Jack Becker writes:
COVID-19 and Edtech Platforms
COVID-19 has presented obstacles to in-person learning, with many schools opting to use education technology (“edtech”) platforms as a solution. However, concerns about student privacy have emerged, including those related to commercial companies entering the education sector. To meet the requirements of the Family Educational Rights and Privacy Act (“FERPA”), some consumer-facing vendors have established different privacy policies for their education platforms, setting stricter limits on advertising, for example, than for their commercial platforms. Despite these efforts, challenges in meeting FERPA’s requirements may still exist.
FERPA’s School Official Exception
FERPA restricts the disclosure of personally identifiable information (“PII”) from education records, including disclosure to edtech platforms. Many schools disclose PII to edtech platforms under FERPA’s “school official exception,” which allows a platform to receive PII from education records without parental consent if it: (1) “performs an institutional service or function,” (2) has “a legitimate educational interest” in the education records, (3) “is under the direct control” of the school “with respect to the use and maintenance of education records,” and (4) uses education records only for authorized purposes and does not redisclose PII from education records to other parties without consent.
Read more on CDT or download a pdf version of the 2-pager here.