Children’s Privacy in Schools: Who’s Actually Responsible?

September 7, 2023
5 min

This year, President Biden released an op-ed in the New York Times calling for bipartisan unity in the support of privacy legislation at a federal level. One of the primary focuses for this call to action was the preservation of our children’s privacy.

And while this is great in theory, the actual execution leaves many questions - especially when we discuss the public school system and the use of ed-tech to enable remote learning.

COPPA Doesn’t “Impose Obligations” on Schools

The Children’s Online Privacy Protection Act (COPPA) was first enacted in 1998, and has since gone through multiple evolutions to meet the needs of expanding technology. According to the FTC, COPPA doesn’t “impose obligations on schools.”

Instead, it distributes the responsibility of maintaining students’ data privacy between ed-tech providers and instructors. The companies supporting ed-tech are provided with a set of standards that they must meet in order to operate within the constraints of the law. And school systems are tasked with choosing ed-tech that is beneficial and safe for students.

In addition to elevated data security standards, COPPA places strict guidelines on the information conveyed in the company’s privacy policy, and demands that all ed-tech providers gain consent from parents of children under 13 before collecting and storing any data.

Student Privacy is a Gray Area

Therein lies the first problem. When a child turns 14, they lose certain protections associated with COPPA. Unfortunately, kids often lack the depth of understanding of data privacy to make informed decisions about what they share and who they share it with.

The teenage brain isn’t fully developed until the mid-twenties, meaning that children shouldn’t be making decisions that could impact the future integrity of their personal information at 14. It’s not uncommon for ed-tech companies to experience data breaches. Meaning that the data of a student over the age of 13 could be harvested and exploited because it was shared without anyone performing due diligence.

That’s the first huge gap in student protections. The second is the gray area that many schools operate in when gaining “digital consent” from parents. Schools are sometimes considered a proxy for the parent, and are empowered to make certain decisions on behalf of the students.

So when parents are asked to sign a blanket digital consent form at the beginning of the school year, they may be yielding more power to the school than they realize. While COPPA recommends that school administrators gain permission for each piece of ed-tech they use, many consider that blanket consent to be good enough.

Furthermore, schools should make parents aware of exactly what data each piece of ed-tech collects, how it is used, how it is stored, and when it will be destroyed. Parents also have the right to ask for this information or that their child’s data be purged at any time.

As long as parents don’t know they can exercise these rights, schools won’t be held accountable for their complacency in some ed-tech abuses of their child’s data. Unfortunately, schools aren’t always properly informed of their responsibility for students’ privacy - and this proves an additional area that’s lacking in larger administrations.

Will New Legislation Provide a Solution?

This is a complicated question. The best answer is that new legislation will be the start of a much larger solution. The best, and only, way to truly protect the data privacy of students is to adopt a fully consensual personal data collection stance in totality within the United States. This would result in companies being required to gain very clear permissions before collecting, using, or storing any data.

Data would need to be anonymized to be used for any type of market or business research, pushing companies to rely on consumer behavior rather than individual profiles to customize online experiences.

We are heading in the right direction, but parents and people in general need to fully understand what privacy means, and what they can do to ensure they preserve their right to it.

Want to continue the discussion? Click here to join the Cloaked Discord Community, and stay on top of the latest privacy news, tips, and product updates.

View all