Office 365 for Education and students under age 13

[Pat James]

Please forgive me as this is just barely Minecraft-related, but it is an issue I am sure most of you on the new Education Edition are dealing with. 

Our school, a K-8 with many students under age 13, is looking into the free Office 365 for Education service.  I am beating my head against the wall a bit on a licensing question for Office 365 for Education and students under age 13 in the US.  I figure since some of you are using the free Office 365 for Education accounts for your students to access Minecraft: Education Edition, you might know the answer to this.

Here is a question I posted on the Microsoft Answers site which received some responses from Microsoft employees who seem to be clearly and unambiguously stating that it is flat out not supported to assign an account for Office 365 for Education to a student under age 13.  I can't help but think they are interpreting my question too narrowly or something else has gone haywire with the communication process as I really don't want to believe Microsoft is just throwing away the opportunity to get kids started early, especially when Google's education product offering does allow this.  I know that the Answers site isn't really great for getting good responses, but I restated my question a few times to try to be sure they understand it, and it seems like maybe they do (even though they keep throwing references to irrelevant web pages and products into their responses).  I guess I am having a hard time accepting that as a real answer as I know about the Minecraft connection to the Office 365 accounts, and it must be supported somehow.

I understand all about COPPA, FERPA, etc. and the regulatory reasons why children under 13 live under many restrictions on the internet, but if Google has figured out how to handle this I can't believe Microsoft isn't going to match them on this capability.

How are you handling this, and can you help direct me to any official Microsoft-published resources that explain how to license Office 365 for Education to students under 13.  I understand that the whole "self-signup" account provisioning option might be off the table, but I am happy to bulk-create all of the student accounts by csv file upload or powershell scripts and skip the self-signup process.

-Pat

[Neal S. Manegold]

Hi Pat Office 365 Education is fully compliant and can be used K-12, thanks!

--
You received this message because you are subscribed to the Google Groups "Minecraft Teachers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to minecraft-teach...@googlegroups.com.
To post to this group, send email to minecraft...@googlegroups.com.
Visit this group at https://groups.google.com/group/minecraft-teachers.
To view this discussion on the web visit https://groups.google.com/d/msgid/minecraft-teachers/eba6c15a-522e-480d-aaf4-85e81b137520%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Neal S. Manegold mane...@gmail.com 206.450.3252

[Pat James]

That's what I figured...but I am still troubled by:

(a) The apparent lack of any official statement, license, or terms of use documentation where this is stated

(b) The existence of an official terms of use document which states precisely the opposite:  all users in the US must be 13 or older.  See:  https://www.microsoft.com/online/legal/v2/en-us/office_365_education_for_students_program_agreement.htm

(c) Explicit guidance from Microsoft employees on the Answers site stating all users in the US must be 13 or older

Can you give me any links or other official guidance I can fall back on to prove to school administrators that this is supported?

Thanks, Patrick

[Neal S. Manegold]

Hi Pat, I'm not sure where you are seeing this lack of official statements. Here's just one of the many places this information is located...

https://www.microsoft.com/online/legal/v2/en-us/MOS_PTC_Regulatory_Comp.htm

Is Office 365 compliant with FERPA?

While an educational institution has many varied obligations under FERPA, Microsoft stipulates the key contractual terms that govern the use and disclosure of education records that may be stored in Office 365, allowing educational institutions to use Office 365 as part of a broader FERPA compliance strategy.

FERPA requires any educational agency or institution that receives funding from the U.S. Department of Education to protect privacy rights of students by safeguarding “education records” from use or disclosure without consent. Department of Education guidance makes clear that email communications are considered education records subject to FERPA and that cloud email providers should be similarly restricted in how they use or disclose information in emails and documents. 

FERPA requires that a cloud provider agree that “education records” contained in faculty, staff, and student emails and other electronic documents will be used only for the narrow purpose of providing the cloud service and that such information will not be scanned or used to support and maintain commercial activities such as advertising. Microsoft provides educational institutions with a route to FERPA compliance by agreeing to be deemed a “school official” subject to FERPA with “legitimate educational interests” in the institution’s data, and by agreeing to abide by the limitations and requirements imposed by FERPA on school officials, including agreeing that it will not scan institution emails or documents for advertising purposes.

 

If my school uses Office 365, does Microsoft require direct parental consent for students under the age of 13 to ensure COPPA compliance?

No. Microsoft uses Office 365 customer data only to provide the Office 365 service and not for other commercial purposes (such as for advertising or marketing or to build commercial profiles). The Federal Trade Commission (FTC) has stated that under such circumstances an “operator is not required to obtain consent directly from parents.”

