Q.J., a high school student in Chicago, used Naviance to prepare for a college application. The platform, which school districts nationwide use for career and college guidance, was a standard tool that students open in between classes, sometimes late at night at home, and type in their future aspirations and worries. Q.J. allegedly was unaware that third-party analytics firms might have been intercepting that data without authorization. That accusation was made public in a 2023 lawsuit. A $17.25 million settlement this spring gave it credibility.
PowerSchool, its predecessor Hobsons, an analytics platform called Heap, and the Chicago Board of Education are all named as defendants in the case, which is officially known as Q.J. v. PowerSchool Holdings LLC. Sensitive student communications were allegedly intercepted and shared without permission, according to the lawsuit, which claimed violations of a number of federal and state privacy laws, including the Electronic Communications Privacy Act and Illinois’s own student records protections. In order to avoid what they described as the expenses and uncertainty of ongoing litigation, all defendants have denied any wrongdoing. It is worthwhile to consider whether that denial is consistent with the size of the settlement.
Over ten million people have been identified by PowerSchool as potentially qualifying for a portion of the fund. A claim may be submitted by any student who visited Naviance at least once between August 18, 2021, and January 23, 2026. Many eligible families are likely to miss the deadline, which is July 27, 2026, just because they haven’t heard about it yet. Settlement notices have been sent out, but in situations like this, there is nearly always a large discrepancy between those who qualify and those who actually file a claim. It is worthwhile to investigate.
In addition to the money, the settlement has some structural ramifications that may be more important in the long run. A web governance committee must be established by PowerSchool in order to examine how analytics and advertising technologies function within Naviance. Certain third-party software, such as tools from Google, Microsoft, Hotjar, and Heap, cannot be used on the platform for two years unless that committee finds it complies with applicable laws. Businesses such as Heap have been directed to completely erase the gathered data. Although they are more than just a token gesture, these provisions won’t completely restore damaged trust.
It’s difficult to ignore the fact that this case is coming at a specific time. Already opposing screen overload in classrooms, parents and educators questioned whether the post-pandemic spike in the use of educational technology was beneficial for students or just practical for administrators. That doubt is fueled by the PowerSchool settlement. According to K–12 cybersecurity specialist Doug Levin, it is a part of a larger, developing trend in which educational technology companies are now being held legally responsible for violating their privacy pledges. Until recently, this trend was more of an ideal than a reality.
A second PowerSchool case, a different class action related to an alleged December 2024 data breach that may have exposed fifty million teachers’ and students’ personal information, is also pending in the courts. The business claims to be working with privacy specialists and investing in improved security. It’s still unclear if the courts will find that adequate. It appears more and more obvious that student data, which was previously handled as a low-stakes administrative issue, is becoming the legal frontier that privacy advocates have long predicted it would become. It’s possible that Q.J.’s login will be remembered as the crucial turning point.
