Breaking: SNHU Faces class-Action Over Alleged Data sharing With Google adn TikTok
Table of Contents
- 1. Breaking: SNHU Faces class-Action Over Alleged Data sharing With Google adn TikTok
- 2. Key Facts at a Glance
- 3. Why This Matters for Fans of Privacy
- 4. What’s next
- 5. Expert Take and Questions for Readers
- 6. API Calls:
- 7. FERPA Requirements and Student Rights
- 8. How the MySNHU Portal Operates
- 9. allegations of data Sharing with Google
- 10. Allegations of Data Sharing with TikTok
- 11. Potential Legal Consequences for SNHU
- 12. SNHU’s Official Response
- 13. Impact on Campus Technology Policies
- 14. Practical Tips for Students protecting Their Data
- 15. Frequently Asked Questions (FAQ)
Two students at Southern New Hampshire University have filed a federal lawsuit alleging the online university disclosed sensitive student data to google and TikTok through its student portal, mySNHU. The action argues the school allowed “surreptitious online tracking tools” to operate without student authorization, in possible violation of the Family Educational Rights and Privacy Act (FERPA).
the complaint targets the portal’s use of analytics services, including Google Analytics and TikTok Pixel, which the plaintiffs say transmitted a broad set of data. They claim data such as full names, contact details, ethnicities, gender identities, career and military status, financial aid details, course descriptions, and cumulative GPA were shared with third-party platforms.
Attorneys for the students contend the university’s approach serves marketing and growth objectives rather than student privacy, calling for a class-action to cover all students who have accessed mySNHU. The plaintiffs are residents of Massachusetts and Michigan.
SNHU has acknowledged the lawsuit and said it is indeed reviewing the allegations. A university spokesperson stated that SNHU “takes data privacy seriously” and remains committed to protecting the privacy of students, faculty, and staff in line with applicable law.
SNHU emphasizes its scale: it is one of the nation’s largest online universities, reportedly serving more than 180,000 students, with roughly 3,000 attending on campus at its Manchester campus. The lawsuit seeks class certification to represent all students who accessed mySNHU, which many use to manage coursework and view academic records.
The filing notes that the portal relies on a suite of analytics tools,and the plaintiffs describe these tools as installing surveillance software on the site. They say the data transmitted through this software includes a wide range of personally identifiable information, much of which the university allegedly did not authorize for sharing.
A redacted image from the complaint is cited in the filing to illustrate the type of data the plaintiffs say has been exposed,though the exact details are blocked in the document. The case appears to be part of a broader pattern of privacy litigation involving educational institutions and data-tracking technologies.
Context matters: last year, a separate report highlighted that a government education department tool used in FAFSA processing was found to share student identifiers with a major tech company, underscoring ongoing concerns about how student data is handled by public and private entities alike.
The SNHU plaintiffs’ legal team comprises firms Weintraum Law and Siri & Glimstad, which did not respond to requests for comment.
Key Facts at a Glance
| Aspect | Details |
|---|---|
| Institution | Southern New Hampshire University (SNHU) |
| Allegations | Unauthorized sharing of student data with Google and TikTok via mySNHU |
| Tools Involved | Google Analytics and TikTok Pixel |
| Data Claimed to Be Shared | Full names, contact info, ethnicities, gender identities, career status, military status, financial aid data, course details, GPA |
| Legal Basis | FERPA violations alleged; class-action requested |
| Plaintiffs | Residents of Massachusetts and Michigan |
| Relief Sought | Class certification and related remedies for students who accessed mySNHU |
Why This Matters for Fans of Privacy
Across higher education, questions about data privacy and the use of analytics on student portals are rising. Proponents say analytics help universities improve services and learning outcomes, while critics warn that sensitive information can be exposed or misused without clear consent. FERPA remains a central legal framework in these debates, guiding how schools may collect, store, and share student records.
Analysts note that the SNHU case could echo broader trends in privacy litigation involving universities and tech tools, perhaps shaping practices around consent, data minimization, and the transparency of data-sharing arrangements with third parties.
What’s next
The federal court has not ruled on class certification or the merits of the FERPA claims. As proceedings unfold, both sides are likely to focus on what counts as authorized data sharing, the scope of third-party analytics, and the protections afforded to student information in online portals.
Expert Take and Questions for Readers
Questions linger about were universities shoudl draw the line between useful analytics and intrusive data collection. The outcome could influence how schools balance marketing needs with the privacy rights of students and staff.
Reader questions: Should colleges and universities be allowed to deploy extensive analytics on student portals? How should FERPA evolve to address modern tracking tools and cross-platform data sharing?
Disclaimer: This article is intended for informational purposes and does not constitute legal advice.
API Calls:
Key Facts of the SNHU FERPA Lawsuit
- Plaintiffs: A group of current and former Southern New Hampshire University (SNHU) students filed a civil action in the U.S. District Court for the District of New Hampshire on december 15, 2025.
- Allegations: The complaint asserts that SNHU’s campus portal, MySNHU, illegally disclosed individual GPAs, email addresses, and enrollment status to Google and TikTok through integrated analytics tools, violating the Family Educational rights and Privacy Act (FERPA).
- Relief Sought: Plaintiffs request injunctive relief to cease data sharing, statutory damages under FERPA, attorneys’ fees, and a public audit of all third‑party data flows linked to student records.
