Student Data Is Already in AI Systems Nobody Authorized
The Sovereign Institute | Week 16
Student Privacy and AI Sovereignty in Education
---
The student in seat seven has a documented learning disability. She reads two years below grade level and responds well to visual instruction — details recorded in her Individual Education Plan, accessed by her adaptive learning platform every time she logs in, processed through cloud AI to generate the personalized content she needs. Her parents signed a device use agreement at the start of the school year.
Nobody asked them whether their daughter's learning disability profile could be used to train commercial AI models. The adaptive learning vendor's terms of service permit that use under the "school officials" exception to FERPA — a privacy law written in 1974, when the most sensitive student record was a paper file in a locked cabinet.
Students can't consent. Their parents weren't asked. The AI was trained anyway.
---
Where FERPA's Authority Ends
FERPA — the Family Educational Rights and Privacy Act, enacted in 1974 — restricts which third parties can receive student education records and under what conditions. It was a strong protection for the era it addressed. The "school officials" exception it created allows authorized educational vendors to access student data for legitimate educational purposes.
That exception was written for human administrators and educational service providers. It is now routinely interpreted to authorize AI training use — the practice of using student data to improve commercial AI models available to customers unrelated to the original educational purpose. The Department of Education has issued guidance suggesting this use is not authorized. Enforcement actions specifically targeting AI training use remain limited. The gap between what the law seems to prohibit and what the market currently does is wide and largely uncontested.
COPPA — the Children's Online Privacy Protection Act — creates a separate and sharper constraint. Under COPPA, collecting personal information from children under 13 without verified parental consent is a federal violation subject to fines of up to $51,744 per violation per day. A district with 5,000 students under 13 in an AI learning platform that lacks specific COPPA-compliant parental consent has a potential daily liability of $258 million. That calculation has never appeared in an EdTech procurement meeting. It is, at this moment, being calculated in federal enforcement offices.
The FTC established the enforcement template in 2019: a $170 million settlement with Google and YouTube for collecting personal information from children in educational products without verified parental consent. The settlement didn't require proving harm. It required proving that the collection occurred without the consent COPPA requires. That standard applies to every AI educational tool processing data from students under 13 without specific AI consent mechanisms — which describes most of them.
---
The Consent Chain Nobody Checked
The teacher who deployed the AI grading tool was solving a real problem: 150 essays to grade, feedback to personalize, time she didn't have. The IT department approved the EdTech vendor. The vendor agreement included a FERPA data processing addendum. The school signed it and moved on.
Nobody in that chain reviewed what the FERPA addendum actually permitted for AI training use. Nobody traced what happened to student essays after the AI graded them. Nobody asked whether the consent mechanism for AI data processing met COPPA's specificity requirements for students under 13. The compliance documentation is accurate — for the product that was reviewed, at the time it was reviewed, before the AI features were added.
Student data AI exposure grew gradually: a math adaptive learning tool, then an AI grading assistant, then AI-powered plagiarism detection, then AI meeting summaries from teacher professional development sessions discussing student performance. Each addition delivered real instructional value. Each was reviewed individually. The aggregate effect — a district's entire student population with detailed AI-analyzed profiles on commercial infrastructure — was never assessed as a system.
New York City's Department of Education reached that assessment in 2022 and banned several cloud collaboration tools over student data concerns. The largest school district in the United States decided that the data governance gap was serious enough to remove tools that teachers depended on. That decision was not made from excessive caution. It was made from specific concern about where student data was going and who had authorized it to go there.
---
The Three Student Data Categories With Highest Exposure
Not all student data carries the same risk profile. Three categories create the most concentrated legal and ethical exposure.
Learning disability records are the most sensitive under FERPA and the most valuable for personalization AI. An adaptive learning system that knows a student's specific accommodation needs — extended time, visual instruction preference, attention patterns — can deliver genuinely better instruction. The same specificity that makes the AI effective makes the data maximally sensitive. A learning disability profile processed through commercial AI exists on vendor infrastructure indefinitely, under retention terms the district didn't set, subject to applicable law the district didn't negotiate.
Under-13 performance data triggers COPPA's most stringent requirements. The consent mechanism that covers general educational data collection does not meet COPPA's specificity requirements for commercial AI data processing. A district that believes FERPA compliance covers its COPPA obligations is carrying the enforcement gap as unassessed daily liability. The FTC's action against Google established that the consent standard exists and will be enforced regardless of how widely the non-compliant practice has spread.
Behavioral intervention records carry the highest parent sensitivity and the most lasting consequences. Disciplinary records, attention deficit documentation, family circumstances that affect learning performance — this data is processed by AI educational tools because it improves personalization quality. It also creates profiles that will outlast a student's school career by decades, on infrastructure subject to vendor retention policies and commercial use terms that no school board authorized.
