- Recent DOJ ADA Web Accessibility Guidance Creates Compliance Questions, not Answers
- New Presidential Directive for Foreign Investment Reviews of U.S. Technology and Data Companies
- FTC Launches “Commercial Surveillance and Data Security” Rulemaking
- Cybersecurity Disclosures Required by the SEC’s Recently Proposed Rules
- The Future is Now: Data Subject Requests in 2023
- FTC Scrutinizes Children’s Privacy Issues Involving Education Technology
- Utah Becomes the Fourth State to Enact a Comprehensive Privacy Law
- Courts Requiring General and Professional Liabilities Policies to Respond to Cyberattacks
- The US and EU Announce a New Trans-Atlantic Data Privacy Framework
- BIPA Claims Following the McDonald Decision
- September 2022
- August 2022
- June 2022
- May 2022
- April 2022
- March 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- April 2020
- March 2020
Legal developments in data, privacy, cybersecurity, and other emerging technology issues
As schools increasingly are adjusting to remote learning and utilizing education technology (“ed tech”) services, both schools and their ed tech service providers need to consider the appropriate collection and usage of student personal information. Here are some tips for protecting students’ privacy and safeguarding personal data:
When does COPPA apply to ed tech services used for remote learning? COPPA generally requires companies that collect personal information online from children under age 13 to provide notice of their data collection and use practices and obtain verifiable parental consent. In the educational context, however, the Federal Trade Commission (“FTC”), which enforces COPPA, has indicated that schools can consent on behalf of parents to the collection of student personal information if such information is used for a school-authorized educational purpose and for no other commercial purpose. This is true whether the learning takes place in the classroom or at home at the direction of the school.
For the ed tech service to obtain valid consent from the school instead of from the parent, the service must provide the school with the necessary COPPA-required notice of its data collection and use practices. As a best practice, the FTC recommends that ed tech services make the COPPA notice available to parents, and, where feasible, let parents review the personal information collected. In addition, ed tech services should use plain language that students, parents, and educators can easily understand.
What should schools using ed tech services be doing? While COPPA generally does not impose obligations directly on schools, the FTC recommends that they consult with attorneys and information security specialists to review the privacy and security policies of the ed tech services they use for remote learning. The school or school district should give parents a notice of the websites and online services whose collection they have consented to on behalf of the parent. In deciding which online technologies to use with students, a school should be careful to understand how an operator will collect, use, and disclose personal information from its students. Among the questions that a school should ask potential operators are:
- What types of personal information is collected from students?
- How is the personal information used?
- Is the information used or shared for commercial purposes not related to the provision of the online education services requested by the school?
- What administrative, technical, and physical measures are taken to protect the security, confidentiality, and integrity of the personal information that is collected?
- What are the data retention and deletion policies for children’s personal information?
- Do existing privacy policies reflect the current data handling practices? Are the privacy policies clear and accessible to students, parents, and educators?
If you would like to learn more about these issues, please connect with a Honigman attorney in the Data Security and Privacy Litigation group.