WeVote

Bill

WeVote Research Nonpartisan
Bill Summary · HB 3281

Summary of HB 3281 (2026) – Missouri: PROTECT Students Act

Purpose and intent

  • Establishes a comprehensive statewide framework to govern the use of software and digital tools in Missouri public schools.
  • Aims to protect student data, ensure educational value, limit addictive design features, and require independent verification of educational effectiveness.
  • Creates centralized standards and oversight for contracts between schools and software vendors.

Key provisions and changes

  • ** statewide digital privacy agreement (mandatory for vendors)**

    • The Missouri State Board of Education (SBE) shall adopt a single, statewide digital privacy agreement.
    • All software vendors must execute this agreement as a condition for providing software or digital services to Missouri schools.
    • The agreement cannot be altered by vendors or local districts; any vendor-proposed terms are void.
    • Addresses data minimization, security, breach response, retention/deletion, and protections for directory information; prohibits resale, profiling, or noneducational use of student data.
    • Prohibits certain practices (advertising, open-ended data collection) and requires localization of data within the United States.
  • Addictive design features and educational purpose controls

    • Defines “addictive design features” (e.g., infinite scroll, autoplay, gamification tied to time, push reengagement, personalized addictive algorithms).
    • Software used in schools must align with an “educational purpose” (instruction, assessment, student learning, and school operations) and exclude marketing or commercial purposes.
    • Prohibits features intended to unduly increase screen time or engagement through behavioral nudges.
  • Independently verified academic effectiveness

    • Before installation or use, vendors must undergo an independent evaluation to verify educational effectiveness.
    • Evaluations must be conducted by a disinterested evaluator with no financial ties to the vendor, using transparent methods.
    • The state should maintain a public list of qualified evaluators.
    • Evaluations must assess alignment with Missouri standards, instructional value, absence of addictive features, and positive classroom outcomes.
  • Master list and transparency

    • SBE will maintain a statewide master list of software used by students.
    • Software is listed only after both the privacy agreement is in place and the independence verification is completed.
    • Local districts keep their own software inventories; the master list is for transparency and does not constitute approval.
  • Compliance, audits, and enforcement

    • SBE conducts periodic audits (at least every three years) of districts and vendors for compliance with the privacy agreement and effectiveness verifications.
    • Audits review data disclosures to third parties and compliance with all contract terms.
    • Violations by districts or vendors can trigger corrective actions, contract terminations, and potential withholding of state technology funds.
    • The Attorney General has authority to enforce provisions, including subpoenas, audits, and civil penalties. Courts may impose fines and award costs to the state.
    • Parents may file complaints; the Board will review and enforce as appropriate.
  • Phase-in and transition

    • All existing student software contracts must be brought into compliance within 24 months of the act’s effective date.
    • The SBE will provide technical guidance and timelines to achieve compliance.
    • During the transition period, districts may continue using existing contracts if they are actively working toward compliance.
  • Annual parental notice and records retained

    • Districts must provide an annual public list of instructional software meeting privacy and effectiveness requirements, including product name, vendor, primary purpose, and links to privacy and effectiveness verifications.
    • Lists must be published on district websites and updated within 10 business days of changes.
    • If new software is added mid-year, districts must notify parents within five school days and provide links to compliance documents.
    • Districts must inform parents of significant updates to data practices or consent requirements and maintain an archive of previously used software for at least two years after retirement.
  • Parental involvement and complaints

    • Parents may submit complaints to the Board regarding privacy agreement implementation, effectiveness verification, or vendor noncompliance.
    • The Board will review, notify the parent of findings, and take enforcement action if warranted.
  • Protection for school personnel

    • Teachers and other school staff are not personally responsible for district noncompliance.

Who is affected

  • Local educational agencies (LEAs): districts and charter-like entities that procure and deploy software for students; responsible for executing the statewide privacy agreement, obtaining effectiveness verifications, maintaining inventories, and complying with audits and enforcement actions.
  • Vendors/software providers: must sign the statewide digital privacy agreement, pass independent effectiveness reviews, disclose data practices, ensure cybersecurity, and adhere to restrictions on data use and content.
  • State Board of Education (SBE): responsible for adopting the statewide privacy agreement, maintaining the master list, conducting compliance audits, and publishing audit results.
  • Attorney General: enforcement authority, including investigations, subpoenas, civil penalties, and potential injunctive relief.
  • Parents/guardians: may file complaints and receive notices about software in use and compliance actions.
  • Students: directly protected by data privacy, content restrictions, and independent effectiveness standards.

Procedural and timeline aspects

  • Phase-in: 24 months from the act’s effective date to bring all existing software contracts into compliance.
  • Audits: at least once every three years, with spot checks.
  • Compliance actions: includes potential contract termination, withholding of funds, and directives from the Board to terminate noncompliant contracts.
  • Annual reporting: districts publish an annual software list; mid-year updates require parent notification.
  • Post-enactment rulemaking: the Board and AG may promulgate rules to implement enforcement and transition provisions, subject to standard rulemaking procedures.

Overall impact

HB 3281 creates a centralized, enforceable framework to safeguard student data, ensure educational value, and curb exploitative software design in Missouri public schools. It elevates data governance, requires independent validation of educational tools, and provides clear mechanisms for enforcement and public transparency. The 24-month transition period gives districts time to adapt contracts and workflows to meet the new standards.

Compiled from official sources — confirm details with the bill’s official record.

Sign in to ask a question.