The Federal Trade Commission (FTC) recently issued a policy statement about the application of the Children’s Online Privacy Protection Act (COPPA) to Ed Tech providers, warning that they can only use student personally identifiable information (PII) collected with school consent for the benefit of the school, and that they cannot retain it for longer than required to meet the purpose of collection. Ironically, days later, a Human Rights Watch investigative report observed that almost 90 percent of Ed Tech products it reviewed “appeared to engage in data practices that put children’s rights at risk.” These revelations are no surprise to children’s privacy advocacy groups like the Student Data Privacy Project. But in the midst of a COVID-fog, much like the fog of war, Ed Tech remained largely insulated from scrutiny, siphoning student PII with impunity.