Chapter 10: Education Privacy

Edtech under COPPA and Self-Regulation

In 2022 the FTC announced it would police edtech through COPPA, prohibiting use of children's data for commercial purposes, barring unreasonable mandatory collection and over-retention, and requiring security. Self-regulation includes the Student Privacy Pledge, whose violation is enforceable as a deceptive trade practice under Section 5 of the FTC Act.

In 2022 the Federal Trade Commission announced it would concentrate scrutiny of edtech through enforcement of COPPA. Its focus areas are below.

Prohibiting use of children's information for commercial purposes such as advertising
Prohibiting requiring more information than is reasonably necessary to participate
Prohibiting retention longer than reasonably necessary for the company's purpose
Requiring procedures for confidentiality, security, and integrity of children's personal data

Pledge enforced via FTC Act Section 5

The Student Privacy Pledge (2014, 400+ signatories by 2020) bars selling student personal information, behavioral ad targeting of students, and profile-building for non-educational purposes. Violating the pledge makes a company subject to enforcement as a deceptive trade practice under Section 5 of the FTC Act.

Key terms - quick answers

What is “COPPA”?

The Children's Online Privacy Protection Act, enforced by the FTC, which limits how covered companies including edtech use personal information obtained from children.

What is “Student Privacy Pledge”?

A self-regulatory pledge created in 2014 by the Future of Privacy Forum and the Software and Information Industry Association, with over 400 signatories by 2020.

← Education Technology and FERPA State Student Privacy Laws and SOPIPA →