This continues our focus on the intersection of remote education and the law, specifically in the wake of the 2020 COVID-19 pandemic.

Harkening back to March 2020, the entire world was in a state of uncertainty. Some wondered how long they would have to work from home or not work at all. A population with time to spare decided it was the best time to experiment with sourdough starters or spend hours scouring the Internet.

And yet, school was still in session. Classrooms moved from the traditional building to the video conference. Students completed their assignments and uploaded them to online portals. This immediate transition to remote learning was difficult for the students and their parents or guardians, but educators have been required to adjust pedagogy on a dime. Students, parents and teachers have voiced concerns regarding information privacy, security and copyright infringement liability in the educational context.

The three primary federal laws applicable to remote learning are the Family Educational Rights and Privacy Act (FERPA), Children’s Online Privacy Protection Act (COPPA) and Technology, Education and Copyright Harmonization Act (TEACH Act).

This series on distance education begins with an overview of FERPA, COPPA, and the TEACH Act (for a discussion of the TEACH Act, see our previous blog).

As we continue our exploration of this topic, we will discuss ways in which these laws impact specific issues in the remote learning environment, as well as more secure ways to partner with technology providers.

FERPA

FERPA, enacted in 1974, is a federal law that protects the privacy of educational records for students in schools that receive any funding from the United States Department of Education (“DOE”). Such records include academic data, disability services received, immunization records and other personally identifiable information (“PII”). PII is exactly as it sounds—information that can make a person traceable, such as a name, student identification number or address.

Parents of most K-12 students have access to these records until their children turn 18 years old. After that milestone birthday, schools must receive consent directly from the students prior to disclosing any records, unless those students remain dependents for income tax purposes.

With almost all schools going remote, administrators and technology managers are asking complicated questions, such as how to conduct parent-teacher conferences or which videoconferencing tools can be trusted when sharing student data. While filming classes is legal with parental consent, sharing those videos beyond certain limited uses within the school or district is prohibited, and it may be unclear how this applies to the digital classroom.

In March 2020, the DOE released a statement in the wake of the COVID-19 pandemic, providing some guidance around frequently asked questions about FERPA, particularly concerning remote learning technology and managing databases of sensitive information.

Although FERPA applies to traditional educational institutions, it does not necessarily apply to summer programs that operate outside of non-federally funded schools, universities and educational agencies.

COPPA

COPPA contains restrictions on operators of websites or any online service directed to children under 13 years old, especially those that knowingly collect PII from such users. While the law is aimed primarily at online service providers, it now has major implications for schools using technologies like Zoom to facilitate classes.

Enacted in 2000, COPPA was written primarily in the commercial context, because many websites during the “dot com boom” were mining data without substantive privacy policies or notices, particularly from children under 13. The rule requires websites and any online service providers to transparently communicate their privacy policies to parents and take reasonable steps to maintain the confidentiality of children’s information.

Although COPPA usually applies to companies with software that may be used outside the educational context, it does not mean that schools and summer programs are exempt from liability. In fact, educational institutions may act as agents for parents in circumstances when they have contracted with third-party companies to provide them with online educational services. Therefore, schools must still assess their preexisting obligations under FERPA prior to teaming up with technology companies and presuming that COPPA governs all privacy matters.

Summer camps may be subject to COPPA if they operate any of their services online. Furthermore, camp administrators are not permitted to serve as agents for parental consent. Accordingly, these camps must comply with COPPA, which may be an entirely new development for some directors and administrators.  Other camps not subject to COPPA may follow the FTC’s recommendation to do so as a matter of best practices. Private enrichment or after-school care programs operating during the school year may also need to consider COPPA.

Some state laws may also apply to certain educational programs targeting children under 13. For example, California’s Student Online Personal Information Protection Act mirrors much of COPPA, but schools and summer camps should take note of certain nuances in the laws of the states in which they operate.

Additionally, the House of Representatives has introduced legislation proposing revisions to COPPA, and there are ongoing discussions in the Senate and at the Federal Trade Commission as well. This may alter the legal landscape going forward, and we will continue to monitor further developments.

TEACH Act

The TEACH Act was enacted in 2002 for the purpose of limiting infringement liability of nonprofit educational institutions, including standard and distance education programs, that use copyrighted works in lessons without prior permission. For example, teachers may be able to show entire films over the course of multiple class periods without paying royalties to the copyright owner(s).

Although the law was intended to respect the rights of copyright creators while protecting educators, the procedural requirements for each institution are complex, and mere good faith use is not sufficient compliance. To take advantage of the TEACH Act’s benefits, each institution must take an “all-hands-on-deck” approach, involving their technology administrators, teachers, librarians and, ideally, legal counsel. Many universities have provided guides for educators who intend to use copyrighted material as educational supplements. See George Washington University. However, these may be issues K-12 classroom teachers and school districts are addressing on a larger scale now, without clear guidelines.

While providing blanket exemptions for in-person classrooms to use copyrighted material, the Act does not necessarily provide the same exemptions for classes that have transitioned to remote learning environments. Moreover, certain platforms use algorithms to automatically detect and block infringements of copyrighted works despite permission from copyright owners or the law, so this adds an additional layer of complexity. Apropos of this “age of uncertainty,” it remains to be seen if or how the TEACH Act will evolve over time.

In summary

School districts and educational summer programs searching for remote learning tools must ensure that their products of choice are compliant with the law. In addition to using products that apply encryption and robust user identification procedures, it is crucial that these companies are transparent about data usage in the context of federal and state laws.

Concerns about the safety of private networks of email addresses, assurance of maintaining student confidentiality and the strength of consent agreements prior to sharing information over potentially insecure web-based communication services must be addressed.

Although these concerns are a legitimate source of anxiety for these parties, these frequently asked questions have frequently assuaging answers. We look forward to sharing more details about legal issues with distance education and safe paths to partnering with content creators and education technology companies. Just as we hope our students will be lifelong learners, the new landscape requires the same of educators, administrators, legislators and even the lawyers who work with them.