Protecting Children’s Online Privacy

Most educators and parents do not realize that online learning companies contracted by school districts are allowed to collect, store and sell personal data about their children. Informed educators must decide whether to use programs from these private companies. If they use them, educators can let parents know they have the right to opt out their child.

For example, Achieve 3000, a cloud-based literacy program, asks students to write about how they feel about topics such as war and terrorism, both before and after reading articles about these topics. Student responses are not scored by the teacher or program, but they are collected by the company. Parents may decide they do not want a corporation to collect social-emotional data on their child.

The Law

The Children’s Online Privacy and Protection Act (COPPA) is a federal law, passed in 1998 and expanded in 2012, detailing how websites, apps, and other online operators collect data and personal information about children under the age of 13. Among other things, COPPA says that tech companies making apps, websites, and online programs/tools for children under 13 must:
  • Have a “clear and comprehensive” privacy policy.
  • Get parental consent before collecting children’s information.
  • Not use children’s data for marketing purposes.

The Federal Trade Commission says that for specific programs/tools, such as individualized education modules, online research and organizational tools, or Web-based testing services, “Schools may act as the parent’s agent and can consent to the collection of kids’ information on the parent’s behalf. However, the school’s ability to consent for the parent is limited to the educational context.”

While this shifted responsibility for COPPA compliance to schools and educators, it also meant that schools have the right to know what information is collected, review that information, and request that it be deleted and/or prevented from further use.

California’s landmark Student Online Personal Information Protection Act (SOPIPA), enacted in 2014, shifts responsibility for appropriate data use from schools/districts back to the tech companies and other vendors. Companies must comply whether or not they have a contract with the school/district. SOPIPA protects students and their parents from targeted advertising and having their information collected and shared for noneducational purposes.


What can teachers do? 

Common Sense suggests ways that educators can help protect children’s privacy:

1. Know your school’s policies on adopting new technologies and follow them. Does your school or district have an approved list of apps and sites for student use? Chances are, students’ data privacy issues were a big part of the decision to approve — or not approve — a tool/program.

2. Choose your classroom tech wisely. (Common Sense offers Privacy Evaluations for many of the most popular edtech tools.)

  • Stick to tools designed with education in mind, especially if kids are going to sign up and create accounts.
  • When you bring new tech into your classroom, be mindful about how the tools ask kids to sign up, enter personal information, or share anything online.
  • Always get parental consent first — send a note home to ask for permission.
  • Avoid apps, games or websites that seem focused on advertising.
  • Be cautious with tools that claim to be for education, but are also aimed at consumers or the business world.

More information and resources

Every child deserves a chance to learn and no child succeeds alone.

© 1999- California Teachers Association