When it comes to selecting edtech that protects student privacy, few districts are earning high marks.
Recent research conducted by Internet Safety Labs, a nonprofit that advocates for software safety, concluded that 78% of required or recommended school apps were “very high risk” in terms of privacy, and 79% of the apps collected student location data. The research looked at 663 U.S. schools and analyzed 1,357 commonly required or recommended school apps.
The findings were particularly troubling for schools in socioeconomically challenged areas. Even though these schools generally used less technology overall, the ones observed had the highest rate of “unsafe apps with digital ads," and "apps with behavioral ads."
“We originally surmised that the lower the number of apps, the safer it would be, except they kind of blew that out of the water because they had some of the lowest numbers of technologies but unfortunately those technologies were more likely to have ads,” says Lisa LeVasseur, executive director and research director for Internet Safety Labs.
Despite this bleak overall picture, there is good news. Recommended strategies for better protecting student privacy are available, and some are free, LeVasseur says.
Free and Immediate Steps Schools Can Take To Better Protect Student Privacy
LeVasseur knows that school budgets can vary widely. “We understand that a lot of these school districts are very small -- we looked at one where the superintendent was the webmaster,” LeVasseur says.
That’s why Internet Safety Labs has recommendations that don’t require funding. These include limiting the overall amount of tech tools used in a district -- even though this recent study didn’t necessarily see a connection between less recommended apps and better student privacy protection, LeVasseur says.
“We still say practice minimization," she says. "We found on average schools were recommending 20 apps or technologies.” LaVasseur adds this is inherently a lot for students and their parents to manage, and using fewer apps makes monitoring to meet privacy standards easier.
In addition, LaVasseur and Internet Safety Labs recommend districts do the following:
- Verify technology COPPA Safe Harbor Certified. This can be done through the FTC’s Safe Harbor site as well as others, including iKeepSafe.org, my.privo.com, and KidSafesealcom.
- Examine website risks using the EFF’s Privacy Badger, or The Markup’s Blacklight tools
- Examine apps using Internet Safety Labs’ App Microscope Tool
What Schools With More Time and Funds Can Do
LeVasseur says every school should plan to develop a technology vetting process and recognize that they need a process for “off the shelf” tools in addition to any existing processes they might have in place for licensed technology.
“We saw some schools with procedures where if you wanted to recommend something as a teacher, you had to submit it to a process and it had to be approved before a teacher could do that. That’s very good practice,” LeVasseur says.
Beyond having a school vetting process in place, schools with funding available should create a dedicated software management position specifically to look at these technologies.
"The gold standard, we would say, is to have a dedicated resource who is endowed with the power to produce the process and manage the vetting process,” LeVasseur says. “It's a unique skill set. It's not hardware procurement. This is more software vendor management, creating criteria for safety for privacy and security, and other considerations.”
LeVasseur believes these positions will start to be added in districts going forward. “I think we're going to see this more and more, especially with the increase in school hacking going on. These things go a little bit hand-in-glove because that person could be educated to watch over and mandate both privacy and security requirements.”