Student information privacy is a hot-button topic, and a new Common Sense Education survey shows a widespread lack of transparency and inconsistent privacy and security practices among ed-tech applications and services.
Over a three-year period, researchers evaluated 100 popular ed-tech products and services and found that just 10 percent of those applications or services met minimum criteria for transparency and quality.
While the findings don’t necessarily indicate that vendors are doing anything unethical, they could mean that the application or service is violating federal or state laws, depending on how it is used.
The overall lack of transparency is troubling, according to the authors, because in their analysis, transparency is “a reliable indicator of quality.” In fact, the applications and services in the evaluation that tended to be more transparent also tended to engage in qualitatively better privacy and security practices.
Researchers created three privacy evaluation tiers to describe each application or service:
1. Use Responsibly, which indicates that the application or service meets our minimum criteria but more research should be completed prior to use
2. Use with Caution, which indicates that the application or service does not clearly define the safeguards to protect child or student information
In addition to the just 10 percent of applications or services that are recommended with responsible use, 80 percent are recommended for use with caution, and 10 percent are not recommended for use at all.
The research yields 10 key findings:
1. A majority of applications and services use default encryption of information for login and account creation.
2. A majority of applications and services (89 percent) disclose an effective date or version number of their policies.
3. A majority of applications and services disclose that they do not rent, lease, trade, or sell data, but many are non-transparent.
4. A majority of applications and services are non-transparent or explicitly allow third-party marketing.
5. A majority of applications and services are non-transparent or explicitly allow traditional advertising.
10 things district leaders should know about student information privacy #edtech
6. A roughly equivalent percentage of applications and services have either non-transparent, better, or worse practices about behavioral advertising.
7. A majority of applications and services are non-transparent or explicitly allow third-party tracking.
8. A majority of applications and services are non-transparent or explicitly track users across other websites.
9. A majority of applications and services are non-transparent about creating ad profiles.
10. A majority of applications and services are non-transparent or explicitly allow the onward transfer of data.