Dive Brief:
- A new report points to "disturbing" evidence of safety risks from exposure of students' online data through ed tech, with 96% of apps used or recommended by K-12 schools sharing students' personal information with third parties.
- In a study conducted by Internet Safety Labs, a nonprofit that conducts product safety testing and research, researchers also found custom apps for school districts — or apps from large ed tech platform developers that can be personalized for districts — are among the least safe compared to more generic apps.
- Meanwhile, efforts by lawmakers to update the Children's Online Privacy Protection Act stalled during December's negotiations for the FY 2023 omnibus spending bill. Because a new congressional session began last week, lawmakers will need to reintroduce that legislation.
Dive Insight:
About three-fourths of the time, students' personal data is shared with advertisers or other entities that may profit from the information collected. Additionally, 79% of the apps reviewed could access student location information, and 52% could access calendar and contact information, the report said.
“We all know how much personal data is already flowing to companies that excel in monetizing it, but this research provides an accurate look at the reality of where student data is going," said Lisa LeVasseur, executive director of ISL, in a statement. LeVasseur added the research could lead to the creation of software product safety standards.
The ISL research examined a random sampling of ed tech use in 13 schools in each state and the District of Columbia for a total review of 663 schools with 455,882 students. Researchers also reviewed ed tech behaviors at one private school in each state. In total, they analyzed 1,722 apps.
The COVID-19 pandemic greatly increased school districts' use of ed tech. At the same time, momentum has grown at local, state and federal levels to protect students' online personal data.
At the local level, school administrators are verifying they are adhering to state and federal student privacy laws during the procurement stage. They are also vetting proposed apps to make sure they're really needed for learning and don't duplicate existing resources.
State education systems are helping districts comply with privacy requirements and safeguard their own data systems to protect students' private information.
In California, the recent passage of the California Age-Appropriate Design Code Act prohibits companies that provide online services, products or features likely to be accessed by children from using a child’s personal information or collecting, selling or retaining a child’s geolocation, among other protections.
However, in December, NetChoice, an organization that advocates for free enterprise and expression on the internet, sued the state, saying the law "expands government power over online speech under the guise of protecting children," according to a statement from NetChoice.
At the federal level, student data privacy advocates and some lawmakers have said they are hopeful the 118th Congress will make progress in updating the Children’s Online Privacy Protection Act. The law was enacted in 2000 and last updated in 2013.
Sen. Edward Markey, D-Massachusetts, an author of the original COPPA, said in a Dec. 20 statement, "The toxicity, tracking, and targeting that young people face on the internet has reached a crisis point"
Additionally, the Federal Trade Commission announced in May that it "intends to scrutinize compliance with the full breadth of the substantive prohibitions and requirements of the COPPA Rule and statutory language."
This monitoring includes a focus on ensuring ed tech companies do not disclose more student information than is necessary for a child to participate in that digital activity, according to the announcement.
