The SNHU Data Sharing Lawsuit has drawn attention from students, parents, and higher education observers nationwide. Filed in December 2025, the case alleges that Southern New Hampshire University (SNHU) permitted third-party tracking tools from Google and TikTok to collect and transmit sensitive student information from the university’s online student portal without explicit student consent.
This federal class action lawsuit raises important questions about student privacy rights, the use of digital tracking technologies on educational platforms, and the obligations of institutions under federal privacy laws. As one of the largest online universities in the United States, SNHU’s practices could affect hundreds of thousands of current and former students who rely on the mySNHU portal for academic records, course management, and financial aid information.
This article explains the key facts, legal claims, procedural status, and broader context of the SNHU Data Sharing Lawsuit in clear, accessible terms. It draws on publicly available court filings, news reporting, and established legal principles to provide an objective overview for readers seeking clarity on how this matter may affect them or the higher education sector.
Background: Southern New Hampshire University and the mySNHU Portal
Southern New Hampshire University is a private, nonprofit institution headquartered in Manchester, New Hampshire. It enrolls more than 200,000 students, the vast majority through its robust online programs, with a smaller on-campus population of approximately 3,000. SNHU has positioned itself as a leader in accessible, technology-driven higher education.
The mySNHU portal serves as the central hub for enrolled students. Users log in to view grades, enroll in courses, check financial aid status, communicate with faculty, and manage academic progress. Because the platform contains highly personal academic and demographic data, students reasonably expect that their information will remain protected in accordance with applicable privacy laws.
What the Lawsuit Alleges: The Core Facts
On December 17, 2025, two SNHU students, Tina Zeolla of Massachusetts and Kirsten Kellogg of Michigan (a former student), filed a putative class action complaint in the United States District Court for the District of New Hampshire. The case is captioned Zeolla et al. v. Southern New Hampshire University, Case No. 1:25-cv-00541-TSM.
The plaintiffs allege that SNHU intentionally installed and configured several third-party tracking tools on the mySNHU portal and related websites. These tools include Google Analytics, Google AdSense, Google Tag Manager, and the TikTok Pixel. According to the complaint, these technologies function as “surreptitious online tracking tools” that transmit detailed student data to Google and TikTok without student authorization.
The complaint identifies the following categories of information allegedly transmitted:
- Full names, email addresses, phone numbers, and physical addresses
- Ethnicities and gender identities
- Career status, military service status, and first-generation college student status
- Financial aid application information and status
- Descriptions of every course in which the student is enrolled
- Cumulative grade point averages (GPAs)
- SNHU student ID numbers
- Browser and device fingerprinting data (such as operating system, browser version, screen resolution, IP address, and language settings)
Plaintiffs assert that this data was shared in exchange for free marketing and analytics services that help SNHU target potential new students. The complaint states that SNHU never obtained written consent or any other form of authorization from students before allowing these disclosures.
Screenshots attached as exhibits to the complaint purportedly show network traffic from mySNHU sessions sending this information to Google and TikTok domains when students performed routine tasks such as checking course loads or financial aid status.
SNHU has not admitted any wrongdoing. In a statement provided to news outlets shortly after the filing, university spokesperson Siobhan Lopez said the institution was aware of the lawsuit and was reviewing the allegations. She added: “SNHU takes data privacy seriously and remains committed to protecting the privacy of our students, faculty, and staff in accordance with applicable law.”
Legal Claims in the SNHU Data Sharing Lawsuit
The complaint asserts multiple legal theories. The primary federal claim centers on the Family Educational Rights and Privacy Act (FERPA), codified at 20 U.S.C. § 1232g. FERPA protects the privacy of student “education records,” which generally include grades, course schedules, and other personally identifiable information directly related to a student and maintained by an educational institution.
Under FERPA, institutions that receive federal funding (as virtually all accredited colleges do) must obtain written consent before disclosing education records to third parties, with limited exceptions. The plaintiffs argue that GPAs, course enrollments, financial aid details, and associated personally identifiable information qualify as protected education records, and that SNHU’s alleged sharing with Google and TikTok violated these requirements.
It is important to note a key legal nuance: the U.S. Supreme Court held in Gonzaga University v. Doe, 536 U.S. 273 (2002), that FERPA does not create a private right of action allowing individual students to sue educational institutions directly for violations. Courts often dismiss standalone FERPA claims on this basis. In the SNHU Data Sharing Lawsuit, plaintiffs therefore pair the FERPA allegations with other claims that do permit private lawsuits, using FERPA standards to demonstrate the expected level of privacy protection.
Additional claims include:
- Common-law invasion of privacy (intrusion upon seclusion and public disclosure of private facts)
- Negligence (failure to exercise reasonable care in safeguarding student data)
- Breach of implied contract (students allege an implicit agreement that SNHU would protect their information in exchange for enrollment and portal use)
- Unjust enrichment (SNHU allegedly benefited from free marketing tools obtained through data sharing)
- Electronic Communications Privacy Act (ECPA), 18 U.S.C. § 2511(1) (alleging unauthorized interception of electronic communications)
- New Hampshire Wiretap Act, N.H. Rev. Stat. § 570-A (state law prohibiting willful interception and disclosure of communications)
These claims seek both monetary damages (actual, consequential, statutory, and potentially punitive) and injunctive relief, including orders requiring SNHU to strengthen data protections, conduct audits, and cease the alleged tracking practices.
