Skip to main content
Texas

Texas Student Data Privacy

Requires Signed Agreement
Does not require signed agreement

Texas student data privacy targets vendors

Texas Student Data Privacy Guide

Primary Law: Student Data Privacy Act
Citation: Texas Education Code §§ 32.151 through 32.156, enacted by Senate Bill 820
Official Text: https://statutes.capitol.texas.gov/Docs/ED/htm/ED.32.htm

Texas Senate Bill 820 establishes statewide limits on how student data may be handled by vendors that provide digital educational products to Texas public schools. The statute is designed to prevent commercial misuse of student data while allowing districts flexibility in how they evaluate and approve classroom tools.

Rather than prescribing a uniform approval or contracting process, SB 820 defines clear boundaries for vendor conduct and leaves implementation details to local district governance.

Scope and applicability

Under SB 820, student data generally refers to information that is:

  • Linked or reasonably linkable to an identifiable student.
  • Created, received, or maintained through the use of a digital educational product.
  • Shared by a district, educator, or student in a K to 12 instructional context.

The law applies to:

  • Texas public school districts and open enrollment charter schools.
  • Vendors that design or market digital educational products for school use and receive student data.

If a vendor provides a digital instructional service to a Texas school and accesses student data, SB 820 governs how that data may be used.

Vendor conduct rules under SB 820

SB 820 sets firm limits on vendor behavior when handling student data.

Vendors are prohibited from:

  • Using student data to deliver targeted advertising.
  • Selling or licensing student data to third parties.
  • Building student profiles for purposes unrelated to delivering the educational product.
  • Sharing student data except where disclosure is required by law or necessary to support the service.

These restrictions attach directly to the vendor under statute and are not dependent on district specific agreements.

Data protection and security expectations

SB 820 requires vendors to take reasonable steps to protect student data from misuse or unauthorized access.

Expected safeguards include:

  • Appropriate administrative and technical controls based on data sensitivity.
  • Physical protections for systems that store or process student data.
  • Access controls that limit data handling to authorized individuals.

Districts are expected to consider these practices when determining whether a product is suitable for student use.

Allowable uses of student data

The statute permits vendors to use student data when the use is directly connected to educational delivery, including:

  • Operating and supporting the digital educational product.
  • Improving functionality or performance of the service.
  • Supporting instructional, assessment, or administrative activities.
  • Meeting legal or regulatory obligations.

Use of student data must remain tied to the educational context in which the data was provided.

District responsibility and local decision making

SB 820 regulates vendor behavior, but districts retain discretion over how tools are approved and monitored.

In practice, Texas districts often:

  • Review vendor privacy policies and data use statements before approval.
  • Confirm that vendor practices align with statutory restrictions.
  • Decline tools that introduce advertising, resale, or secondary data use risk.
  • Revisit approvals if vendor policies or features change over time.

The statute does not dictate a single review workflow or documentation standard.

Do Texas districts need signed vendor agreements

SB 820 does not impose a blanket contract requirement.

  • Compliance obligations apply to vendors through statute, not through contract form.
  • Districts may rely on documented vetting of publicly available materials to determine whether a vendor meets legal expectations.
  • Some districts elect to formalize expectations through written agreements when the instructional role or data footprint of a vendor is more significant.

The emphasis under SB 820 is on how student data is actually handled, rather than on the presence of a specific document.

Practical considerations for Texas districts

To operate effectively under SB 820, Texas districts often prioritize:

  • Maintaining awareness of which digital tools access student data.
  • Applying consistent review criteria during the approval process.
  • Retaining records that show why a vendor was approved.
  • Monitoring vendor policy updates that could affect compliance.
  • Escalating review for tools that expand features or data collection over time.

How edprivacy supports Texas schools

Texas districts must demonstrate that approved vendors operate within the boundaries set by SB 820, while still enabling instructional access.

edprivacy supports Texas schools by enabling districts to:

  • Organize vendor reviews based on publicly available privacy and security documentation.
  • Capture approval rationale and supporting evidence in a single system.
  • Track which tools are approved and under what assumptions.
  • Manage written agreements where districts decide they are appropriate.
  • Receive visibility into vendor policy changes that may require reassessment.

Edprivacy provides Texas administrators with a flexible framework that supports local decision making while maintaining alignment with state law.