The Student Privacy Pledge applies to “school service providers.” This means you must be (1) a commercial company (not a government entity or individual person); and (2) provide an online or mobile application or service that is designed for United States K-12 educational institutions; and (3) is used at the direction of their teachers or school employees.
Of course, you must also collect or handle K-12 student data. Although it does not matter whether you receive the information from the school or directly from student users, the Pledge does not apply to companies that merely sell software to schools (but never see or handle any of the student data). See the full definition here.
That’s okay! If your company is collecting or managing data from United States K-12 students, then you are subject to US laws for those business operations and are eligible to take the Pledge.
Sometimes companies may provide, for example, an online platform or game that is designed for K-12 students, but do not have any way of knowing whether teachers are using it or instructing their students to use it (for instance, because it might be freely available). If your platform or service is designed to be used by teachers or at the direction of teachers (i.e. in the classroom, for homework, or for extra-curricular assignments), then as long as the other criteria are met, we will add you as a Pledge signatory.
Yes. By taking the Pledge, a company is making a public statement of its practices with respect to student data. Accountability comes from the Federal Trade Commission (FTC), which has the authority to bring civil enforcement actions against companies that do not adhere to their public statements of practices. If a company acts in contradiction to their own public statements, they risk an enforcement action for “unfair or deceptive trade practices.” This is known as FTC Section 5 authority, which you can learn more about by visiting the FTC’s explanation here.
While the FTC Act only applies to “corporations,” defined as a company organized to do business for profit or for the profit of its members, state unfair and deceptive practices (UDAP) statutes usually do not have that restriction. Massachusetts and Illinois have both found that a non-profit was engaged in “trade or commerce” or acting in a “business context,” and have taken action against those non-profits. Determining whether or not a specific organization falls under a state’s UDAP statute is a highly fact-dependent inquiry, but it should not be assumed that a state cannot act against a non-profit if it believes the non-profit is violating their consumer protection laws.
Sometimes. A company might be removed if it goes out of business, merges with, or is acquired by another company. We also ask companies to “re-commit” to the Student Privacy Pledge each year, by confirming to us that, in the event of any changes to their policies and procedures, they are still in compliance with the Pledge. If a company decides not to re-commit (for whatever reason), we will remove their logo.
If you have questions about whether a Signatory is complying with the Student Privacy Pledge, we recommend that you reach out to that company. If the company’s products or services are used by your school district, school administrators can also help resolve questions. You are also welcome to reach out to us as intermediaries, and we will help facilitate a discussion about privacy practices, although we cannot speak directly on behalf of any company. If you believe a company is seriously in violation, you may also file an FTC Complaint.
Yes. In order to take the Pledge, we ask you to provide a copy of your company’s logo. Before adding you to the Pledge site, we will also contact you to ask for your affirmative consent to use that logo on the website to represent your public commitment to the full text of the Pledge.
Pledge 2020 is a collaborative, public effort to update the Pledge. Since the Pledge was first established in 2014, student data use, technology, and US laws have all changed. For this reason, we are asking pledge signatories, edtech companies, civil society groups, student privacy experts, and the general public to weigh in on how the Pledge can be improved to effectively protect student information in 2020 and beyond.
It will take effect in January 2020. Convening large groups of smart people to talk about privacy takes time. For the rest of 2019, we will take public comments and draft updates to the Pledge. When that process ends, we will launch Pledge 2020, and both current and new signatories can become Pledge 2020 signatories.
Because companies need time to update legal documents such as contracts, current signatories will be allowed to maintain their current commitments to the Student Privacy Pledge for a set time after Pledge 2020 takes effect. After that set time, all signatories will eventually commit to Pledge 2020.
You can still apply for the Pledge at any time. Applicants will be considered in terms of the original Pledge until the implementation of Pledge 2020, at which point all new applicants will apply for Pledge 2020.
Both current signatories and current applicants will eventually be required to commit to the new Pledge 2020 framework.