What Is COPPA?

Protecting kids' data isn't always easy, but it's a priority for anyone choosing and using tech in schools. The widespread adoption of edtech tools and emerging AI applications has compounded challenges: A 2025 survey conducted by the Consortium for School Networking highlights the struggles school district technology officers face in establishing comprehensive privacy policies. And a 2022 study from Internet Safety Labs found that 96% of apps used in K–12 schools shared personal information with third parties and advertisers.

But the updated Children's Online Privacy and Protection Act, more commonly known as COPPA, mandates stricter rules about how websites, apps, and other online operators collect data and personal information from kids younger than 13. Even though the law is designed to give parents and guardians control over what information companies collect from children, widespread use of edtech in schools makes it paramount that educators' and school leaders understand COPPA basics. 

Here are some things to know:

Parental consent: Companies must provide notice and obtain verifiable parental consent before collecting information from kids. The updated law prohibits sharing and monetizing children's data without active permission. However, schools may grant consent on behalf of parents or guardians as long as collected data is used for educational purposes. 

Privacy policy: Companies must have a "clear and comprehensive" privacy policy that describes what information is collected from kids.

Security: Companies must keep information they collect from kids confidential and secure. In addition, companies now have stricter limits on data retention.

In short, COPPA updates should result in more transparency from edtech companies and app developers who offer services to schools.

Best Practice for Schools

It's also important to know that even though the law specifically regulates technology companies, teachers and schools aren't off the hook when it comes to understanding the law and its intent.

In addition to knowing when teachers and schools can consent on behalf of parents, schools should also follow other best practices with respect to COPPA. This includes conducting appropriate due diligence in vetting products and providing appropriate information to parents, like names of sites or services the school has consented to on behalf of parents as well as the information practices of those sites and services.

What Can Teachers Do?

• Know your school's policies on adopting new technologies and follow them. Does your school or district have an approved list of apps and sites for student use? Chances are, students' data privacy issues were a big part of the decision to approve—or not approve—a tool.
• Choose your classroom tech wisely.
  • Stick to tools designed with education in mind, especially if kids are going to sign up and create accounts. Products that commercialize student learning are not recommended.
  • When you bring new tech into your classroom, be mindful about how the tools ask kids to sign up, enter personal information, or share anything online. Choose products that minimize and avoid unnecessary information collection.
  • Always provide information to parents about what tools you're using in the classroom.
  • Avoid apps, games, or websites that seem focused on advertising. Unfortunately, this often includes free tools, unless they're sponsored by an organization or other funders.
  • Be cautious with tools that claim to be for education but are also aimed at consumers or the business world.
• Inform kids about their own privacy and data security. Teaching kids best practices about protecting their own online privacy is a piece of the puzzle too! Understanding why and how to keep private information secure is important.
• Not sure about a technology tool? The Common Sense Privacy Program can help. These evaluations identify and explain the privacy risks in ways that are easy to understand. Search for a specific tool, or request an evaluation if you don't see that product's evaluation.