FTC and ED to Host Workshop to Explore Privacy Issues Related to Education Technology

Written By ESR News Blog Editor Thomas Ahearn

The Federal Trade Commission (FTC) and the Department of Education (ED) will co-host an workshop on “Student Privacy and Ed Tech”  on December 1, 2017, to examine how the FTC’s Rule implementing the Children’s Online Privacy Protection Act (COPPA) applies to schools and intersects with the Family Educational Rights and Privacy Act (FERPA) that is administered by the ED, according to a FTC press release.

The FTC and ED workshop – which is free and open to the public – will be held at the Constitution Center, 400 7th St., SW, Washington, DC and will be webcast live on the FTC website. The workshop is intended to clarify how the FTC and ED can ensure student privacy is properly protected without interfering with Ed Tech. An agenda, directions to the Constitution Center building, and a list of speakers will be available on the event webpage.

The use of educational technology – or “Ed Tech” – has exploded over the past several years. More than half of K-12 students have access to a school-issued personal computing device, and many school districts have implemented an online curriculum. The workshop will help provide additional guidance to schools, Ed Tech providers, and parents. To help promote discussion, the FTC and ED are inviting comments on questions including:

• Are the joint requirements of FERPA and COPPA sufficiently understood when Ed Tech providers collect personal information from students?
• Under what circumstances is it appropriate for a school to provide consent under COPPA and what is the process for properly obtaining the consent?
• How should requirements concerning notice, deletion, and retention of records be handled and by whom and when?
• COPPA and FERPA both limit the use of personal information collected from students by Ed Tech vendors. What are the appropriate limits on the use of this data?
• How do schools maintain “direct control” over Ed Tech providers when they rely on the School Official Exception to FERPA’s general consent requirement?

First issued in 2000, the COPPA Rule requires operators of websites and online services to obtain parental consent before collecting, using, or disclosing personal information from children under 13. FTC staff has provided guidance about the Rule to schools and determining that schools could act as intermediaries between Ed Tech providers and parents in the notice and consent process, or act as the parents’ agent for purposes of providing consent to providers.

Passed in 1974, FERPA is a federal law that protects the privacy of student education records by prohibiting educational institutions from disclosing student education records without prior written consent from a parent. The ED issued guidance explaining this prohibition does not preclude the use of educational technology in the classroom provided the requirements of the “School Official Exception” to FERPA’s written consent requirement are followed.

While both agencies have continued to provide additional guidance, questions remain about the intersection of COPPA and FERPA. As schools find new ways to help enhance learning through education technology, they must ensure these efforts comply with federal laws designed to help protect the privacy of children and students. A full list of questions and information about how to submit comments is in the public notice about the workshop.

ESR Re-Certifies EU-U.S. Privacy Shield Enforced by FTC

The EU-U.S. Privacy Shield Framework is designed to allow companies to transfer consumer data from the European Union (EU) to the United States (U.S.) in compliance with EU law. Although the decision to join Privacy Shield is voluntary, self-certification is enforceable under U.S. law by either the FTC or the U.S. Department of Transportation (DOT). The official Privacy Shield Framework website is at www.privacyshield.gov.

Employment Screening Resources® (ESR) has received notification from the U.S. Department of Commerce’s International Trade Administration (ITA) that its annual submission of self-certification of adherence to Privacy Shield has been finalized and effective as of September 22, 2017. To learn more, read a blog bout ESR’s Privacy Shield re-certification or visit the ESR website at www.esrcheck.com.

NOTE: Employment Screening Resources® (ESR) does not provide or offer legal services or legal advice of any kind or nature. Any information on this website is for educational purposes only.

© 2017 Employment Screening Resources® (ESR) – Making copies or using of any part of the ESR News Blog or ESR website for any purpose other than your own personal use is prohibited unless written authorization is first obtained from ESR.