• by Mark Barnett • IDRA Newsletter • June-July 2017 •

According to the Electronic Frontier Foundation (EFF), one-third of all K-12 students in the United States are issued devices like laptops or tablets to use in school (Frida, et al., 2017). Almost all of these devices require a user account from Google, Microsoft or Apple in order to use the device. Are schools, students and families aware of data that are being tracked with these accounts and what technology companies are doing with the data?

Before digging into data tracking, let’s review some laws that are in place that are meant to protect the rights and privacy of student data. The Family Educational Rights of Privacy Act is a federal law that forbids schools from disclosing student information without parent consent. It is enforced by the U.S. Department of Education, which can cut off federal funding to noncompliant schools. The law also protects information about students’ online activity when they are using school-issued devices when the information is tied to personally identifiable information.

The Children’s Online Privacy Protection Act (COPPA) is a federal law that requires companies to obtain verifiable parent consent before collecting personal information from children under 13 for commercial purposes. COPPA is enforced by the Federal Trade Commission.

To confuse matters even more, some states have their own laws that restrict how companies can use data for advertising, or they define personally identifiable information differently than other states which can create loopholes that allow companies to selectively collect student data.

Because the laws around student data privacy aren’t clearly defined, companies like Google, Microsoft and Apple are free to collect far more information on kids than is necessary and to store this information indefinitely. According the EFF’s report, Spying on Students: School-Issued Devices and Student Privacy, companies are collecting excessive data on “user names and date of birth and can include browsing history, search terms, location data, contact lists and behavioral information (Frida, et al., 2017). Technology providers are spying on students – and school districts, which often provide inadequate privacy policies or no privacy policy at all, are unwittingly helping them do it” (p.5).

Do companies really need this kind of data on students? EFF investigators found that the Google Chromebook by default “records every Internet site students visit, every search term they use, the results they click on, videos they look for and watch on YouTube, and their saved passwords” (p.2). Google doesn’t first obtain permission from students or their parents, and since some schools require students to use Chromebooks, many parents are unable to prevent Google’s data collection or are even aware that it is happening.

The Spying on Students report points to a serious problem that parents and families are the least informed about student data privacy and practices. A survey conducted by the EFF found that among respondents: “45 percent reported that their schools or districts did not provide parents with written disclosure about ed-tech and data collection, and 31 percent were not sure if such disclosure was provided. Further, 32 percent of all respondents reported that their schools or districts did not offer opt-out – that is, non-technological classroom alternatives for families who did not want students using certain technology – and 37 percent were not sure if opt-out was available” (p.10).

What Can You Do to Protect Your Student’s Data and Privacy?

The EFF has outlined some steps that students, educators, leaders, policymakers and companies can take to keep the privacy of student data a priority that is transparent and respects the privacy of students and their families.

  • Read software terms of service,
  • Ask schools about data privacy practices,
  • Provide digital literacy training to teachers,
  • Always inform and obtain parent consent,
  • Ask for software alternatives,
  • Use encryptions when possible, and
  • Demand transparency on data privacy.

Read the full EFF report and see more recommendations at www.eff.org/wp/school-issued-devices-and-student-privacy.

Other Resources to Learn about Student Data Privacy


Frida Alim, F., & N. Cardozo, G. Gebhart, K. Gullo, A. Kalia. (April 13, 2017). Spying on Students: School-Issued Devices and Student Privacy (San Francisco, Calif.: Electronic Frontier Foundation). https://www.eff.org/files/2017/04/13/student-privacy-report.pdf

Mark Barnett is IDRA’s Chief IT Strategist. Comments and questions may be directed to him via email at mark.barnett@idra.org.

[©2017, IDRA. This article originally appeared in the June-July 2017 IDRA Newsletter by the Intercultural Development Research Association. Permission to reproduce this article is granted provided the article is reprinted in its entirety and proper credit is given to IDRA and the author.]