Two key federal laws govern the collection, use, and sharing of children’s and educational data: the Children’s Online Privacy Protection Act (COPPA), which is overseen by the FTC, and the Family Educational Rights and Privacy Act (FERPA), which is overseen by the Department of Education.1
COPPA imposes certain requirements on operators of websites or online services directed at children under 13 years of age and on operators that have actual knowledge that they are collecting personal information from a child under 13. COPPA requires, among other things, that operators (i) provide adequate notice regarding the information collected from children; (ii) obtain verifiable parental consent for the collection, use, or disclosure of a child’s personal information; and (iii) provide parents and legal guardians the right to request to review, delete, and stop further collection of their child’s personal information.2
FERPA regulates how education records may be accessed, stored, and shared. It requires educational agencies and institutions to provide parents or qualifying students access to their education records and restricts how an educational agency or institution may share student data with third parties.3
1 See 15 USC §§ 6501-6505 (COPPA); 20 USC § 1232g (FERPA).
2 16 CFR § 312.
3 34 CFR § 99.