Student Privacy Is at More Risk Than Ever Before

Since Edtech became the norm in the education system, schools have been saddled with the responsibility of safeguarding vast amounts of incredibly sensitive data. School IT networks have had to expand unthinkably fast to accommodate new tools and cloud solutions for distance education.

As a result, we’re lumbering straight into a privacy nightmare that will have far-reaching implications for the youngest members of our society.

It's time to check the momentum of the education system's forced, head-long plunge into distance education before we do lasting damage.

Edtech tools have unlimited access to student data

The Edtech products commonly used or recommended by schools carry grave privacy risks. Commercial tools like Zoom, Khan Academy, Scholastic, College Board, and Clever store the results of their tracking software, keystroke and session recorders, camera and voice recording, and screen snapshots. Some tools have even been integrated into school networks and may have peripheral access to students (and, by extension, parents’) personally identifiable information (PPI).

Privacy policies are a mere sop to provide a false sense of security

Edtech companies are commercial concerns. They may state that they “take privacy seriously,” but they deliberately veil how they use the data they collect. The terms and conditions of most apps automatically regard the act of the initial sharing as permission to share data with others in a ubiquitous global commercial data network.

But few people are aware of the fact that their business partner chains include such paragons of privacy as Meta, Instagram, Google, and Amazon. Most people also don’t realize that it's a trivial matter to match individual users to their 'anonymous' records. And, as recent court cases show, there's a lot of it going on behind closed doors.

Students' health records, attendance, grades, disciplinary actions, and more are being scooped up by Edtech companies, and they may be sharing students’ data down along their partnerships chain without explicit consent.

Inconsistent use of privacy tools

Cybersecurity tools can help prevent ransomware attacks and halt the spiraling data breach statistics. In the USA, VPN use for data protection has increased since the advent of distance and hybrid work models. But despite the clear benefits of USA VPN and other privacy tools, schools don’t enforce their use. Indeed, some schools regard the use of VPNs as a double-edged sword because students can use them to bypass school network limits.

Misuse of information

A 2022 Center for Democracy and Technology report found that monitoring software meant to keep students on-task could be used for disciplinary purposes rather than for counseling purposes. In one instance, St. Paul Public Schools in Ramsey County, Minnesota, even entered into a data-sharing agreement with the juvenile justice system to help identify potentially at-risk young people.

Since most of the affected students are Hispanic, Black, LGBTQ, or have disabilities, such practices may harm marginalized students.

Should the juvenile justice system have unrestricted access to every child’s grades, diet, social media profiles, and medical conditions? It’s almost a given that sensitive data could end up being viewed by people who should never have had access to it.

Overzealous monitoring and lack of disclosure

School and campus security is a serious matter. Students often don't mind camera surveillance as it contributes to campus safety. But some schools allow covert cameras to be installed, which can be a hugely contentious issue.

For example, one school installed hidden cameras to investigate criminal activities and fired a Residence Hall community leader after he objected - not about the use of cameras per se - but to the fact that the cameras were concealed and that authorities hid their surveillance activities.

US school’s social media popularity contests

Social media activity by schools and districts is a direct threat to student privacy because people vastly underestimate how trivially easy it is to de-anonymize internet data. Data brokers, government agencies, predictive analysis companies, and people with nefarious intent can easily use facial recognition technology to stitch together tiny bits of public information to identify vulnerable students.

According to a new study, US schools and districts have shared an estimated 4.9 million posts that include identifiable images of students on public Facebook pages between 2005 to 2020. Of the 18 million posts studied, approximately 13.9 million included images of individuals, and the researchers estimated that 4.9 million of the posts had identifiable images of students.

Lack of Federal laws or guidelines

State laws that specify privacy standards for schools – and the Edtech companies they use - can offer achievable goals to help lamentably under-resourced schools steer their way through this rapidly deteriorating privacy mess. But most states lack clear guidelines, and even if there are laws, they are rarely enforced.

So whose job is it to protect students?

In an ideal world, social media platforms, EdTech, government, and Big Tech would each carry some of the responsibility to keep underage users safe. But until we have viable and enforceable laws that govern the sale and use of people’s private data, we have to do the best we can to equip students, parents, teachers, and schools to stop compromising on student data privacy.

Schools have a duty to guide and guard the youth. We dare not fail them.