How SOPIPA Affects Parents
Q: How is SOPIPA different from other laws?
A: SOPIPA is different from other student privacy laws because: It makes the edtech companies who collect and handle students' sensitive information responsible for compliance; it applies whether or not a contract is in place with a school; and it applies to apps, cloud-computing programs, and all manner of online edtech services.
Q: Who has to comply with SOPIPA?
A: Websites, online services, and mobile apps that are designed, marketed, and used primarily for K–12 school purposes have to comply with SOPIPA. It doesn't matter whether they have a contract with a school or district.
Q: Does SOPIPA let companies use students' sensitive personal information to market products or amass profiles of students if they get consent?
A: No. With SOPIPA, California has said very clearly that schools should be a place for learning, not marketing or profiling. Though at first it may sound appealing to allow parents, students, or even schools to "consent" to the commercial use of students' personal information, on closer inspection this idea is deeply problematic. Schools are a very unique environment. With schools making many of the edtech choices, parents and students are a captive audience. Schools may feel pressured by companies to give or get consent to receive free or discounted products. Parents may easily feel pressured by schools to "consent" so their children can receive a good education, or they may assume -- often wrongly -- that the school has fully vetted the vendor and its privacy and security practices. And most K–12 students can't give meaningful consent, since they are not of appropriate age or level of understanding of what it means to share their personal information.
In an educational setting, it is better for students and parents if the law bars commercial use of student data outright, without creating loopholes that companies may exploit to pressure parents, students, or schools.