ABOUT THE PLEDGE
As of April 25, 2025, the Future of Privacy Forum has retired the Student Privacy Pledge previously hosted at studentprivacypledge.org. After ten years, FPF retired this program in response to the changing technological and policy landscape regarding education technology (edtech). We are maintaining a public list of Pledge signatories through July 31, 2025. Read on to learn more about the history of this initiative and what this means for both Pledge signatories and schools.
A Brief History of the Student Privacy Pledge
The Future of Privacy Forum and the Software and Information Industry Association created the Student Privacy Pledge in 2014 as a voluntary, public, and legally enforceable statement by edtech companies to safeguard student privacy, built around a dozen privacy commitments regarding the collection, maintenance, use, and sharing of student personal information. Since it was introduced in 2014, nearly 500 edtech companies have signed the Pledge.
The Pledge was not intended as a replacement for pragmatic updates to existing student privacy laws and regulations. The Pledge was a set of commitments intended to build transparency and trust by obligating signatories to make baseline commitments about student privacy that could be enforced by the Federal Trade Commission and state attorneys general.
In the decade since the Pledge was established, more than 40 states have passed student privacy laws that apply to edtech providers. These measures codify many Pledge principles and apply to companies whether or not they signed the Pledge. Many of the new laws extend beyond the minimum requirements of the Pledge. Many of these laws require the district to enter into a contract or data protection agreement before sharing education records with a service provider. It has become clear that edtech companies and educators are increasingly focused on several privacy-adjacent issues, including data breach mitigation, cybersecurity, and artificial intelligence. Recently, we have seen several trust building frameworks tackle key aspects of Pledge commitments in more detail, including efforts focused on cybersecurity and data protection that are detailed below.
With that in mind, we think the Pledge has served its purpose and made the decision to retire it.
What this Means for Participating Companies
Participating companies are asked to update and remove any internal or external content references to the Student Privacy Pledge. Although FPF is sunsetting the Student Privacy Pledge, participating companies remain legally bound by Pledge commitments with regard to data collected during the period they were signatories. FPF will maintain a public list of Pledge signatories through July 31, 2025. Companies should consider signing the K-12 Education Technology Secure by Design Pledge, from cisa.gov, the Cybersecurity and Infrastructure Security Agency, and participating in the Student Data Privacy Consortium’s National Data Protection Agreement to demonstrate trust and strong privacy practices.
We call signatories’ attention to PRIVO’s Student Digital Privacy Assured Program, which is intended to help website operators, app developers and EdTech companies comply with multiple regulations and best practices with a single streamlined program. If you would like to explore this option, please contact cquinn@privo.com or avasey@privo.com directly.
What this Means for Schools
While the Pledge has been a useful signal of a company’s commitment to privacy, a school’s obligations for vetting and approving the sharing of student data with third-parties has always been more than checking for a pledge or other “validation” and typically require that the school has “direct control” over the third-party. Many states require a contractor or data protection agreement when sharing student data, and example agreements are available.
FPF provides a variety of privacy resources for schools at studentprivacycompass.org, including Student Privacy Training for Educators, and a resource to help schools vet AI tools for legal compliance.