SB 9, SB 12 & HB 1416 ARE IN EFFECT — DISTRICTS NEED COMPLIANT CONSENT SYSTEMS BEFORE THE 26-27 SCHOOL YEAR
Actionaly

The Actionaly Blog

Consent Management

Ed-Tech Consent Is Under the Microscope. Every Vendor and District Needs an Approach.

Ed-Tech Consent Is Under the Microscope. Every Vendor and District Needs an Approach.

Consent in K-12 is getting more attention right now than at any point in the last decade. A coordinated wave of lawsuits is challenging how ed-tech vendors handle student data. New federal rules are tightening what requires parental consent. Parents are organizing opt-outs. And publications like The 74 are mapping the pattern in real time (Linda Jacobson, "Parents' Consent at the Heart of Ed Tech Lawsuits", June 3, 2026).

The instinct is to file this under "happens to other people." A handful of vendors caught mishandling data, some lawsuits, not my problem. But the scrutiny isn't aimed only at bad actors. It's aimed at the consent infrastructure the whole ecosystem depends on. And most vendors and districts don't have much of one.

Some vendors stretched school-based consent past what it was ever meant to cover. Under COPPA, a school can act as the parent's agent when a product collects student data, but only for data used "for the use and benefit of the school, and for no other commercial purpose." The FTC's 2022 ed-tech policy statement draws the same line: school-authorized data cannot be used for any commercial purpose beyond the service the school requested.

The data suggests a lot of products are on the wrong side of that line. When Internet Safety Labs tested 100 commonly used school apps for the Utah State Board, more than a third were sharing student information with advertisers. A broader benchmark found that 96% of K-12 apps tested sent student data to third parties. The gap between what school consent authorizes and what some vendors actually do with the data is what drew the lawsuits and the headlines.

At the same time, the regulatory picture is tightening. The 2025 COPPA amendments now require separate verifiable parental consent for any third-party disclosure that isn't integral to the service, and the FTC has been explicit that disclosures for advertising, for money, or to train AI are never integral. In Texas, SB 9 and SB 12 have added their own layers of consent requirements with real operational weight.

This Isn't Just About the Vendors in the Headlines

It's easy to watch a lawsuit land on someone else and conclude your own house is in order. But the heightened visibility around consent doesn't apply only to the companies being sued. It applies to every vendor whose product relies on school-based consent and every district that needs to know its consent processes actually hold up.

New parent bill-of-rights legislation, new federal rules, and new state requirements all point the same direction: consent is expected to be real, documented, and limited to what was actually authorized. The question isn't whether the vendors in the headlines handled consent poorly. The question is whether your own consent approach can withstand the same level of attention.

In our work with Texas districts, the pattern we see most often isn't bad intent. It's absence of infrastructure. Consent handled through Google Forms, paper packets, SIS add-ons that were never built for it. Systems that can't tell you who consented to what, for which program, and whether that consent is still current. When scrutiny arrives, the answer tends to be "we think we're covered" rather than "here's the record."

The industry defense quoted in The 74 was that getting parental consent at scale is an "administrative nightmare." That made sense when consent collection genuinely was painful: paper forms, manual follow-up, spreadsheet reconciliation. For a long time, school-based consent wasn't just a legal shortcut; it was the only practical path.

Parent and child using a tablet together at home For districts with the right infrastructure, consent at scale is routine. (Photo by Family First)

That calculus has changed. In our work on the parental-consent side of K-12 in Texas, collecting consent at scale is a routine operation:

  • across thousands of families
  • in the languages those families actually read
  • with automated follow-up to non-respondents
  • and a per-student audit trail at the end

For the districts we work with, it's routine. Dedicated consent systems handle the translation, the reminders, the tracking, and the reporting. The districts that have made the switch aren't spending hours reconciling spreadsheets. They're spending minutes checking a dashboard.

That changes the risk calculation for vendors and districts alike. When collecting real consent for the uses that school consent doesn't cover is a practical, workable operation, relying on a contested legal shortcut becomes a choice rather than a necessity. The vendors and districts best positioned as the spotlight stays on will be the ones who treat consent as something to go collect, not something to argue their way around.

The Takeaway

Consent is under the microscope, rightfully so. The lawsuits and the new rules are part of the picture, but the bigger point is simpler: every vendor and every district needs consent infrastructure they can rely on. Not just for the edge cases making headlines, but for the everyday use cases that state legislation already demands.

We work on the parental-consent side of K-12, especially in Texas, helping districts and vendors make sure they have the infrastructure to collect, track, and document consent at the pace their programs require. If that's a gap you're weighing, reach out and we'll walk through what's working.

← Back to all posts
Actionaly logo
Would you like to know more?
Twitter LinkedIn
© 2026 Actionaly Inc. Actionaly (TM) is a registered trademark. All rights reserved.
apple store download playstore download