The second issue was whether the school was permitted to share student data with the edtech provider under the “school official” exception of FERPA. This approach avoids the necessity of parents having to affirmatively consent to a schools use of edtech apps and services and therefore has been the approach that is used in most edtech provider contracts. For the edtech provider to qualify as a school official with a legitimate educational interest in the student data, specific criteria must be met. The FPCO sided with the Agora School that this approach is permissible under FERPA, but it cautioned that schools should carefully review the contractual terms with those providers before doing so. The FPCO recommended that schools use its Model Terms of Service document as a guide for vetting edtech contracts.