EFF Survey Reveals Gaps in Protecting the Privacy of K-12 Students Using School-Issued Devices and Cloud Apps

“They are collecting and storing data to be used against my child in the future, creating a profile before he can intellectually understand the consequences of his searches and digital behavior."

This was the response of one parent to an online survey EFF conducted to learn more about the use of mobile devices and cloud services in K-12 classrooms across the country—so called education technology or “ed tech.” Today, EFF released a report entitled “Spying on Students: School-Issued Devices and Student Privacy” that summarizes the results of this survey.

While there are educational advantages to incorporating technology into the classroom experience, the survey results reflect an overarching concern that children as young as kindergartners are being conditioned to accept a culture of surveillance. EFF maintains that children should not be taught that using the Internet or technology requires sacrificing personal privacy.

The survey, launched in December 2015, elicited responses from over 1000 students, parents, teachers, librarians, school administrators, system administrators, and community members.

We organized the survey results into eight themes:

  1. Lack of transparency: Schools and districts do not provide adequate notice and disclosures to parents about what technology their children use in the classroom, including devices and online applications that require transferring student information to private companies.
  2. Investigative burden: Parents and even students themselves put in significant effort, sometimes over many months, to get information from both schools/districts and ed tech companies, about technology use in the classroom and its implications for student privacy. 
  3. Data collection and use: Parents are concerned about the specific data about their children that ed tech companies collect, and what companies do with that data, particularly for non-educational, commercial purposes and without written notice to and consent from parents.
  4. Lack of standard privacy precautions: Survey participants reported 152 apps, software programs, and digital services being used in classrooms. Only 118 of these have published privacy policies online. And far fewer address important privacy issues such as data retention, encryption, and data de-identification and aggregation.
  5. Barriers to opt-out: Many schools and districts do not provide the ability for parents to opt their children out of using certain technologies. Or if administrators are open to providing an opt-out option, many parents and students have found it difficult to make alternative technologies and teaching methods a reality.
  6. Shortcomings of “Privacy by Policy”: Survey participants expressed doubt that the privacy policies of both schools/districts and ed tech companies actually protect student privacy in practice.
  7. Inadequate technology and privacy training for teachers: Survey participants emphatically reported that teachers, those who interface most directly with ed tech and students, lack adequate training to move from “privacy by policy” to “privacy by practice.”
  8. Digital literacy for students: Survey results revealed that there is a ripe opportunity and need to educate students about how to protect their privacy online, operate safely online, and generally be savvy users of technology, which are skills that they should carry into adulthood.

A goal of the “Spying on Students” survey was to highlight the struggles of average people trying to navigate the student privacy issue. So throughout the discussion of the survey results, we present the case studies of a parent, technology director, system administrator, and school librarian.

In addition to summarizing the survey results, the “Spying on Students” report includes an overview of relevant student privacy laws, including the federal laws FERPA and COPPA, and a sampling of state laws from California, Colorado, and Connecticut.  

The report also discusses the inadequacy of the leading ed tech industry self-regulatory effort, the Student Privacy Pledge.

Finally, the report includes privacy recommendations and best practices for school/district administrators, teachers, librarians, system administrators, parents, students, and—of course—ed tech companies.

Today’s report is part of our larger student privacy campaign, which aims to educate students, parents, and school officials about digital privacy—and to encourage ed tech companies to institute better privacy policies and practices that actually protect the privacy of minor students, while enabling them to benefit from technology in the classroom.

With the right awareness and will—particularly from an $8 billion dollar industry—technology can be both educationally beneficial and privacy protective.

Related Issues