In today's digitally integrated classroom, educational technology (EdTech) has become an indispensable tool. But as our children's educational experiences move online, a critical question emerges: Who's watching your child? This guide is designed to help parents understand the landscape of student data privacy, know their rights, and ask the right questions to protect their child's digital footprint.
What Data Is Being Collected?
It's more than just names and grades. Educational technology can collect a vast spectrum of data, often without parents or students realizing the full extent. This can include:
- Personally Identifiable Information (PII): This is data that can be used to identify an individual, such as a full name, address, student ID number, and other personal details.
- Academic & Performance Data: This includes test scores, assignment results, academic progress, and areas where a student may be struggling.
- Behavioral & Engagement Data: Many apps track how students use the platform—how long they take to answer a question, what they click on, how much time they spend on a module, and even patterns of behavior.
- Metadata: This is data about the data, such as the time a student logs in, the type of device they are using, their IP address, and their location.
- Inferred Data: Some sophisticated platforms use algorithms to make inferences about a student's interests, learning style, or even future academic potential based on their activity.
What Are My Rights Under FERPA/COPPA?
Two key federal laws form the bedrock of student data privacy in the United States. Understanding them is the first step to becoming an effective advocate for your child.
FERPA (Family Educational Rights and Privacy Act)
This law gives parents specific rights over their child's "education records."
- Right to Access: You have the right to inspect and review your child's education records maintained by the school.
- Right to Request Amendments: If you believe information in the records is inaccurate or misleading, you have the right to request that the school amend it.
- Right to Consent to Disclosures: Schools must have your written permission before disclosing your child's personally identifiable information from their education records. However, there are exceptions, including disclosures to "school officials" with a "legitimate educational interest," which can include EdTech vendors.
COPPA (Children's Online Privacy Protection Act)
This law is designed to protect the online privacy of children under the age of 13.
- Parental Consent: COPPA requires that websites, apps, and online services obtain verifiable parental consent before collecting personal information from a child.
- School as Intermediary: In the school context, the Federal Trade Commission (FTC) allows schools to consent on behalf of parents for the use of an EdTech service, but only for educational purposes. The data collected cannot be used for commercial purposes, like advertising to your child.
5 Questions to Ask Your School's IT Director
Your school's technology department is your most valuable resource. Don't be afraid to reach out and ask informed questions. Opening a respectful dialogue is key.
- "What EdTech tools and services are currently approved for use in my child's classroom, and what is the educational purpose of each?" This question establishes a baseline, requesting a list of the technology being used so you can do your own research.
- "How does the school/district vet the privacy policies and security practices of these EdTech vendors before approving them?" This gets to the heart of the school's process. You want to know if they have a formal review procedure that prioritizes student privacy.
- "Where can I review the specific privacy policies and data-sharing agreements the school has with these vendors?" Schools should be able to provide this information. Transparency is a key indicator of a strong privacy posture.
- "What specific types of student data are shared with each vendor, and how is that data used by the company?" This is a crucial follow-up. It's not just about what's collected, but how it's used. You're looking for assurance that data is used strictly for educational purposes.
- "What happens to my child's data when they leave the school or when a contract with a vendor ends?" This is about the "data lifecycle." Data should be securely deleted after it is no longer needed. You want to ensure your child's information isn't retained indefinitely.
Red Flags to Watch For
When you review an EdTech company's privacy policy or terms of service, keep an eye out for these warning signs:
- Vague or Overly Broad Language: Policies that state they can collect "any information we deem necessary" or can "change the policy at any time without notice" are major red flags.
- Data for Commercial Use: Be wary of any language that suggests student data will be used for targeted advertising, marketing profiles, or any purpose other than the direct educational service.
- Data Ownership Claims: The school should retain ownership of student data. If a vendor's policy claims ownership of the data uploaded to its platform, that is a significant concern.
- Lack of Deletion Policy: The policy should clearly state how and when student data is deleted upon request or at the end of a contract. If this is missing, it's a red flag.
- Sharing with "Third Parties": Look out for vague terms about sharing data with unspecified "third parties" or "partners" for purposes beyond the core educational service. You want to see exactly who data is being shared with and why.
Protecting your child in the digital age requires a new kind of vigilance. By understanding the data, knowing your rights, and asking the right questions, you can become an empowered partner in ensuring that educational technology serves its true purpose—to educate, not to exploit.
