Blog: Student Data Privacy Articles

Practical tips, best practices, and useful student data privacy resources.

CCPA student data privacy

The California Consumer Privacy Act Bolstering Student Data Privacy Goes into Effect

The start of the new year brings big changes to the privacy landscape in California. Effective January 1, 2020, the California Consumer Privacy Act of 2018 (CCPA) becomes law. The CCPA protects the personal information of all California residents collected by any company doing business in the state of California. Edtech companies that collect PII from California students are also bound by this new law.

The big takeaway for school districts and edtech companies is that while COPPA regulates information privacy for children up to age 13, CCPA extends that protection to children up to age 16. This means that students’ PII is protected from preschool through most of high school—so companies and districts should align their compliance plans for the entire PK–12 student population.

Much like the European GDPR security law, the CCPA expands the definition of personal information to include things like IP addresses, geolocation information, and inferences drawn from personal data to create a data profile of a consumer. “While all consumers have the right to ‘opt out’ of a sale of their information, consumers under the age of 16 must ‘opt in’ before their personal data is sold. (If the user is under the age of 13, the student’s parent or guardian must opt in.)”[1] 

It is important to note that the CCPA does not supplant the existing California Student Online Personal Information Protection Act (SOPIPA). How the two laws will co-exist remains to be seen as CCPA is designed for general consumer protection (and students fall within that category), whereas SOPIPA is focused on students exclusively. Most data elements categorized as “covered information” under SOPIPA are already protected as PII under federal laws, such as FERPA and COPPA.[2] 

How Do School Districts Navigate the Requirements of Multiple Laws?

The various federal and state laws are intended to prevent violations of student data privacy with newer laws enacting stricter privacy guidelines. But how the laws overlap or work together presents a complicated picture as the CCPA is in effect on January 1st and is retroactive to January 1, 2019. Protecting student privacy, understanding how edtech vendors and service providers are currently handling data, and monitoring their privacy policy changes over time is a monumental task for districts. Keeping track of the details of how new legislation impacts current practice is also a challenge. 

Managing process and policies for protecting student PII is a challenge for any sized district, but especially ones with limited resources. EdPrivacy presents a solution. EdPrivacy utilizes machine learning-based artificial intelligence to create privacy scores for more than 10,000 apps and digital resources used in classrooms. The scores help educators and administrators quickly identify safe online technologies and easily determine which service providers respect and protect student data privacy. With EdPrivacy, school district leaders better understand school privacy laws for students, and enjoy student data privacy peace of mind. 

Benefits of EdPrivacy include:

  • Partner with trusted experts in school student data privacy.
  • Access a database of privacy scores for more than 10,000 of the most-used online education resources.
  • Understand which education technologies respect and protect sensitive student information.
  • Instill parent confidence that the district is proactively protecting student information online.
  • Publish and maintain a list of safe-to-use technologies approved for use in the classroom. 
  • Reduce risk of data breach and ensure compliance with FERPA, COPPA, and state privacy laws. 

For a free trial, visit here.

[1] Retrieved from
[2] Retrieved from