Back to School: Ed Tech and Student Commercial Surveillance
The pandemic created a shift to virtual schooling and online learning and resulted in an ed tech industry boom. Ed tech, or online educational services, continues to grow and evolve.
With the growth of the industry, children’s privacy issues have also heightened. The collection of children’s personal information in the school and ed tech context and the data’s use and monetization for commercial purposes continue to present concerning issues.
The Federal Trade Commission is the government’s consumer protection watchdog. Its authority includes enforcing the Children’s Online Privacy Protection Act, a law that aims to protect kids’ privacy online by regulating the collection of personal data for commercial purposes by web sites, including ed tech sites, that are targeted to children under 13 years of age. When a company fails to follow this law, the FTC can sue.
Recently, the FTC issued a Policy Statement putting ed tech companies on notice that it will be keeping a close eye on them to make sure they comply with their obligations under COPPA. In the Statement, the FTC stated that it will “scrutinize compliance” with all aspects of the law.
COPPA requires that ed tech websites provide notice of their information collection and use practices and obtain parental consent to the collection of children’s personal information. It also subjects ed tech providers to a prohibition against mandatory data collection, data use and retention prohibitions, and imposes security requirements.
To be in compliance ed tech providers must not condition participation in any activity on a child disclosing more info than is reasonably necessary for the child to participate in the activity. In addition, ed tech companies are limited in how they can use the personal info they collect from children: ed tech companies that collect personal info pursuant to school authorization may not use the info for any commercial purpose unrelated to the provision of the school-requested online service. They also must not retain children’s personal data longer than reasonably necessary to fulfill the purpose for which it was collected (such as for a speculative future use). Finally, ed tech companies must have procedures in place to maintain the confidentiality, security, and integrity of children’s personal information.
In the virtual schooling/remote learning context, information collection and monitoring may occur for purposes beyond commercial surveillance: teachers view students’ online activity in real time, software blocks access to impermissible sites students try to visit, educators view inside students’ homes without family knowledge, student-teacher interactions are recorded, school-issued devices are tracked, etc. Parents and guardians should be aware of all of their school’s ed tech and remote learning privacy practices.
Parents and guardians should know that children do not have to give up their privacy by providing their personal information in exchange for doing their schoolwork or participating in remote learning. Commercial surveillance of children as the price for their education is not acceptable and the FTC will make sure that ed tech companies who act illegally will be taken to task.
The information contained in this column is provided for informational purposes only and should not be construed as legal advice. Any opinions expressed are solely those of the author.
By Gille Ann Rabbin, Esq., CIPP/US, CIPP/E