The story mentions that this a reaction to the industry’s attempt to self-regulate with a privacy pledge this past October, and that the legislation which will be similar to California’s SOPIPA, which prohibits targeting students with online marketing and advertising, selling student information, profiling students based on data collected, and requiring companies to put security measures in place to protect student data. (While security measures are required to protect student data, SOPIPA set no bare minimum security standards for education technology companies, and did not require companies to disclose their security measures to users.)