Google’s Workspace for Education will require school admins to independently approve all integrated third-party applications students use. Users under 18 cannot use their Google accounts to access third-party applications without consent configured in user settings. Access will terminate automatically on October 1, 2023. Google Workspace for Education’s Terms of Service does not cover third-party applications and may collect user information according to their privacy policies. Enabling third-party applications is as easy as having the account admin click “Confirm.” However, the legal requirements may not be as simple. Schools with students K-12 and any extracurricular, daycare, and other childcare organizations may need parental consent before allowing their children to access these services.

Privacy laws, including the Children’s Online Privacy Protection Act (COPPA), California’s Online Privacy Protection Act (CalOPPA), and the Family Educational Rights and Privacy Act (FERPA) restrict how organizations collect, process, and sell children’s data without parental consent. Additionally, third-party applications have historically been risky in terms of privacy practices. For instance, the Federal Trade Commission (FTC) famously fined a coloring book application for mining children’s data in violation of COPPA, and the Mozilla Foundation routinely calls out applications with substandard privacy practices in their Privacy Not Included series (which we’ve enjoyed before.)

K-12 schools and any other organization with users under the age of 18 may consider taking this opportunity to audit the third-party applications used by their students. Often, organizations add these applications on an as-needed basis without going through a regular review process. While handy in the moment, this ad-hoc approach may allow apps with substandard privacy practices to creep in. With children’s data – and hefty fines – at stake, wise institutions may take the time to be proactive rather than reactive.