Resources·AI for Teachers
Student Data Privacy and AI: FERPA, COPPA, and DPAs Explained
What FERPA and COPPA actually say about AI tools — five 'can I paste this?' scenarios answered with reasoning, plus what a signed DPA really covers.
Does FERPA apply to AI tools?
FERPA doesn't regulate AI tools — it regulates schools. The law restricts how schools disclose personally identifiable information from students' education records, so an AI tool becomes a FERPA problem the moment that information enters it without consent or a qualifying exception. The question that matters isn't which tool you use. It's what you type into it.
The one-screen checklist version of this — DPA signed, no-training statement in writing, FERPA documented, COPPA for under-13s — lives in our guide to AI for teachers. This page is the reasoning underneath: what the laws actually say, what a district's "approved tools" list is legally doing, and five paste-or-don't-paste scenarios worked through in the open. One caveat before any of it: this is practical guidance from primary sources, not legal advice, and where your district's policy or counsel says something stricter, they win.
What FERPA actually covers
The Family Educational Rights and Privacy Act is a 1974 federal law that applies to schools receiving U.S. Department of Education funds. It gives parents the right to inspect their child's education records, request corrections, and — the part that matters here — consent before the school discloses personally identifiable information from those records. Those rights transfer to the student at 18.
Two definitions do most of the work. Education records are records that are "directly related to a student" and "maintained by an educational agency or institution or by a party acting for the agency or institution" — grades, rosters, IEPs, discipline files, the contents of your gradebook. Disclosure means permitting "access to or the release, transfer, or other communication" of PII "by any means." Typing into a chatbot is a means.
The folk version teachers carry — FERPA means you can never say anything about a student — is both too broad and too narrow. Too broad, because the law governs records the school maintains, not every fact a teacher knows. Too narrow, because PII goes well past names: the Department's definition includes indirect identifiers and any information that can be traced to a student "through linkages with other information." A prompt with no name in it can still disclose PII, and that failure mode shows up twice in the scenarios below.
The school-official exception, or why the signature matters
The general rule is written parental consent before disclosure. No district collects a permission slip for every software vendor, so nearly all edtech runs through an exception — usually the school official exception, which lets schools treat an outside provider as an extension of staff. The Department of Education's guidance on online educational services (Student Privacy Policy Office, February 2014) sets four conditions: the provider performs a function the school would otherwise use its own employees for; it meets the district's published criteria for a school official with a legitimate educational interest; it stays under the direct control of the school with respect to the records; and it uses the data only for the authorized purpose, with no re-disclosure.
"Direct control" is the load-bearing phrase. A district can't directly control a vendor it has no agreement with, which is why the practical instrument is a signed data privacy agreement — a contract that names what's collected, limits use to the contracted service, forbids re-disclosure, and requires deletion when the contract ends. That's what "approved" means on a district tool list. It isn't an endorsement of quality; it's a statement that a contract exists that makes the vendor legally an arm of the school.
The same 2014 guidance carries a warning that lands differently in the AI era: click-wrap terms count. When a teacher clicks "accept" on a free tool's terms of service, that click "serves to enter the provider and the end-user... into a contractual relationship akin to signing a contract" — an agreement nobody at the district reviewed, on the vendor's terms rather than the school's. The Department's recommendation is blunt: free services should go through the same approval process as paid ones.
Signed DPAs are not exotic. The Student Data Privacy Consortium maintains a standard National Data Privacy Agreement, operates alliances in 35 states, and reports more than 275,000 standard DPAs executed since 2016, with a searchable registry of over 222,000 active agreements. If you want to know whether a tool is genuinely covered for your district, that registry — or your state alliance's version of it — is the fast check, faster than reading a privacy policy.
COPPA and state laws: FERPA isn't the ceiling
COPPA, the FTC's children's privacy rule, requires operators of websites and online services to obtain verifiable parental consent before collecting personal information from children under 13. Schools can consent in parents' place, but the FTC's guidance limits that authority to the educational context — where the operator collects students' information "for the use and benefit of the school, and for no other commercial purpose." The FTC amended the rule in April 2025: operators now need separate verifiable parental consent before disclosing a child's information to third parties for purposes that aren't integral to the service — the rule names disclosures "to train or otherwise develop artificial intelligence technologies" as exactly that kind — and may retain children's data only as long as reasonably necessary for the purpose it was collected.
Worth being precise about, because most summaries aren't: COPPA governs operators collecting information from children. It's the law that matters when your fourth graders use a tool themselves — which is why no consumer chatbot account belongs in an under-13 classroom — not when you type something about a student into your own account. That second case is FERPA territory.
Then there's your state. California's Student Online Personal Information Protection Act (SOPIPA, signed 2014, effective 2016) regulates the vendors directly: operators of K-12 online services may not use student data for targeted advertising, build profiles of students for non-educational purposes, or sell student information. Many states have since enacted their own student-privacy statutes, and they differ enough that the only honest advice is to check yours — your state's SDPC alliance page is a reasonable starting point, and your district's technology office will know which statute it answers to.
