Abolishing Department of Education Could Save Student Privacy | Opinion

President Donald Trump looks poised to make good on his campaign promise to close the Department of Education, leading many to speculate about what such a move would mean for student loans and discriminatory practices in schools. One largely overlooked factor is the massive impact that closing the Department of Education could have on student privacy, which the department has so far failed to protect under the Family Educational Rights and Privacy Act (FERPA). Rather than preserving a failing federal system, a potential reorganization of the Department of Education presents a critical opportunity to put the power to protect student data back where it belongs: with families and states that are already stepping up to protect kids in schools.

Family privacy in schools has been steadily eroding for decades as policymakers have allowed FERPA—written in 1974, before personal computers or the web—to become powerless against tech’s expansion into classrooms. The Student Data Privacy Project filed over a dozen FERPA complaints in July 2021 documenting widespread violations. The department let them languish for years without action, and then admitted it won’t even enforce FERPA violations because withholding federal funding from schools hurts students. This abdication of responsibility has only emboldened educational technology companies to collect and monetize student data with impunity. Private equity firms are consolidating EdTech companies to build massive student data empires. PowerSchool, a leading K-12 software company, holds data on over 75 percent of North American K-12 students. In June, Bain Capital paid $5.6 billion to acquire PowerSchool, which is now launching AI platforms and assistants for over 60 million students. And in early January announced that hackers had accessed data on 6,500 school districts, 62.5 million students, and over 9.5 million educators.

This neglect is particularly egregious given the unprecedented privacy risks created by the infiltration of education technology (EdTech) into Pre-K-12 curricula. A 2022 study scored 78 percent of apps used in schools as “Do Not Use” and 18 percent as “High Risk,” meaning 96 percent of EdTech apps are sharing data with third parties and are unsafe for students. The average school uses 125 different education technologies and a quarter use over 170 (one school provided a list of 1,411 approved technologies)—far too many for administrators to meaningfully oversee. Between 2016 and 2020 alone, there were 99 student data breaches affecting hundreds of school districts.

It is also worth noting that nearly a third of teens have viewed pornography while attending school, with 44 percent of those teens accessing it on a school-issued device. Yet schools keep adopting new technology without evidence of educational benefit. This situation amounts to a massive experiment on children without parental consent or administrative accountability.

This predicament is possible because EdTech companies are exploiting two regulatory loopholes. First, under FERPA’s “school official exception,” schools can share student data with vendors that provide educational services. Second, the “school exception” in the Children’s Online Privacy Protection Act (COPPA) allows schools to consent “on behalf of parents” to share children’s data through apps, games, and platforms.

These two exceptions leave a dangerous gap in privacy protection. When schools designate companies as “school officials” under FERPA and then consent to students’ data collection under COPPA, much of the data companies collect—how long students spend on tasks, their browsing patterns, or their interactions with educational games—falls into a regulatory void. FERPA doesn’t protect these data because vendors maintain the records themselves rather than schools, while COPPA’s parental rights are bypassed by school consent. Instead of protecting children, these exceptions have become a massive shield for EdTech companies to collect, maintain, and monetize student data with minimal oversight.

This system is fundamentally broken and families are frustrated. Schools are unable to answer basic questions from parents about who has their children’s data, where it is, or how it’s being used. The Student Data Privacy Project found not a single school district—from North Carolina to California to Alaska—could provide parents with complete information about what EdTech companies had collected. When one Minnesota parent was able to receive over 2,000 files of data that had been collected on her child, she discovered that vendors held disturbing amounts of personal information, including her child’s baby pictures, videos from online yoga classes, and years of classroom work—but no explanation of how this data was being used or shared. Another district offered nothing more than login credentials, which can’t show what data vendors have collected, saved, shared, or kept from previous years. Faced with hundreds of EdTech vendors and lacking privacy expertise, schools have effectively lost control over student data, while neither the Federal Trade Commission nor the Department of Education have provided meaningful oversight or support.

Dismantling the Department of Education and reallocating its remaining services would ultimately require legislation from Congress, like that which Senator Mike Rounds (R-S.D.) has already proposed. His Returning Education to Our States Act transfers specific programs to other federal departments like student loans to the Treasury, civil rights enforcement to the Department of Justice, and Native American education to the Interior.

Regardless of whether Congress passes legislation to dismantle the Department of Education, it should at a minimum create a private right of action for FERPA violations, work to fill in the regulatory gaps in student privacy, and explicitly empower state attorneys general to enforce student privacy protections. Put simply, Congress should have the federal government step out of the way so that the states, a few of which have already passed supplemental laws, can develop and protect this important aspect of family privacy themselves.

With AI tools now rapidly proliferating in classrooms and the Department of Education proving itself incapable of protecting student privacy, now is the time for meaningful reform. President Trump’s intention to abolish the department offers the government a critical opportunity to better protect America’s students.

Meg Leta Jones is a Provost’s Distinguished Associate Professor in the Communication, Culture & Technology program at Georgetown University and author of The Character of Consent: The History of Cookies and Future of Technology Policy. Clare Morell is a fellow at the Ethics and Public Policy Center and author of the forthcoming book, The Tech Exit: A Practical Guide to Freeing Kids and Teens from Smartphones.

The views expressed in this article are the writers’ own.