How SOPIPA Affects Vendors

Common Sense Kids Action

Your privacy is important to us. When you sign up as an advocate:

  • Common Sense Kids Action will send you periodic email alerts on legislative activity that impacts your community;
  • You will have the opportunity to share your actions and these issues with your friends by sending them Common Sense Kids Action alerts and issues;
  • Common Sense Kids Action may share with our affiliates and like-minded coalitions working on behalf of children the email address and/or zip code that you provided to us when you signed up to participate in Common Sense Kids Action.
  • We will otherwise use your information in accordance with our privacy policy.

You may unsubscribe from receiving emails from Common Sense Kids Action at any time by clicking the unsubscribe link at the bottom of all Common Sense Kids Action emails. Please note that unsubscribing from Common Sense Kids Action emails will not unsubscribe you from receiving emails or information from other coalitions and organizations with whom Common Sense Kids Action may have already shared your information, and will not delete your information from those groups. Further, unsubscribing from Common Sense Kids Action emails will not unsubscribe you from other Common Sense Media emails that you have previously asked to receive.

How SOPIPA Affects Vendors

One question that we have been asked since SOPIPA's introduction is whether or not SOPIPA will adversely affect vendors who are working on building and delivering educational technology products. The answer is no. In our outreach to vendors while this law was being crafted and since the law has passed, the feedback we have consistently received is that SOPIPA reflects the good practices that many reputable edtech vendors have been doing for years, while highlighting ways that student data could potentially be used outside an educational context. We have also received feedback that SOPIPA has highlighted the need for sound data security, including encryption, and that many companies have reviewed and improved their security practices as a result.

Q: Do I have to comply with SOPIPA?
A: If you operate a website, an online service, or a mobile app designed, marketed, and used primarily for K–12 school purposes, and you operate in California K–12 schools, you must comply with SOPIPA.

Q: Will SOPIPA make it difficult for me to create educational products?
A: No.

To be SOPIPA compliant you as a vendor should meet the following requirements:

  1. not use any data collected via your service to target ads;
  2. not create advertising profiles on students;
  3. not sell student information;
  4. not disclose information, unless required by law or as part of the maintenance and development of your service;
  5. use sound information-security practices, which often include encrypting data;
  6. will delete data that you have collected from students in a school when the school or district requests it;
  7. share information only with educational researchers or with educational agencies performing a function for the school;
  8. innovate safely without compromising student privacy by only using de-identified and aggregated data as you develop and improve your service.