Microsoft provides Office 365 to the school as our customer and all customer data belongs to the school. We do not use or share Office 365 customer data for any other commercial purposes (for example, in connection with advertising or marketing or to build user profiles for commercial purposes not related to the provision of Office 365). For more information, please visit the Office 365 Trust Center. Accordingly, the FTC’s guidance indicates that an operator such as Microsoft does not need to obtain direct consent from parents of students using the service—even if they are under the age of 13. As the FTC explains, COPPA allows schools to act as either as an intermediary for parental consent or “the parent’s agent in the process of collecting personal information online from students in the school context” where, as here, the operator collects users’ personal information only for the use and benefit of the school. However, consistent with the FTC’s guidance, we believe schools should forward information to parents about how personal information is collected, used, and shared in Office 365—including assurances that Microsoft will not use such information for other commercial purposes—in the school’s own Acceptable Use Policies for Internet Use or similar document that educates parents about in-school Internet use of Office 365 and any other online services, whether provided by Microsoft or other providers. For more information on COPPA compliance generally, see the FTC’s Complying with COPPA: Frequently Asked Questions. For unique issues related to COPPA and Schools, refer to FAQs M1 to M4 from the foregoing document.

 

If my business is subject to the Children’s Online Privacy Protection Act (COPPA), can I use Office 365 and remain compliant?

Yes. Microsoft uses customer data only to provide the Office 365 service and does not use or share the data for its own or a third party’s commercial purposes, such as for advertising purposes. Moreover, Office 365 provides features and security that support customers’ compliance with COPPA.

We understand that Microsoft customers may use Office 365 in connection with activities that may be governed by COPPA—like providing commercial online services directed to children under 13 years of age or otherwise knowingly collecting personal information from such children. Office 365 customers are ultimately responsible for complying with their own COPPA obligations, which may include providing parents with notice of the customer’s practices regarding the collection, use, and disclosure of personal information from children under 13, and obtaining any necessary parental consents. However, the use of Office 365 creates no additional COPPA burdens for customers beyond those that would apply if the customer used an on-premises solution. Microsoft uses the customer data in the Office 365 services only for the benefit of the customer—we don’t use or share customer data for commercial purposes other than to provide the Office 365 service. Moreover, Office 365 supports customers’ compliance with COPPA through our implementation of extensive measures designed to help protect the confidentiality, security, and integrity of customer data. For more information on COPPA compliance generally, see the FTC’s Complying with COPPA: Frequently Asked Questions.

 

If my organization is subject to the Children’s Internet Protection Act (CIPA), does Office 365 provide controls that help with compliance?

Yes. CIPA requires certain schools and libraries that receive funds from the U.S. Department of Education, or that receive certain discounted services through the U.S. E-rate program, to annually certify that they have an Internet safety policy that includes technological measures to protect against Internet access to visual depictions that are obscene, child pornography, or harmful to minors. Entities subject to CIPA must also certify that their Internet safety policy addresses unauthorized disclosure, use, and dissemination of personal information regarding minors, among other requirements. Although CIPA obligations do not directly apply to Microsoft or to the provision of Office 365 services, and customers must independently assess whether their Internet safety policy complies with CIPA obligations (including technological measures governing web access entirely unrelated to Office 365), the Office 365 service supports customer compliance through administrative controls that allow customers to control user access to Office 365 components, and through the implementation of extensive security measures designed to help safeguard customer data.

--

You received this message because you are subscribed to the Google Groups "Minecraft Teachers" group.

To unsubscribe from this group and stop receiving emails from it, send an email to minecraft-teachers+unsub...@googlegroups.com.
To post to this group, send email to minecraft-teachers@googlegroups.com.

Visit this group at https://groups.google.com/group/minecraft-teachers.

To view this discussion on the web visit https://groups.google.com/d/msgid/minecraft-teachers/f71862cd-49fe-4272-9c62-4084bc5629b5%40googlegroups.com.

[Pat James]

Since posting in July I've had a phone conversation with the Office 365 for Education support staff about this.  They assured me that as long as it is the school who is provisioning the student accounts it is OK, or to be more precise, Microsoft washes their hands of the question of who can and can't be a user once the school admin assumes responsibility for provisioning user accounts.  The prohibition on licensing to users under age 13 is only for the self-provisioned Office licenses that anyone with a school email address can sign up for.

The employees who respond to the questions on the answers site are not very well-informed or nuanced in their response -- they just keep repeating the statement that students under age 13 can't use Office 365 for Education and if you don't like it, make a suggestion to change it on User Voice.   https://answers.microsoft.com/en-us/msoffice/forum/msoffice_o365edu-mso_teams/office-365-for-education-and-students-under-age-13/4fac807a-50e5-43f8-ad90-dcc45080a8d8?auth=1