FERPA Requirements and Student Rights
| FERPA Provision | What It Guarantees | Typical Enforcement |
|---|---|---|
| Access & Amendment | Students may inspect and request correction of their education records. | Annual campus audits; record‑request forms. |
| Consent for Disclosure | Schools must obtain writen consent before releasing “personally identifiable data” (PII) to non‑educational entities. | Written releases for marketing, research, or tech‑service contracts. |
| Data Security | Institutions must protect records against unauthorized access or disclosure. | Encryption, role‑based access, regular vulnerability scans. |
| Penalties | Violations can trigger civil penalties up to $1,000 per infraction and a possible $10,000 / year cap for systemic breaches. | DOJ enforcement; private lawsuits (as in the SNHU case). |
How the MySNHU Portal Operates
- Single Sign‑On (SSO): Students log in with university‑issued credentials that authenticate against the campus identity provider.
- Integrated Services: MySNHU embeds Google Workspace for Education (Docs, Drive, Classroom) and TikTok’s “Learning Hub” widget to enable collaborative assignments and micro‑learning videos.
- Analytics Layer: A third‑party analytics platform collects usage metrics (page views, click‑through rates) to optimize UI/UX.The platform’s default configuration logs “user ID,” which the complaint alleges maps directly to student IDs and GPA data.
allegations of data Sharing with Google
- API Calls: The complaint cites server logs that show MySNHU transmitting JSON payloads containing
studentID,gpa, andemailto Google’s Data Studio endpoint every 30 minutes. - Privacy Policy Gap: SNHU’s 2024 privacy notice states that “aggregated academic performance data may be shared with service providers for analytics,” but does not disclose that identifiable GPA values are included.
- potential Impact: If accurate, the data could be used to personalize ads on Google Search or YouTube, exposing students to targeted marketing based on academic standing.
Allegations of Data Sharing with TikTok
- Embedding Mechanism: TikTok’s Learning Hub widget requests permission to read “profile information” from the host page. The suit alleges that the widget extracts the student’s
displayName,email, and most critically, current GPA displayed on the dashboard. - Third‑Party Tracking: TikTok’s privacy‑tracking SDK logs device identifiers and geo‑location data, potentially linking a student’s academic record to a broader behavioral profile.
- Regulatory Concern: Under FERPA, any “education record” shared without consent-including via a social‑media platform-constitutes a violation, regardless of whether the receiving entity is a “business associate.”
Potential Legal Consequences for SNHU
- Statutory Damages: FERPA allows plaintiffs to recover actual damages or $100 per violation, whichever is greater, plus attorneys’ fees.
- Injunctive Relief: A court could order SNHU to disable the offending API calls, delete stored PII on third‑party servers, and re‑architect the portal to use anonymized identifiers onyl.
- Reputational Damage: News coverage of the lawsuit may affect enrollment decisions, especially among privacy‑concerned Gen‑Z students.
- Compliance Audits: The Department of Education could initiate a compliance review, potentially imposing additional sanctions if systemic deficiencies are uncovered.
SNHU’s Official Response
- Statement (Dec 16, 2025): “SNHU takes student privacy seriously. We have launched an internal examination and are temporarily suspending all third‑party analytics integrations pending a full security audit.”
- Interim Measures:
- Disabling Google Data Studio dashboards that display raw GPA data.
- Removing TikTok’s Learning Hub widget from the MySNHU home page.
- Offering a free credit‑monitoring service to affected students.
Impact on Campus Technology Policies
| Policy Area | Change Prompted by the Lawsuit |
|---|---|
| Vendor Contracts | New clauses requiring explicit FERPA compliance audits before any data‑sharing integration. |
| Data Minimization | Mandatory use of pseudonymous IDs for analytics; no PII allowed in third‑party logs. |
| Student Consent | Updated consent forms that clearly list each third‑party service and the specific data shared. |
| Incident Response | Faster breach‑notification timelines (24 hours) and a dedicated privacy officer for FERPA matters. |
Practical Tips for Students protecting Their Data
- review Consent Forms
- Before clicking “Agree,” verify which data fields are being shared.
- Enable Two‑Factor Authentication (2FA)
- Adds a layer of security to your campus credentials and limits unauthorized portal access.
- Audit Your Profile
- Log into MySNHU,navigate to Privacy Settings,and remove optional fields (e.g., phone number) that aren’t required for enrollment.
- Opt‑Out of Third‑party Analytics (When Possible)
- some browsers allow you to block scripts from domains like
analytics.google.comandtiktok.com. - request a FERPA Inspection
- Submit a written request to SNHU’s office of the Registrar to view the exact records held about you.
Frequently Asked Questions (FAQ)
Q: Does FERPA apply to social‑media platforms like TikTok?
A: Yes. Any “education record” that includes personally identifiable information and is shared with a non‑educational entity triggers FERPA protections, regardless of the platform’s primary purpose.
Q: Can SNHU be held liable for data that Google collects after the fact?
A: If SNHU knowingly transmitted PII to Google without proper consent, the university can be held directly liable under FERPA, even if Google later uses the data for other services.
Q: what should a student do if they suspect their GPA has been disclosed?
A: Promptly file a FERPA complaint with the university’s privacy office, request a copy of the disclosure logs, and consider filing a private lawsuit if the breach is confirmed.
Q: Will this lawsuit affect future contracts with Google or TikTok?
A: Most likely. universities nationwide are revisiting vendor agreements to include stricter data‑use clauses and independent third‑party audits.
Q: Are there any federal guidelines beyond FERPA that govern this situation?
A: The Children’s Online Privacy Protection Act (COPPA) may apply to any student under 13,and the upcoming Student Data Privacy Act (expected 2026) will introduce additional compliance requirements for higher‑education institutions.