What to ask before a tool touches student data
If you're evaluating a tool — or forwarding one to the person who approves them — the questions that sort vendors quickly come straight out of the federal guidance:
- Is there a signed DPA with our district or state, findable in the registry? A privacy policy is a description; a DPA is a commitment.
- What does it collect, and is any of it used for a purpose that isn't the service itself — advertising, profile-building, sale to third parties?
- Does the vendor state in writing that student data and prompts are not used to train its models?
- Can the district review and delete the data, and what happens to it when the contract ends?
- If students under 13 will use it: how is consent handled, and does the use stay strictly educational?
None of these questions are exotic; the 2014 federal guidance and the FTC's school FAQ both recommend versions of them. How the broader tool landscape shakes out on these questions — and what "free" usually costs in data terms — is covered in free AI tools for teachers.
Five scenarios: can I paste this?
The rules above, applied to the prompts teachers actually want to write.
1. An unnamed student essay, for feedback ideas. Generally yes, with two conditions. De-identified student work isn't protected by FERPA — the Department's guidance says directly that properly de-identified information "is not protected by FERPA" — so an anonymous essay from your own account is defensible almost everywhere. But de-identify the content, not just the name at the top: an essay about being the new student who arrived from Honduras in October identifies its author to anyone at your school. And on a consumer account, what you paste may be used for model training unless you've turned that off — the ChatGPT-specific settings are here.
2. A class roster, to have AI sort students into groups. No. A roster is PII from education records, and pasting it into an unapproved tool is disclosure "by any means." The workaround costs you nothing: ask for the grouping structure — "give me a method for sorting 28 students into six mixed-ability groups using last week's quiz scores" — and place the actual names yourself, offline. If your district has a tool under DPA that handles rosters, that's what the DPA is for.
3. A behavior question about one student, described in detail. This is the trap scenario, because it feels safe — no name, no roster, just "how do I handle a student who..." The rule of thumb prompt about the task, not the student fails exactly here: PII includes information traceable to a student through linkages, and "my seventh grader who transferred mid-year after the custody case and shuts down during writing" is one linkage away from a name for everyone in your building. The test isn't whether you typed a name. It's whether a colleague reading the prompt would know who you meant. Strip it to the pattern — grade level, the behavior, what you've tried — and the advice you get back is just as useful.
4. An IEP goal, pasted verbatim, to draft accommodation materials. Not verbatim. An IEP is an education record, and a goal's wording is individualized enough to function as an indirect identifier even without the name. Describe the accommodation type instead — "materials for a student who needs multi-step directions chunked, with a visual checklist" — and the output is identical with none of the exposure. The longer version of this distinction, including what AI legitimately can do with existing accommodations, is in our AI differentiation guide.
5. Student photos, uploaded to an AI tool to build the end-of-year slideshow. No — and this one surprises people, because the photos feel like yours and the slideshow is a gift. A photo is a direct identifier of a child. Uploading a folder of them sends identifiable images of students to a vendor with no agreement with your district, under click-wrap terms you accepted alone, with retention and training practices you'd have to go read; and the media-release form families signed covers the school publishing photos, not a third-party processor doing whatever its terms allow. If your district's approved creative tool is under a DPA that covers image uploads, use that. Otherwise, make the slideshow the way you always have. The AI can write the captions.
Frequently asked questions
Does FERPA apply to AI tools?
Indirectly. FERPA regulates schools, not software — it restricts how schools disclose personally identifiable information from education records. An AI tool triggers FERPA when student information from those records enters it without parental consent or a qualifying exception, which is why districts put approved tools under signed agreements.
Can I put student work into ChatGPT?
Only after removing anything identifying — the name, and details inside the work that point to one student. De-identified student work is not protected by FERPA, so an anonymous essay pasted from your own account is generally defensible. Check your district's AI policy first, and remember consumer chatbots may use what you type to train their models.
What is a student data privacy agreement (DPA)?
A DPA is a signed contract between a district and a software vendor that limits what the vendor can do with student data: use it only for the contracted service, no re-disclosure, deletion when the contract ends. It's how a district keeps the 'direct control' FERPA's school official exception requires. Most states use a standard version through the Student Data Privacy Consortium.
Does COPPA apply to AI tools used in schools?
Yes, when children under 13 use the tool themselves. COPPA requires operators to get verifiable parental consent before collecting personal information from young children; schools can consent in parents' place only when the tool is used for an educational purpose and no other commercial one. It governs students using tools — not a teacher typing about students.
What counts as personally identifiable information under FERPA?
More than a name. PII includes direct identifiers, indirect identifiers like a birth date, and any information that can be traced to a student through linkages with other information. A description specific enough that someone at your school would recognize the student counts, even with the name removed.
Your next lesson is a sentence away.
Planning Partner drafts standards-aligned, differentiated lessons — then hands you the controls.
Start free