HB 5495 Summary (West Virginia, 2026 Regular Session)
Overview
- Purpose: Create a housing framework of requirements and accountability procedures governing a student’s use of software in public schools. The bill establishes a statewide digital privacy agreement, verification of academic effectiveness for software, master and approved software lists, parent complaint avenues, and ongoing audits and enforcement.
Key Provisions and Changes
1) Definitions and core concepts (Article 2L, §18-2L-1)
- Academically effective: Software shown to support student learning or outcomes, aligned with core standards, with instructional value, and not designed to distract or diminish teacher authority.
- Addictive design features: Specific features that maximize time-on-platform or engagement beyond educational value (e.g., infinite scroll, gamified rewards tied to time, persistent re-engagement prompts). Some common-sense features (progress indicators, curriculum-aligned recommendations) are excluded from being “addictive.”
- Clickstream data, sub-processor, digital privacy agreement, educational purpose, independently verified, and vendor definitions are provided to structure compliance and oversight.
- Software is defined broadly to include apps, web services, plugins, or any code-based product used on school devices or by students for education.
2) Statewide digital privacy agreement (§18-2L-2)
- The West Virginia State Board of Education must create a statewide digital privacy agreement (DPA).
- DPAs must align with WV DOE Data Privacy and Security policy, including data minimization, restrictions on targeted ads, secondary data use limits, security safeguards, breach notices, retention/deletion rules, and protection of directory information.
- Content restrictions: Prohibits displaying or recommending sexual content in health courses unless parental consent is obtained.
- Prohibits addictive design features and limits collection of biometric data (with limited exceptions for accessibility or required verification), behavioral/psychological profiling, voice-prints/keystroke data beyond permitted uses, and precise geolocation except for specific school-use cases with consent.
- Data use restrictions: Data collected must be minimal, only for educational purposes, not used commercially, and safeguarded.
- Restrictions on AI/ML: Software not integral to course content cannot use data to train non-educational machine-learning models, manipulate emotions, or influence political/religious beliefs; no persuasive design to maximize time-on-platform.
- Technical protections: Data encryption, storage within the United States, disclosure of sub-processors, prohibitions on background data collection when not in active use, and disclosure of data elements and tools.
- Device access: Software cannot access camera/m microphone unless necessary for educational function and disclosed.
- No coercive contractual terms: No usage quotas, no time-based pricing/limits, and termination-for-cause provisions with cure timelines and protections for contracting entities.
3) Vendor duties (§18-2L-3)
- Before installation, vendors must:
- Execute the statewide DP Agreement.
- Obtain independent verification of academic effectiveness.
- Provisional use: Up to 24 months if the vendor submits a verification plan and demonstrates alignment with standards and evidence-based design; data collection for effectiveness to occur during provisional period.
- Verification details: Vendors must provide methodology, populations, independence disclosures, limitations, and a determination of educational value.
- Access to records: Vendors must give State Board access for audits and must comply with the DP Agreement.
- Appeals: Vendors can appeal noncompliance findings via a state board administrative process.
- Prohibition on altering the DP Agreement or allowing substitute contracts that bypass DP requirements.
- Parental/contracting-entity liability terms: Vendors cannot require waivers or arbitration that undermine the DP requirements, or cap liability contrary to the DP law.
4) Duties of contracting entities (§18-2L-4)
- Each contracting entity must:
- Execute the statewide DP Agreement for all software adopted.
- For software not previously approved, obtain independent verification demonstrating academic effectiveness before allowing installation or use.
- Submit DP Agreement execution and verification documentation to the State Board and grant audit access.
- Comply with appeal processes and not modify the DP Agreement.
- Ensure all pre-July 1, 2026 DP agreements meet the new requirements by July 1, 2029; allowed to continue prior agreements temporarily if actively moving toward compliance.
5) State Board and LEA compliance and duties (§18-2L-5)
- State Board responsibilities:
- Ensure software is independently verified for academic effectiveness before classroom use.
- Maintain a public list of independent evaluators and a master list of software used by students.
- List software approved for student use; being on the master list is not endorsement.
- Monitor and enforce compliance through periodic audits of contracting entities and vendors.
- Publish audit findings and require corrective actions with timelines.
- Provide technical guidance and timelines for transition to the DP Agreement and academic effectiveness requirements.
- LEA duties:
- Provide annual parental notice listing all instructional software with DP Agreement and verification status, including links to documents.
- Maintain public software lists on LEA websites and update promptly for additions/removals.
- Notify parents of significant software updates or data-collection changes and maintain an archive of previously used software with usage dates.
6) Complaints and enforcement (§18-2L-6)
- Parents can file a written complaint alleging noncompliance (missing DP Agreement, lack of verification, or vendor violation).
- State Board consults with the Attorney General to determine violations and take enforcement actions.
- The Attorney General may recover reasonable costs in court actions.
7) Effective date and implementation (§18-2L-7)
- The act becomes effective July 1, 2026.
Impact and Scope
- Administrative: Establishes a structured state-level framework for privacy, safety, and educational effectiveness of software used in public schools. Creates new processes for vendor vetting, independent verification, master lists, and audits.
- Data privacy and safety: Tightens controls on data collection, use, retention, and disclosure; limits biometric data and geolocation; prohibits addictive design features; and requires data to remain within the United States for processing.
- Transparency: Requires annual parent notifications of software used, with links to privacy and effectiveness documentation; public master lists and audit results promote accountability.
- Stakeholders affected: County Boards of Education, the State Board of Education, software vendors, independent evaluators, and parents/guardians. Teachers and students are indirectly affected through changes in software approval, monitoring, and ensured educational value of tools used in instruction.
Implementation timeline
- July 1, 2026: Effective date.
- 2026–2029: Existing DPAs may continue if actively transitioning toward compliance; new software and DPAs must eventually meet the statewide DP Agreement and verification requirements.
- July 1, 2029: Deadline for ensuring pre-existing DPAs align with new standards; ongoing audits begin (pilot/regular cycle established).
Note: The bill emphasizes safety, privacy, educational value, and parental transparency in the deployment of educational software in West Virginia public schools.