March 25, 2021
While ed tech providers’ privacy requirements may vary, complying with student privacy laws is always complex. It’s a time of unprecedented opportunity for ed tech providers. It’s also a time of unprecedented change.
During 2020, over 40 million US students enrolled in K-12 moved to some form of distance learning with more than 30 million of those relying on online resources for learning. As a result of this sea change, in March 2021, the federal government added $7 billion dollars to the E-Rate program for schools to purchase one-to-one devices and internet connectivity. With all this new opportunity, there has never been a more important time for ed tech providers to protect children’s personal information and build trust with parents and educators.
What are the risks for ed tech providers? As policy makers nationwide adapt to the groundswell of reliance on learning technology, the regulatory landscape is changing, too. Across all fifty states, there are over 100 state privacy laws that apply to K-12 students and more are under consideration every legislative session.
PRIVO supports ed tech providers not only to meet regulatory requirements but to stay a step ahead while meeting their organizational or business needs. At the federal level, although there are just a few laws such as FERPA and PPRA, the consequences of not complying can be severe financial penalties, as well as brand damage. In 2019, Google paid the highest fine related to child privacy in American history at $170 million dollars.
For an example of how privacy concerns can damage a brand, look no further than the case of InBloom, a consortium that had a positive, child-centered mission. So, what went wrong? InBloom streamlined the availability of student data to those in the school system, from campus leaders to ed tech providers. However, it was quickly undermined by a perceived lack of transparency about how student data was handled: “When vocal opposition raised concerns about student data use potentially harming children’s future prospects or being sold to third parties for targeted advertising... participating states succumbed to pressure from advocacy groups and parents and, one by one, dropped out of the consortium.” Although there were no compliance issues per se, InBloom was closed the year after it launched. Its demise highlights the need to offer transparent and privacy-enhanced experiences for schools, educators and, above all, students.
Over the past few years ed tech providers have started to come under increased scrutiny. Google found itself in the firing line. New Mexico's attorney general brought an action against the tech giant, claiming its school tools tracked students' activities on their personal devices outside the classroom. It also faced a lawsuit last year from two students alleging it collected biometric data of thousands of students using its tools. Education platform Edmodo suffered a major data breach which exposed millions of students and teacher’s information online, highlighting the need to prioritize security measures and several Senators wrote to ed tech companies asking them to provide more information on their data collection and use practices.
With children’s privacy protections firmly in focus and the Children’s Online Privacy Protection Act (COPPA) Rule Review due, there has never been a better time for ed tech providers to ensure they have their house in order. PRIVO’s Student Digital Privacy Assured Program, offers a partnership designed to support the growth of brands and publishers by demonstrating commitment to privacy protection for students. The program helps ed tech providers to gain a full understanding of privacy risks and compliance obligations. PRIVO’s privacy experts will help define solutions to the most challenging privacy issues. The ed tech provider will be awarded a privacy assured trust mark and an official listing in PRIVO’s discovery platform, showing the world that it meets the highest standards of privacy for student users while at the same time protecting the brand and building trust.
The program is ideal for ed tech providers or any technology-focused organization that serves students. It sits along PRIVO’s FTC-approved COPPA Safe Harbor and GDPRkids™ programs, helping ed tech providers navigate not only FERPA, PPRA, SOPIPA and the California Codes but best practice and state legislation.
To learn more visit our Student Digital Privacy Assured Program page.
Written by: Patrick Davenport, Kids Privacy Assured Program Manager for Student Digital Privacy and Claire Quinn, Chief Privacy Officer at PRIVO