Adobe & Student Privacy

Learn how Adobe complies with US laws and regulations related to the privacy of student data.
 
Last updated: October 19, 2017
 
Can our school use Adobe products and services and comply with the Federal Education Privacy Rights Act (FERPA)?
Yes. Regardless of the product or service used, Adobe contractually commits to protect and secure student information in the manner that FERPA requires and, also, agrees to act as a “school official” to the extent our services are used to store regulated student records in accordance with 34 Code of Federal Regulations (CFR) §99.31(a)(1).
 
Can our school use Adobe products and services and comply with the Children’s Online Privacy Protection Act (COPPA)?
Yes, but the method for doing so varies depending on the product or service. Adobe does not allow children under 13 to directly register for an individual Adobe ID and so products and services that use individual Adobe ID only cannot be used by a student under 13. Apps and services like these must be used under the supervision of a parent or a teacher using that parent or teacher’s Adobe ID.
We are currently piloting an enterprise level K-12 named student license program that will allow schools to deploy enterprise-level Adobe IDs to students regardless of their age. Under its contractual agreement with Adobe, a school must first obtain the verified parental consent required by COPPA before registering a student under the age of 13. K-12 schools also are contractually obligated to register students under 13 using only enterprise or federated Adobe IDs. If the school obtains the required parental consent and deploys as directed, the resulting use will be COPPA-compliant.
 
Can our school use Adobe products and services and comply with state student privacy legislation like California’s Student Online Personal Information Privacy Act (SOPIPA)?
Yes. In recent years, many U.S. states have passed student privacy legislation targeted at operators of sites or services that are both “developed for and marketed to” K-12 schools. Examples include California’s Student Online Personal Information Privacy Act (SOPIPA) Cal. Bus. & Prof. Code § 22584 and Colorado’s Student Data Transparency and Security Act, Colo. Rev. Stat. § 22-16-101. These state-level student privacy statutes expressly do not apply to Adobe’s products and services because they, uniformly, exempt “general audience” software and service providers -- i.e. providers like Adobe who develop their software and services primarily for general audiences and do not primarily or specifically develop their products for K-12 schools.
 
Why hasn’t Adobe signed the Student Privacy Pledge?
The Student Privacy Pledge only applies to “school service providers.” Adobe is not a ‘school service provider’ as defined by the Pledge because it creates general audience software, applications, services or websites that are designed for general audiences and creative professionals. Our products and services are not primarily designed for schools.
 
Does Adobe provide privacy protections similar to those outlined in state student privacy statutes and the Student Privacy Pledge?
Yes. Even though we are a general audience software and service provider, our products and services still respect student privacy.
For example, when a school assigns a student an enterprise ID as part of our pilot K-12 named student license program, Adobe does not create profiles of students except at the direction of the school or to support authorized school purposes, and any student data gathered is for the use and benefit of the school and for no other commercial purpose other than operating or improving those products and services that the school has licensed. Additionally, regardless of the product or service used, all student-generated content remains the exclusive property of the student and/or the school and student data is never sold to or shared with third parties, except as outlined in our Privacy Policy.
 
Can our school use Adobe products and services and comply with California’s AB 1584?
Yes. Adobe’s Privacy Policy, Security Center and contractual agreements contain all the assurances required for AB 1584 compliance: (a) all records remain the property of the student and/or the school; (b) students can always retain possession and control of their own content by downloading it to a personal device or thumb drive before the end of the school year; (c) we do not share student data with third parties except as outlined in our privacy policy; (d) parents may access or correct student personally identifiable data by using the access request process described in our Privacy Center; (e) the actions we take to secure our products and services, including student records, are described in our Security Center; (f) Adobe contractually commits to protect and secure student information in the manner that FERPA requires and, also, agrees to act as a “school official” to the extent our services are used to store regulated student records; (g) while we may use machine learning technologies to improve our products and services and to present customers with a more personalized experience, we do not use information in student records to target advertising; students and schools can turn off machine learning at any time by following these instructions; (h) in the event of unauthorized access to student records, the student or the school will be notified in accordance with relevant state breach notifications laws; and (i) the school and the student are responsible for deleting all records stored in any Adobe hosted service at the end of the contract term.
 
For more information
Visit the Privacy Center or email us at askprivacy@adobe.com