The Children's Online Privacy Protection Act, or COPPA as it is affectionately referred, requires entities covered by the law to notify parents and get their approval before they collect, use, or disclose personal information from children. COPPA has many grey areas and after its most recent revision, many companies have been scrambling to make sure that they are coloring between the lines.
One question that is often raised is how does COPPA apply to the schools? Lesley Fair from the FTC wrote a recent blog post trying to help folks get some insight to where the FTC lands on this issue. She states simply,
"Schools – which are usually part of the local government – don’t fall within the legal definition of who’s covered by COPPA because they aren’t commercial “operators.” That said, schools sometimes allow, or even require, students to use sites and services that are covered by COPPA and which must provide notice and get verifiable parental consent."
It seems as though, based on COPPA's statement of purpose, according to Fair, that COPPA has carved out an exception in COPPA where it allows the schools to act as intermediaries for parents in the educational setting. This ability to give consent on the parent's behalf is limited though, naturally, to the educational context--in other words, this privilege does not extend to commercial use. Schools of course remain responsible for protecting students' privacy, which we think makes sense.
Visit the FTC's website to learn more about COPPA in Schools.