FTC sues ed tech company for violating school kids’ privacy
Публикувано на: 03 Окт 2023, 13:26
Educational technology hasn’t totally overtaken chalk dust and penmanship, but ed tech certainly has found its way into schools. A proposed settlement with Edmodo, LLC, alleges the ed tech company violated the Children’s Online Privacy Protection Act Rule and the FTC Act by collecting personal information from school kids without their parents’ consent, using that data for advertising purposes, and unfairly requiring schools and teachers to comply with COPPA on its behalf. If you’ve been wondering who bears the bottom-line responsibility for complying with COPPA in the school setting, we’ll cut to the chase: It’s the ed tech company. The action against Edmodo illustrates that fundamental principle – and much more.
Edmodo operates platforms and related apps that let teachers create accounts and invite students and parents to join their virtual classroom. Using Edmodo, teachers can host discussions, share materials, give quizzes, and communicate privately with students and parents. Edmodo offers a free version, which any teacher whatsapp data can use, and a paid version, to which school districts can subscribe. To register, students had to provide their name and email address. At certain times, Edmodo also asked for their date of birth and phone number.
According to the complaint, both versions of the Edmodo platform collected additional personal information from kids – for example, their school, where they were located, and a profile picture. In addition, Edmodo automatically collected certain use and device information, including cookies, IP address, and geographic location based on the IP address. What’s more, the complaint alleges Edmodo collected persistent identifiers from students’ devices and used that information to serve up advertising on its free platform.
The FTC says kids as young as kindergarteners had Edmodo accounts and the company estimated that around 600,000 students under 13 used its platform in 2020 alone. In other words, according to the complaint, Edmodo gathered all that data without parental permission and without complying with the requirements of the COPPA Rule.
So who’s responsible for COPPA compliance? Under COPPA, schools can authorize the collection of personal information from students on behalf of parents, but only in limited circumstances. A website operator like Edmodo first must notify the school of its collection, use, and disclosure practices. And schools can authorize collection, provided the personal information is used only for an educational purpose – and most certainly not to serve up ads, as Edmodo was doing.
Edmodo operates platforms and related apps that let teachers create accounts and invite students and parents to join their virtual classroom. Using Edmodo, teachers can host discussions, share materials, give quizzes, and communicate privately with students and parents. Edmodo offers a free version, which any teacher whatsapp data can use, and a paid version, to which school districts can subscribe. To register, students had to provide their name and email address. At certain times, Edmodo also asked for their date of birth and phone number.
According to the complaint, both versions of the Edmodo platform collected additional personal information from kids – for example, their school, where they were located, and a profile picture. In addition, Edmodo automatically collected certain use and device information, including cookies, IP address, and geographic location based on the IP address. What’s more, the complaint alleges Edmodo collected persistent identifiers from students’ devices and used that information to serve up advertising on its free platform.
The FTC says kids as young as kindergarteners had Edmodo accounts and the company estimated that around 600,000 students under 13 used its platform in 2020 alone. In other words, according to the complaint, Edmodo gathered all that data without parental permission and without complying with the requirements of the COPPA Rule.
So who’s responsible for COPPA compliance? Under COPPA, schools can authorize the collection of personal information from students on behalf of parents, but only in limited circumstances. A website operator like Edmodo first must notify the school of its collection, use, and disclosure practices. And schools can authorize collection, provided the personal information is used only for an educational purpose – and most certainly not to serve up ads, as Edmodo was doing.