Educational technology companies, which saw massive global growth during COVID, have often played fast and loose with student data. But the US Federal Trade Commission (FTC) has raised the stakes by charging the three-quarter billion dollar per year industry leader Chegg with having exposed the data of 40 million users. And ever more alarmingly, the Chegg data found available for sale includes highly sensitive details on student religion, sexual orientation, disabilities, and parental income.

How was this possible? Easy, since Chegg had gave employees and outside contractors an all-access password to user account data stored on AWS online systems.

This is a big warning bell for edtech, since it’s the first case in the FTC’s campaign to police edtech data mining and because instead of doing so via the Children’s Online Privacy Protection Act (COPPA), the agency charged Chegg with unfair, deceptive business practices.