Edmodo operates platforms and related apps that let teachers create accounts and invite students and parents to join their virtual classroom. Using Edmodo, teachers can host discussions, share materials, give quizzes, and communicate privately with students and parents. Edmodo offers a free version, which any teacher whatsapp data can use, and a paid version, to which school districts can subscribe. To register, students had to provide their name and email address. At certain times, Edmodo also asked for their date of birth and phone number.
According to the complaint, both versions of the Edmodo platform collected additional personal information from kids – for example, their school, where they were located, and a profile picture. In addition, Edmodo automatically collected certain use and device information, including cookies, IP address, and geographic location based on the IP address. What’s more, the complaint alleges Edmodo collected persistent identifiers from students’ devices and used that information to serve up advertising on its free platform.
The FTC says kids as young as kindergarteners had Edmodo accounts and the company estimated that around 600,000 students under 13 used its platform in 2020 alone. In other words, according to the complaint, Edmodo gathered all that data without parental permission and without complying with the requirements of the COPPA Rule.
So who’s responsible for COPPA compliance? Under COPPA, schools can authorize the collection of personal information from students on behalf of parents, but only in limited circumstances. A website operator like Edmodo first must notify the school of its collection, use, and disclosure practices. And schools can authorize collection, provided the personal information is used only for an educational purpose – and most certainly not to serve up ads, as Edmodo was doing.