The student-privacy blogosphere has been atwitter (so to speak) over recent revelations that students’ social media posts have been monitored in connection with the Common Core-aligned PARCC test.

Originally, a local school superintendent in New Jersey was quoted as saying that mega-publisher Pearson, which has the contract to administer the PARCC test, reported to the New Jersey Department of Education (NJDOE) a student’s after-school tweet concerning one of the test questions. It has subsequently come to light that the Web monitoring was accomplished by a security company called Caveon Test Security.

Although it isn’t clear exactly who has contracts with whom, it appears that Caveon discovered the tweet in its Web trolling and reported the find to Pearson. Pearson then alerted the NJDOE, which notified the local superintendent.

So let’s get this straight – a private company based in another country, on another continent, is being told what individual American students are saying about its tests on Twitter (and presumably Facebook and other media outlets). If it learns of something it doesn’t like, it reports the activity to the appropriate state department of education, which then contacts the local district and reports the “security breach” – identifying the student by name and obviously suggesting disciplinary action.

The implications of this are far-reaching.

In the first place, this story reveals critical details about the personally identifiable information (PII) being given to the Common Core testing consortia (PARCC and Smarter Balanced) by individual districts and states. PARCC’s privacy policy, which was issued in response to widespread parental outrage about potential violations, acknowledges that PARCC may receive PII such as a student’s name, address, and date of birth. Since Pearson has the contract to administer the PARCC test, presumably this information was passed along to Pearson.

We can deduce, then, that some education entity in New Jersey sent, at a minimum, individual student names to either PARCC or Pearson or both. Why either of these outfits needs student names rather than merely student identification numbers is not clear. (Although it’s conceivable that the student at issue used his identification number in his tweet, that seems unlikely.) And it also seems probable that Pearson had information in its database about which students took the test that day or during that week.

The next question is how Pearson tied this particular tweet to this particular student. Perhaps he identified his school in the tweet or his Twitter profile. If so, Pearson merely had to contact the state department of education and ask them to investigate the individual — let’s call him “Bill Student.”

It’s possible, if not probable, that Pearson violated its contract with PARCC by tracking Bill down through social media. PARCC’s privacy policy spells out what its contractors may do with student data – and sniffing out objectionable tweeters isn’t among the allowable uses. So when a custodian of student data tells parents not to worry – we have an agreement prohibiting bad things! – the parents should worry.

In case this isn’t sounding enough like 1984 with 2015 technology, consider the other implications. This private foreign company has undoubtedly now stored all this information in its database – Bill Student uses thus and such Twitter handle and thus and such Facebook page, and by the way has made the following comments on each. And poor Bill is now flagged – forever? – as a cheater, whether or not he actually said anything compromising.

And is there any danger that the federal government could see any of this information? Well, as a matter of fact, yes. PARCC has a cooperative agreement with the U.S. Department of Education that requires it to give them access “on an ongoing basis” to “any and all student level” data it compiles from the testing. So now that PARCC knows, through its contractor Pearson, that Bill has allegedly committed a security breach, the agreement requires it to make that information available to the feds.

From the beginning of the Common Core scheme, parents’ concerns about their children’s privacy have been dismissed as “conspiracy theories” barely meriting response. This most recent episode suggests the parental instincts were right on the money. And if the Common Core establishment thinks the backlash against the standards and tests has been disruptive so far, wait until the education czars have to deal with thousands – millions? – of parents opting out of the testing to keep Big Brother away from their children. Pearson’s behavior has proven the validity of their concerns. Maybe Bill inadvertently lit the fuse that will blow up the entire crumbling structure.

Jane Robbins is an attorney and a senior fellow at the American Principles Project in Washington, D.C.