The letter was written to Education Secretary Betsy DeVos, Federal Trade Commission Chairman Joseph Simons and FTC Commissioners Noah Phillips, Rohit Chopra, Rebecca Slaughter and Christine Wilson. The FTC is the federal agency responsible for enforcement of the Childrens Online Privacy Protection Act (COPPA), and the Education Department is responsible for enforcing the Family Educational Rights and Privacy Act.

(I have written to both agencies asking about the issue and will publish any responses I get.)

As schooling rapidly moves online across the country, concerns rise about student data privacy

The senators noted that online education can help students keep learning while they are staying home for an undetermined amount of time.

However, many ed tech offerings collect large amounts of data about students and do not employ adequate privacy or security measures, they wrote. Experts have found widespread lack of transparency and inconsistent privacy and security practices in the industry for educational software and other applications used in schools and by children outside the classroom for learning. And the Federal Bureau of Investigation has warned that [m]alicious use of [student] data could result in social engineering, bullying, tracking, identity theft, or other means for targeting children.

Sign up for our Coronavirus Updates newsletter to track the outbreak. All stories linked in the newsletter are free to access.

In developing guidance, the senators urged the agencies to consider the following proposals:

* Ed tech services should communicate their privacy policies to users conspicuously and in easily accessible fashion;

* Ed tech services notice of their data collection and processing practices must be written in plain language so that it is easily understood by students, parents, and educators;

* Ed tech services should not weaken privacy safeguards when users access their tools at home, rather than in classroom settings; and

* Ed tech services that, as a matter of policy or compliance with state or federal law, do not sell or otherwise monetize student data when those services are used in the classroom should apply those same policies when users access their services for at-home learning.

There are more recommendations for guidance involving parents.

Heres the letter: