Adobe & Student Privacy
Learn how Adobe complies with US laws and regulations related to the privacy of student data.
Last updated: October 19, 2017
Can our school use Adobe products and services and comply with the Federal Education Privacy Rights Act (FERPA)?
Yes. Regardless of the product or service used, Adobe contractually commits to protect and secure student information in the manner that FERPA requires and, also, agrees to act as a “school official” to the extent our services are used to store regulated student records in accordance with 34 Code of Federal Regulations (CFR) §99.31(a)(1).
Can our school use Adobe products and services and comply with the Children’s Online Privacy Protection Act (COPPA)?
Yes, but the method for doing so varies depending on the product or service. Adobe does not allow children under 13 to directly register for an individual Adobe ID and so products and services that use individual Adobe ID only cannot be used by a student under 13. Apps and services like these must be used under the supervision of a parent or a teacher using that parent or teacher’s Adobe ID.
We are currently piloting an enterprise level K-12 named student license program that will allow schools to deploy enterprise-level Adobe IDs to students regardless of their age. Under its contractual agreement with Adobe, a school must first obtain the verified parental consent required by COPPA before registering a student under the age of 13. K-12 schools also are contractually obligated to register students under 13 using only enterprise or federated Adobe IDs. If the school obtains the required parental consent and deploys as directed, the resulting use will be COPPA-compliant.
Can our school use Adobe products and services and comply with state student privacy legislation like California’s Student Online Personal Information Privacy Act (SOPIPA)?
Yes. In recent years, many U.S. states have passed student privacy legislation targeted at operators of sites or services that are both “developed for and marketed to” K-12 schools. Examples include California’s Student Online Personal Information Privacy Act (SOPIPA) Cal. Bus. & Prof. Code § 22584 and Colorado’s Student Data Transparency and Security Act, Colo. Rev. Stat. § 22-16-101. These state-level student privacy statutes expressly do not apply to Adobe’s products and services because they, uniformly, exempt “general audience” software and service providers -- i.e. providers like Adobe who develop their software and services primarily for general audiences and do not primarily or specifically develop their products for K-12 schools.
Why hasn’t Adobe signed the Student Privacy Pledge?
The Student Privacy Pledge only applies to “school service providers.” Adobe is not a ‘school service provider’ as defined by the Pledge because it creates general audience software, applications, services or websites that are designed for general audiences and creative professionals. Our products and services are not primarily designed for schools.
Does Adobe provide privacy protections similar to those outlined in state student privacy statutes and the Student Privacy Pledge?
Yes. Even though we are a general audience software and service provider, our products and services still respect student privacy.
Can our school use Adobe products and services and comply with California’s AB 1584?