Comply with privacy laws
When you deploy devices, services and apps for education, you must comply with applicable privacy laws and regulations, such as the Family Educational Rights and Privacy Act (FERPA) and Children’s Online Privacy Protection Act (COPPA) in the United States, or the General Data Privacy Regulation (GDPR) in the European Union.
Schools can use Apple features and services for education in compliance with those obligations under COPPA and FERPA in the United States, and other applicable data privacy laws in those jurisdictions in which Apple School Manager is available.
Security and privacy are fundamental to the design of all Apple hardware, software and services. Apple takes an integrated approach to ensure that every aspect of the experience has security and privacy built in. This approach considers the privacy and security of all users, including those within an education setting such as teachers, staff and students.
Apple School Manager
Apple School Manager is built with student data privacy in mind. When you use Apple School Manager to enable student access to services, Apple acts as a data processor on your behalf. Ownership and control of student data remains with your school. Apple receives and processes only student data on your behalf, as directed by you.
Managed Apple IDs
You can set up Managed Apple ID accounts and class registers in Apple School Manager, importing only minimal data like student names and enrolled classes; other student information that may be in your Student Information System (SIS) isn’t imported, unless you specifically opt to do so.
Managed Apple IDs have limitations on purchasing and communications to protect student privacy. Individual App Store, Books Store, iTunes and Apple Music purchases, as well as other Apple services such as HomeKit connected devices, Apple Pay and iCloud Keychain are automatically disabled. The school owns and controls student information, and can choose to enable or disable services such as iMessage, FaceTime or student progress recording with the Schoolwork app.
For more information, see Service access with Managed Apple IDs in the Apple School Manager User Guide.
Privacy standards supported by Apple
Apple maintains certifications in compliance with the ISO 27001 and 27018 standards for implementing an Information Security Management System with measures for protecting PII in public cloud environments. We also meet the requirements of the new EU GDPR framework. In addition, Apple has signed the Student Privacy Pledge, further underscoring our commitment to protecting the information of students, parents and teachers shared in our schools. The Apple Information Security Management System (ISMS) maintained under the ISO 27001 and 27018 efforts leverage other key industry frameworks such as the NIST Cybersecurity Framework in addition to the ISO standards themselves.