Oregon's Beaverton School District is considering a $4 million investment in i-Ready, a digital learning platform. Its developer faces a federal class-action lawsuit over student privacy. This situation reveals a gap between the mandatory digital tools schools require and the data protections parents expect.
What Happened
In December 2025, plaintiffs filed M.C. v. Curriculum Associates in a Massachusetts federal court. The lawsuit alleges that Curriculum Associates, the company behind i-Ready, violates the Federal Wiretap Act and state privacy laws by harvesting K-12 student data.
The complaint alleges the company extracts personal information to build detailed data profiles that predict student behavior. The lawsuit claims this information is shared with third parties for commercial gain. Plaintiffs also allege violations of the California Invasion of Privacy Act and the Massachusetts Consumer Protection Act.
Curriculum Associates denies the allegations. The company states it does not sell student data or build commercial profiles, calling the lawsuit meritless.
In Oregon, parents are questioning why the district would invest millions in a platform facing litigation, especially while the district manages multi-grade classrooms due to budget cuts. The Oregon Department of Education lists Curriculum Associates as an approved vendor, with 45 districts using i-Ready for language arts and 65 using it for math.
The Bigger Picture
This lawsuit exposes risks in school procurement.
First, there is little independent evidence supporting these platforms. While i-Ready reaches 13 million students nationwide, researchers note an absence of peer-reviewed articles or randomized controlled trials proving the software improves learning outcomes. Most efficacy claims come from internal vendor studies.
Second, schools carry financial liability when vendors mishandle data. Chicago Public Schools and the vendor PowerSchool recently agreed to a $17.25 million settlement to resolve claims of tracking student communications. When school boards approve contracts without assessing total contractual liability, they risk taxpayer funds.
Finally, compliance remains the district's burden. Under federal law, schools can outsource technology, but they cannot outsource responsibility for FERPA compliance. As we previously reported, state audits often reveal data privacy gaps when districts fail to enforce technical controls. The protections a child receives often depend on whether the school bought an enterprise agreement or a standard consumer license. Standard licenses may allow companies to use student interactions for training AI models.
What This Means for Families
The core issue is consent. Because platforms like i-Ready are embedded in the curriculum, students must use them. Parents generally lack the ability to opt out of data collection.
If a district fails to negotiate strict data deletion policies, student interactions, test scores, and behavioral patterns can remain on vendor servers or feed back into product development cycles long after a student graduates.
What You Can Do
- Check your district's contract: Ask the school board if they hold an enterprise agreement with strict data deletion policies or a standard license that allows broader data use.
- Request a privacy audit: Demand that your school's technology leadership verify technical controls and incident-response obligations rather than relying on vendor marketing claims.
- Demand independent efficacy data: Before your district spends millions on new software, ask administrators for independent, peer-reviewed evidence proving the tool improves academic outcomes.