KCSgate Combat Data
Data:
In Tennessee, it is generally illegal to digitally share children's information without proper consent due to the Children's Online Privacy Protection Act (COPPA) for online services and new state laws like the "Protecting Children from Social Media Act", which require parental permission for minors to create social media accounts and offer parental supervision tools. Sharing sexually explicit images of a minor is also illegal. However, educational data is governed by FERPA, which allows parental consent for the disclosure of student information.
Key Aspects of Children's Data Privacy in Tennessee
COPPA:
This federal law requires that operators of websites and online services obtain verifiable parental consent before collecting and using a child's personal information if the child is under 13.
"Protecting Children from Social Media Act" (HB 1891):
This Tennessee law, effective January 1, 2025, requires social media companies to obtain parental consent and verify a minor's age before allowing them to create an account.
Parental Consent for Social Media:
Parents must give consent for their children under 18 to create accounts on social media platforms, and companies must provide parents with tools to supervise their child's account.
FERPA (Family Educational Rights and Privacy Act):
For educational data, this federal law generally requires schools to get written parental consent before disclosing personally identifiable information about a student to anyone other than the parent. (this applies directly to Hāpara, as the device agreement doesn’t sayanything about Hāpara, and thus they don't have parental consent consent. This also applies to Linewize)*
Prohibited Content:
Sharing sexually explicit images of anyone under 18 is illegal under Tennessee law, even if the images were created by the minors themselves.
Linewize privacy policy:
Our commitment to data protection
- We will not market services to you.
- We will not share information associated with you with other companies.
- We only ever ask for information that we really need to know.
- We may share information associated with you if required by law or under an agreement with your parents or school.
- We only keep information associated with you for as long as we need it and in accordance with laws.
- We use good practices to keep information safe and secure.
Hāpara:
What we DO:
Collect limited personal information from users (for learners, this is first name, last name and school-provided G Suite email address).
Require learners and teachers to have G Suite accounts set up by the school.
Help some schools create those Google accounts.
Use HTTPS (SSL) to protect our entire site.
Disclose clearly in our Privacy policy what learner information we collect, and the limited ways that information is used or shared with third parties (e.g., to understand how we can improve our products).
Maintain a comprehensive security program – made up of administrative, technical and physical safeguards – that is designed to protect learner information.
Gather information about which parts of our software are used and by whom, to improve that software for users.
Appoint our CTO as our Chief Privacy Officer, to ensure all departments are accountable to the Chief Privacy Officer.
Regularly hire security professionals to test our systems as hackers would.
What we DON’T do:
Collect, use or disclose sensitive learner information, such as social security numbers or home addresses; all that’s asked for from learners is a first and last name.
Sell or rent user information to third parties.
Interact with GPS or camera functions on learner devices.
Collect, use or share learner information for non-educational purposes.
Retain and utilize user information after a school cancels their subscription. Users own their own data, not Hāpara.
Permit individuals not affiliated with a school or Hāpara Technical Support to access or view information about a learner.
Permit individuals not affiliated with a school to communicate with learners.
Provide a new way for learners to send private communications to other learners.
Make material changes to our privacy policy without first providing users with notice and allowing them choices.
KCS Device agreement (DOES NOTMENSION HĀPARA OR LINEWIZE!!!! THERE IS NO PARENTAL CONSENT WHICH IS REQUIRED FOR HĀPARA AND LINEWIZE)*[^1]: Device Agreement - Knox County Schools
“District networks and devices are monitored, and students and staff should have no expectation of privacy.” (kinda scummy to say, “you will not have privacy and you shouldn’t have expected it in the first place”)
Bottom Line:
Federal law states that parental consent is required for apps, websites, and extensions to collect data of those under 18, and the KCS tech agreement doesn’t address Hāpara Highlights and Linewize, which, as they collect data, require parental consent to be used. KCS is at fault for the tech agreement, and as the missing parts of the tech agreement are illegal, it should be revised, and other policies and agreements should be at the very least reviewed. If not, a lawsuit may be formed.
Signatures:
The link to the signature form
SIGNATURES
[^1]: *hāpara and Linewize cannot legally be used by KCS for the reasons followed by asterisks.