Keystone Oaks Policy Sidesteps Parental Consent for Student Apps | The Locally Times

An April 22 district notice states administrators, not parents, authorize student access to third-party apps, a process at odds with federal privacy law.

An April 22, 2026, notice from the Keystone Oaks School District (KOSD) details a plan to improve student privacy that appears to conflict with federal law. The document acknowledges that the Children’s Online Privacy Protection Rule (COPPA) requires consent from parents before online services can be used by children under 13. However, the notice states that district administrators authorize student access to some third-party applications. The district issued the notice as part of a stated goal to reach full compliance with updated COPPA regulations by April 22, 2026. As part of this effort, the district announced it would publish an online, searchable list of all approved digital tools, complete with links to their privacy policies, to increase transparency about student data. The first, labeled by the district as core services, includes applications like Gmail and Google Drive. The second, labeled additional services, includes YouTube and Google Maps. Beyond these Google products, the document states that students can access other third-party services using their school accounts. The notice describes a process for granting this access that does not involve parents. According to a paraphrase of the document, a school administrator enables access to these services and provides authorization. The sentence describing this process in the public record is incomplete, leaving the full scope of the administrator’s authority unclear. ## Key Details on Consent Process Are Missing The district’s reliance on administrator authorization appears to conflict with its own acknowledgment of federal law. The notice identifies COPPA’s requirement for parental consent but then describes a procedure for third-party apps that assigns authorization to a school administrator, without explaining how this satisfies the federal mandate. The public record also lacks critical details. The notice does not name the specific third-party services that administrators can authorize, nor does it describe any mechanism for obtaining direct parental consent for them. The searchable list of approved applications mentioned in the notice was not available in the provided documentation, making public verification of the services’ privacy policies impossible. Consequently, the district's plan to achieve full COPPA compliance for third-party software remains undocumented.