Privacy vs. Compliance Claims

A consumer watchdog told teachers to read learning apps’ privacy terms before assigning them, even as one vendor publicly pitched its AI school platform as compliant with three major U.S. education laws. (ftc.gov) Edves says its U.S. platform is “aligned with all 50 states’ academic standards” and “ESSA reporting,” and its global privacy policy says it is “FERPA Aligned” and “COPPA Compliant,” with an effective date of December 2025. The company’s U.S. site also says it serves 2,280-plus schools and 620,000-plus students. (edves.us, edves.com) That mix of claims sits next to a broad data collection list in Edves’ posted policy, including grades, attendance, curriculum progress, learning analytics, disciplinary records, special education information, IP addresses, device identifiers, login timestamps, and pages visited. The same policy says the platform serves students, parents, educators, school administrators, and institutional staff “across all regions where EDVES operates.” (edves.com) COPPA is the federal children’s privacy law for online services aimed at kids under 13 or that knowingly collect their data. The Federal Trade Commission said in January 2025 that its updated COPPA rule requires parents to opt in to targeted advertising practices and bars companies from sharing or monetizing children’s data without active permission. (ftc.gov, ftc.gov) FERPA is a different law: it governs education records held by schools and limits when personally identifiable information can be disclosed without consent. The U.S. Department of Education’s Student Privacy Policy Office says its job includes enforcing federal student privacy laws and giving schools technical guidance on privacy safeguards that go beyond bare federal compliance. (studentprivacy.ed.gov, ed.gov) ESSA, the Every Student Succeeds Act, is not a privacy statute. The Institute of Education Sciences says ESSA’s evidence rules are meant to help states and districts identify programs and practices that work, with tiers tied to study quality and sample size. (ies.ed.gov) Federal regulators have already warned that “school use” does not erase privacy duties for education technology companies. In May 2023, the Federal Trade Commission said Edmodo used children’s personal information for advertising without parental consent and unlawfully shifted its COPPA duties onto school districts. (ftc.gov, justice.gov) The Department of Education separately maintains pages for K-12 school officials and for education technology vendors, and says vendors handling student information should follow FERPA-focused best practices. Its student privacy site also lists “Education App Protection” and “Data Security” as standalone resources for schools and families. (studentprivacy.ed.gov, studentprivacy.ed.gov, studentprivacy.ed.gov) For teachers and district buyers, the practical split is straightforward: a vendor can say it is compliant, while regulators and privacy offices still expect schools to check what data the tool collects, why it collects it, who gets access, and whether any use goes beyond classroom purposes. The laws on the label and the data practices in the product are not the same thing. (ftc.gov, studentprivacy.ed.gov, edves.com)