 [Dkt. # 20-6]. EPIC is a public interest research center established "to focus public attention on emerging civil liberties issues and to protect privacy, the First Amendment, and other constitutional values." Barnes Decl. ¶ 2; Rotenberg Decl. ¶ 2. It has a "particular interest in preserving privacy safeguards established by Congress, " including the FERPA, and it engages in activities "designed to protect privacy and educate the public, including policy research, public speaking, conferences, media appearances, publications, litigation, and comments for administrative and legislative bodies regarding the protection of privacy." Barnes Decl. ¶ 2; Rotenberg Decl. ¶ 2.

According to a declaration from Khaliah Barnes, Administrative Law Counsel for EPIC, Barnes engaged in the following activities relating to the issuance of the 2011 Final Rule on behalf of EPIC:

• Participated in phone calls initiated by education activists, media, organizations, and the public generally concerning a variety of education privacy topics, but focused primarily on the Final Rule. Barnes Decl. ¶ 12.
• Exchanged e-mails concerning a variety of education privacy topics, but focused primarily on the Final Rule. Id. ¶ 13.
• Participated in one in-person meeting with education activists who had previously inquired about the Final Rule and a variety of education privacy topics, but focused primarily on the Final Rule. Id. ¶ 14.
• Updated the EPIC website and online newsletter regarding developments with the promulgation of the Final Rule and subsequent developments, ...

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.