---
The Regulatory Timeline Schools Cannot Ignore
The EU AI Act classifies AI systems used in educational institutions as high-risk — requiring complete risk assessment documentation, human oversight mechanisms, technical reliability testing, and detailed audit trails. Enforcement begins in 2026. For EU school districts using US cloud AI educational platforms, the accountable party under EU law is the institution deploying the AI, not the company that built it. Vendor certifications do not transfer to deploying institutions. An EU school district must be able to demonstrate its own compliance.
State-level protection requirements are expanding above the FERPA floor. California's Student Online Personal Information Protection Act restricts EdTech companies from using student data for commercial purposes. New York's Education Law 2-d requires specific contracts for student data sharing with enhanced data security provisions. Colorado's Student Data Transparency and Security Act mandates transparency reports and deletion rights. Each state requirement adds a layer that the FERPA baseline doesn't cover.
The Houghton Mifflin Harcourt class action, filed in 2024, alleged that student data was shared with third-party AI providers through the adaptive learning platform without adequate consent — a private litigation pathway that doesn't require an enforcement agency to act first. BIPA litigation against sports technology companies created the template for biometric data class actions. The student data equivalent is being developed in active litigation.
Organizations that establish sovereign educational AI infrastructure before these frameworks mature will have compliant systems. Those planning to remediate under enforcement pressure will be doing so under regulatory scrutiny with less time than they currently believe they have.
---
What Sovereign Educational AI Architecture Looks Like
The SIA standard's Level 2 Data Sovereign configuration addresses educational AI governance without asking districts to choose between instructional quality and student protection.
The Vault keeps student profiles — learning disability accommodations, performance histories, behavioral patterns, adaptive learning outputs — within a governed infrastructure the district controls. The AI personalizes instruction using that data. The reasoning chain stays inside the district's perimeter. The adaptive learning vendor provides the model. The student's profile never reaches the vendor's infrastructure. Personalization happens. The data doesn't leave.
The Recorder creates the audit trail that FERPA, COPPA, and EU AI Act compliance require: which AI interaction processed which student's data, under what authorization, with what output. When a parent requests an accounting of how their child's data was used — a FERPA right that every parent holds — the answer exists in infrastructure the district controls and can produce on its own timeline. When an enforcement agency asks the same question, the response doesn't depend on reconstructing records from a vendor's retention logs.
Deployment for an educational institution at Level 2 typically takes 8-10 weeks. The teachers' existing AI workflows are preserved. The difference is where processing occurs and who retains the inference chain.
---
The Governance Steps a District Can Take Now
Three specific actions address the highest-risk categories without requiring sovereign infrastructure as the first step.
An EdTech AI inventory answers the most basic questions districts currently cannot answer: which AI tools are processing student data? Which students are affected? What data categories does each tool access? A technology director who cannot answer those questions cannot assess their COPPA exposure, their FERPA compliance position, or their EU AI Act obligations. The inventory creates the baseline everything else builds on.
A COPPA consent audit for under-13 students determines whether existing parental consent mechanisms meet COPPA's specificity requirements for AI data processing — not just general educational data collection. Most districts will find that consent language predates AI feature deployment by years. Updating consent mechanisms is a legal and administrative action, not an infrastructure project, and it closes the most immediate liability exposure.
Sovereign infrastructure implementation for the highest-sensitivity categories — learning disability records, under-13 adaptive learning profiles, behavioral intervention data — addresses the data that carries the greatest legal and ethical risk while districts complete broader governance reviews. Prioritizing these categories first means the student populations with the greatest protection needs receive that protection first.
---
Who This Is Really About
The students whose educational AI profiles are being accumulated today will be adults in 5-15 years. Their learning disability accommodations, behavioral interventions, academic performance trajectories, and family circumstances encoded in AI models will have been on commercial infrastructure for over a decade by then. They consented to nothing. Their parents were not asked. The data will outlast the student's school career by decades, subject to vendor retention terms, applicable law, and commercial use decisions made by organizations the students have never heard of.
The institutions holding educational AI profiles for minors carry an obligation that exceeds compliance minimums. Sovereign infrastructure is the architectural response to that obligation — the mechanism that makes "your child's data is under our control, accessible to you, used only for their education" a statement that can be technically verified rather than contractually asserted.
The districts that establish that verification capability before regulatory enforcement arrives will have something worth having: systems that work the way a school is supposed to — in the student's interest, with the parent's knowledge, and under the district's control.
---
The Sovereign Institute publishes the SIA standard for AI deployments that keep organizational intelligence within the governance perimeter. Certified practitioners implement SIA-compliant educational infrastructure for institutions operating under student data sovereignty and regulatory compliance requirements.