At a New York state elementary school, teachers can use a behavior-monitoring app to compile information on which children have positive attitudes and which act out. In Georgia, some high school cafeterias are using a biometric identification system to let students pay for lunch by scanning the palms of their hands at the checkout line. And across the country, school sports teams are using social media sites for athletes to exchange contact information and game locations.

Technology companies are collecting a vast amount of data about students, touching every corner of their educational lives — with few controls on how those details are used.

Now California is poised to become the first state to comprehensively restrict how such information is exploited by the growing education technology industry.

Legislators in the state passed a law last month prohibiting educational sites, apps and cloud services used by schools from selling or disclosing personal information about students from kindergarten through high school; from using the children’s data to market to them; and from compiling dossiers on them. The law is a response to growing parental concern that sensitive information about children — like data about learning disabilities, disciplinary problems or family trauma — might be disseminated and disclosed, potentially hampering college or career prospects. Although other states have enacted limited restrictions on such data, California’s law is the most wide-ranging.