How Tracking Pixels and Cookies Work in This Context
To understand the technical allegations, it helps to explain the tools in plain terms. A “tracking pixel” is a tiny, invisible image (often 1×1 pixel) or piece of code embedded in a webpage. When the page loads, the pixel sends data back to the third-party server (Google or TikTok). Third-party cookies are small files stored in a user’s browser that allow websites to recognize returning visitors and share activity data across domains.
In the SNHU Data Sharing Lawsuit, plaintiffs allege these tools were configured to capture not only basic analytics (such as page views) but also sensitive data entered or displayed within the authenticated mySNHU session. The complaint further describes “browser fingerprinting,” where combinations of device and browser characteristics create a unique identifier that can link anonymous activity to specific individuals.
Such practices are common across the internet for advertising and analytics. However, when applied to platforms containing education records protected by FERPA, they raise distinct legal questions about consent, authorization, and institutional responsibility.
Class Action Status and Who May Be Affected
The plaintiffs have asked the court to certify a nationwide class consisting of all present and former SNHU students who used the mySNHU portal and whose sensitive information was allegedly disclosed to Google or TikTok. They also propose subclasses for students residing in Massachusetts and Michigan.
If certified under Federal Rule of Civil Procedure 23, the class could include tens or hundreds of thousands of individuals. Class actions allow courts to resolve common issues efficiently rather than litigating thousands of separate lawsuits. Certification requires the court to find that the claims share common questions of law and fact, that the named plaintiffs are adequate representatives, and that a class action is a superior method of adjudication.
As of May 2026, the case remains in its early procedural stages. A consolidated complaint was filed in March 2026, and the parties have submitted joint motions regarding briefing schedules for SNHU’s anticipated motion to dismiss. No ruling on class certification or dismissal has been issued.
Broader Context: Student Privacy and Digital Tracking in Higher Education
The SNHU Data Sharing Lawsuit fits within a growing wave of litigation and regulatory scrutiny concerning “pixel tracking” on educational websites. Similar concerns have arisen with tools deployed on federal student aid applications and other university platforms. These cases highlight the tension between an institution’s desire to use data-driven marketing tools and the heightened privacy expectations that apply to student records.
FERPA was enacted in 1974 to give parents and eligible students control over education records. It requires institutions to notify students annually of their privacy rights and to maintain written policies governing disclosures. While FERPA itself is enforced primarily by the U.S. Department of Education through administrative proceedings (including potential loss of federal funding), private litigation often proceeds under complementary state or federal laws.
Courts evaluating these claims typically examine whether the institution had a legitimate educational purpose for the disclosure, whether consent was properly obtained, and whether the third parties qualify for any FERPA exception (such as “school officials” with legitimate educational interests). Marketing and advertising purposes generally do not qualify.
What Happens Next in the SNHU Data Sharing Lawsuit
The immediate next step is resolution of SNHU’s motion to dismiss. The university will likely argue that certain claims fail as a matter of law (for example, challenging the viability of a direct FERPA private right of action) and that the factual allegations lack sufficient specificity. If the court denies the motion in whole or in part, the case will proceed to discovery, where parties exchange documents, take depositions, and develop evidence regarding the technical configuration of the tracking tools and the extent of any data transmission.
Should the case survive dismissal and achieve class certification, it could move toward summary judgment or settlement negotiations. Many class actions in the privacy and data-tracking space resolve through negotiated settlements that provide injunctive relief (changes to business practices) and a common fund for class members, subject to court approval.
No prediction can be made about the ultimate outcome. Courts decide each case on its specific facts, evidence, and applicable law.
Practical Considerations for Current and Former SNHU Students
Students who used the mySNHU portal during the relevant period may wish to monitor developments in the SNHU Data Sharing Lawsuit. Public court dockets are accessible through the federal court’s PACER system or through summaries in legal news outlets. Participation in any eventual class, if certified and approved, is typically automatic unless a member opts out.
Individuals concerned about their data may review SNHU’s privacy policy and consider steps such as adjusting browser settings to limit third-party cookies or contacting the university’s privacy office with specific inquiries. However, routine data deletion requests or opt-outs do not substitute for legal remedies available through the courts.
This article is for informational purposes only and does not constitute legal advice. Readers with specific concerns about their personal information or potential claims should consult a qualified attorney licensed in their jurisdiction.
Why the SNHU Data Sharing Lawsuit Matters Beyond the Courtroom
The case underscores ongoing challenges in balancing technological convenience with privacy protections in higher education. As universities increasingly rely on digital platforms and third-party analytics, the boundaries of permissible data sharing remain under active legal and regulatory examination.
For students, the SNHU Data Sharing Lawsuit highlights the importance of understanding how educational institutions handle sensitive academic and personal information. For institutions, it serves as a reminder of the need for careful review of vendor contracts, consent mechanisms, and technical configurations involving education records.
The outcome could influence how other colleges and universities configure their student portals and marketing technologies. Regardless of the final resolution, the litigation has already contributed to public awareness of digital privacy rights in the educational context.
