Chapter 10: Education Privacy

Education Technology and FERPA

Edtech companies that handle student data are subject to FERPA. The 2014 Google Apps for Education lawsuit (with EPIC alleging FERPA violations over email scanning) prompted 2014 Department of Education guidance telling schools to assess case by case whether edtech partners use FERPA-protected data.

In 2014, California students who used Google's free Apps for Education sued, accusing Google of scanning millions of student emails. EPIC asserted the practice violated FERPA and urged a Department of Education investigation. Soon after, Google agreed to change its practices so the email information could not be used for commercial purposes.

2014 guidance: case-by-case

The 2014 Department of Education guidance instructs schools and universities to determine, case by case, whether edtech partners use FERPA-protected data. If so, the schools must ensure FERPA requirements are met. In 2020 the Student Privacy Policy Office added a framework for evaluating edtech terms of service for virtual learning.

Key terms - quick answers

What is “Edtech”?

Companies providing software, apps, and web-based tools to educators, students, and parents, whose data practices are subject to the chapter's privacy laws.

What is “EPIC”?

The Electronic Privacy Information Center, a nongovernmental organization focused on civil liberties and privacy.

← FERPA and the HIPAA Privacy Rule Edtech under COPPA and Self-Regulation →