The start of the school year is an exciting time and it’s tempting to start using the latest edtech tool or app you discovered over the summer. However, before you dive into new edtech apps, here are a few basic guidelines to keep you on the sunny side of your school or district technology policies, as well as state and federal law.

1. Don’t sign up for an app or service without checking with your school/district.

Some schools and districts have systems in place to vet educational apps and websites to ensure they comply with state and federal privacy laws and align with district curriculum guidelines. If you want to use social media in the classroom, you should first check your school or district’s acceptable use policies around social media and talk to your school’s technology administrator.

2. Don’t assume an app or tool is safe to use in the classroom just because you heard about it at a conference.

This is an easy trap to fall into. A perfect example of this is the use of voice-activated assistants such as Amazon Echo and Google Home in the classroom. These are consumer technologies, not education technologies, meaning they may not be designed to easily comply with laws like the Children’s Online Privacy Protection Act (COPPA) and the Family Educational Rights and Privacy Act (FERPA). If you use unsanctioned devices in the classroom, you may put student privacy in danger and yourself at legal risk.

3. Understand the implications of “clickwrap agreements.”

When you sign up for an app or website, you usually have to check a box or button that says you agree to a long list of terms and conditions. This is called a “clickwrap agreement.” You’ve probably done this dozens of times before for websites and apps you use in your personal life, but doing so for apps and websites you want to use in the classroom has some significant legal implications. As a teacher, when you click that button, you’ve entered into a legally binding contract on behalf of your students and your school. Before doing so, you must review that service’s terms and conditions and privacy policy to understand how it uses students’ data.

4. Read the terms of service and the privacy policy.

If your district doesn’t have a vetting system in place, the responsibility for vetting educational apps and websites may fall on you. In addition to the many state laws governing student privacy, COPPA and FERPA, two federal laws, also govern child and student privacy. Any time you use an app or website in your class, there is a good chance you are sharing student personal information with the company, meaning that the rules of FERPA apply. If so, students should not use an app or website unless you or your district get written parental consent or use student data in a way that is consistent with a FERPA exception — via the law’s “school official exception,” for example. Because the conditions needed to meet the exceptions are pretty technical, they are best addressed at the school/district administration level.

COPPA applies to website operators who provide services directed at children under the age of 13.  Many apps and services require users to be 13 or older in order to avoid COPPA liability. You can easily determine if an app or website meets COPPA requirements by doing a search on the terms of service web page for “13” and “thirteen.” If the app requires users to be 13 or older, then it is probably not COPPA compliant, which means you should likely not use the product without parental consent.

At the classroom level, the safest course of action is to make sure you get written consent before using educational websites and apps. However, consent is not a silver bullet. If an app does not adequately protect a child’s privacy, you are just passing on the burden of vetting the app, or waiving the privacy concerns, to parents. You — or ideally your district or a regional service agency — are much better equipped to judge the privacy of apps than the average parent, so be sure to do your due diligence, even if you plan to ask for parental consent. If you understand the privacy policy and believe it does not violate federal or state law, but your school or district does not approve apps, you should send a letter home to parents, informing them of the apps used in your classroom.

5. Educate yourself about student privacy.

Student privacy stuff can be overwhelming, but there are steps you can take to become better informed! Here are some resources to educate yourself about student privacy:

• The Educator’s Guide to Student Data Privacy, from Connect Safely and the Future of Privacy Forum, is a great place to get started.
• The Utah State Board of Education has an informative and entertaining YouTube playlist covering privacy basics for educators. A few of the videos are specific to Utah, but most are applicable to all educators.
• Student Privacy 101: FERPA for Parents and Students is a helpful video that explains FERPA in plain English.
• FPF also held a webinar on COPPA that you can watch here.

Susan M. Bearden is an education technology consultant for the Future of Privacy Forum and the chief innovation officer for the Consortium for School Networking. She was previously the senior education pioneers fellow at the U.S. Department of Education’s Office of Educational Technology for 2015-2016, and the director of information technology at Holy Trinity Episcopal Academy in Melbourne, Florida.