On April 9, 2020, the Federal Trade Commission (“FTC”) issued guidance under the Children’s Online Privacy Protection Act (“COPPA”) for operators of educational technology (“EdTech”) used both in school settings and for virtual learning. The FTC’s guidance stresses that, while COPPA generally requires companies that collect personal information online from children under age 13 to provide notice of their data collection and use practices, and obtain verifiable parental consent, in the educational context and under certain conditions, schools can consent on behalf of parents to the collection of student personal information. First, the information must be used for a school-authorized educational purpose and for no other commercial purpose. Second, the EdTech service must provide the school (or the school district) with the necessary COPPA-required notice of its data collection and use practices. The FTC recommends that schools or districts consult with their attorneys and information security specialists to review the privacy and security policies of the EdTech services they use and not delegate those decisions to classroom teachers. Late last month, the Department of Education issued new information on the Family Educational Rights and Privacy Act (“FERPA”) and distance learning during COVID-19 that explains that, if certain circumstances are met, schools may rely on FERPA’s “school official” exception to disclose students’ education records, or personal information in those records, to EdTech providers.