Congress enacted the Children’s Online Privacy Protection Act (COPPA) in 1998, which is regulated by the Federal Trade Commission, not the US Department of Education. 

The primary goal of COPPA is to allow parents to have control over what information is collected online from their children under age 13.  The law applies to any operators of  websites,  online services including web-based testing, programs  or "apps” that collect, use, or disclose children’s personal information, whether at home or at school.  However, COPPA only applies to personal information collected online from children; it does not cover information collected from adults that may pertain to children.

The personal information can include the child’s name,email, phone number or other persistent unique identifier, and information about parents, friends and other persons. The law recognizes that the school can consent on behalf of the parent to create accounts and enter personal information into the online system– but only where the operator collects personal information for the use and benefit of the school, and for no other commercial purpose. Unfortunately, many schools fail to engage in proper due diligence in reviewing third-party privacy and data-security policies, and inadvertently authorize data collection and data-mining practices that parents find unacceptable.

What rights do parents have under COPPA?

Per FTC guidance on best practices, your school should be providing you with a list of all the online programs that your child participates in school and at home which are collecting your child’s personal information.   If your under-13 child is participating in an online program from a service provider or commercial website collecting personal information, whether for instructional, testing, or other purposes, the school and/or vendor or service provider must provide you with a clear and prominent privacy policy and use practices on its website or elsewhere, including the following:

  1. The name, address, telephone number, and email address of the vendors collecting or maintaining personal information through the site or service;
  2. A description of what personal information the operator is collecting, including whether the website or program enables children to make their personal information publicly available, how the operator uses such information, and the operator’s disclosure practices for such information; and
  3. That the parent can review or have deleted the child’s personal information and refuse to permit its further collection or use, and provide the procedures for doing so.

Best practice on the part of the school would also be to require written consent from parents if their child under 13 is using such a program, especially if the program contains ads or any marketing material.

In any event, whether the online operator receives consent from the school or the parent, the operator must, upon request, provide parents with the following information.

  1. A description of the types of personal student data collected;
  2. An opportunity to review your child’s information and/or have it deleted;
  3. The ability to opt their child out of any further use of that program.

For FAQs on COPPA, see here:


You can also contact the FTC to ask questions or issue a complaint if the online operator refuses to provide you with these rights by emailing

Instructions on how to exercise your COPPA rights

COPPA Disclosure Request Form

COPPA Opt-Out Form   (submitted to online vendors/service providers)    

COPPA Opt-Out Form  (instructing school/district to contact online vendors/service providers on your behalf)



Register To Support Stopping Common Core in CTHelp Support CT Against Common Core
Copyright © 2013 Connecticut Against Common Core. All Rights Reserved.
Contact     Disclaimer     Site Map