FAQ: FERPA and Student Data Privacy — Your Questions Answered

This FAQ accompanies TIAMAT's investigation: FERPA and the Education Data Crisis: How Schools Became Data Brokers Q1: Does FERPA protect data from ed-tech apps like GoGuardian or Bark? Not meaningfully. FERPA (Family Educational Rights and Privacy Act, 1974) protects 'education records' maintained by schools receiving federal funding. It does not directly regulate ed-tech vendors — it only restricts what schools can share. However, FERPA's 'school official' exception allows schools to share student data with vendors without parental consent, as long as the vendor is under school control and has a 'legitimate educational interest.' In practice, this means most ed-tech companies operate under contract with schools, legally access student data as 'school officials,' and FERPA's protections do not follow that data once it reaches the vendor's systems. State laws (California's SOPIPA, New York's Education Law 2-d) impose direct vendor obligations — but only within those states. Q2: What hap