Keystone Oaks Privacy Plan Omits Parental Consent Process | The Locally Times

The district's April 22 plan to comply with federal law creates a public list of digital tools but fails to specify how it will obtain legally required parental consent.

The Keystone Oaks School District announced a plan on April 22, 2026, to strengthen student privacy by increasing transparency around the digital tools used in its classrooms. While the district committed to publishing an online list of all approved digital applications and set a goal for full compliance by the announcement date, its published plan provides no details on how it will manage one of the law’s central requirements: obtaining parental consent before collecting children's data. ## Consent vs. Transparency The district’s own announcement outlines the core of the federal law it seeks to comply with. COPPA requires companies providing online services to children under 13 to be clear about what information they collect and to secure verifiable permission from parents. Keystone Oaks acknowledges that because schools select and require the use of these digital tools, the district has a responsibility to be transparent about their data practices. The plan presents the creation of a searchable application list as the primary mechanism for fulfilling this responsibility, drawing a line between providing information and securing permission. While the plan provides a means for parents to review privacy policies, it does not describe a process for them to formally grant or deny consent. ## A Plan Missing a Process While the district’s plan details its commitment to transparency, the public record is silent on the specific procedures for obtaining and managing the parental consent mandated by COPPA. The April 22 announcement does not specify whether parents will be asked to provide a single, blanket consent for all digital tools or if consent will be sought for each application. The documents also fail to outline a system for parents to selectively approve some services, opt out of others, or revoke consent once it has been given. The records do not specify what new systems, staffing, or financial resources, if any, have been allocated to build and manage such a consent process before the district’s self-imposed compliance deadline. ## A Widening Digital Footprint The scope of student data collection is detailed in the district’s notice, which confirms that all students use Google Workspace for Education accounts. Through these accounts, students access what Google terms Core Services, a list that includes Gmail and Google Classroom. The district notice states that it also allows students to access Additional Services, such as YouTube and Google Maps, through their school accounts. Beyond these platforms, the document reveals a third category of software access: school administrators enable student access to other third-party services through their Google accounts. The district’s notice does not provide a list of these third-party services or their privacy policies, making it impossible for parents to review the full scope of digital services their children may use. This omission directly conflicts with the district’s stated goal of transparency and leaves entirely unaddressed how consent is obtained for these unlisted services.