Startling 96% of School Tech Exposes Student Data, Research Finds

Help fund stories like this. Donate now!

Each school day, students nationwide are required to log into thousands of digital platforms to complete homework, chat with their teachers and check their grades. Then, without their knowledge, an overwhelming majority of those tools turn around and share their data with third parties — often for profit.

A resounding 96% of apps used regularly in schools have data-sharing practices that “are not adequately safe for children,” according to a new report by the nonprofit Internet Safety Labs, which conducts software safety tests. In an analysis of apps commonly required or recommended by schools, the group found that many shared students’ personal data to marketing firms that build extensive profiles of children to sell products through targeted advertising.

“At a minimum, it fuels marketers’ and data brokers’ personal data profiles ultimately used to bombard young minds with highly targeted and persuasive advertising or opinions,” according to the report. “At worst, in the wrong hands it can lead to emotional trauma, aberrant seduction or even physical danger with location information.”

Once their data reaches the “Wild West” digital advertising ecosystem, students lose control of how that information is used and retained, said Irene Knapp, the group’s technology director and a former Google software engineer. Knapp said the widespread exchange of data between the apps and advertisers, including sensitive information such as mental health records, could come back to harm students later on. Such data could make it more difficult for students to get health insurance when they’re older, Knapp said, and could be used to serve them products based on their conditions. For example, the data could be used to “discover kids who have a propensity to gambling addiction and sell them Candy Crush,” a reference to the mobile game known for its obsessive users.

“It gets difficult holding this advertising ecosystem to account because the harms and the original cause are far apart,” Knapp said. “But that’s why we have to identify where these leaks happen and start to close them.”

To reach its conclusions, researchers tested more than 1,300 digital tools that were required or recommended by a random sampling of 13 schools in each state, totaling 663 campuses serving nearly half a million students. Almost a quarter of the services included advertisements and 13% had targeted ads, researchers found. Schools routinely recommended tools that weren’t specifically designed with schools in mind, including Spotify and YouTube. Yet even among the digital tools specifically geared toward students, 18% contained ads and 9% used targeted ads — a finding the group argues is “still too high to be safe for students.”

Meanwhile, the tools routinely shared information with Big Tech data aggregators: 68% of apps shared data with Google, 36% with Apple and 33% with Facebook. More than three-quarters of the apps accessed users’ location information, researchers found, and more than half tapped into students’ calendars and contacts. The analysis found that school utility apps, which allow schools to share with students and parents information like lunch schedules and other announcements, were the most likely to pass student data to the Big Tech giants. Districts often contract with Blackboard and Apptegy for the apps. Neither company responded to requests for comment.

“Those community engagement platform apps, they came out to be pretty dangerous it turned out,” said Lisa LeVasseur, the group’s executive director. “Were we surprised? I’d say no. It’s disappointing.”

Schools in the study sample recommended an average of 125 different apps, highlighting the ubiquity of technology in modern education, especially as the pandemic forced school closures and remote learning. Yet even as school districts’ reliance on tech companies grows, they generally lack the staffing to ensure that recommended technologies sufficiently safeguard student privacy, according to a recent report by the Center for Democracy and Technology, a nonprofit think tank.

The Internet Safety Labs report comes at a moment of heightened scrutiny around how technology companies use the data they collect about children. Earlier this year, the Federal Trade Commission announced that it would toughen its enforcement of education technology companies that sell student data for targeted advertising and that “illegally surveil children when they go online to learn.”

Just this week, the commission reached a record-breaking $520 million settlement with Epic Games, creator of the hugely popular video game Fortnite, and accused it of illegally collecting information about young children in violation of federal privacy rules and tricking players into making unintentional purchases.

Ultimately, Internet Safety Labs found that schools need more resources to thoroughly vet the technologies they use — especially as districts face greater cybersecurity threats. With limited accountability to ensure that software providers behave ethically, it’s up to schools to keep kids safe.

“With technology right now, there’s no norms for product safety, none whatsoever,” LeVasseur said. “It’s as if you bought your car and you had to install seat belts, airbags, windshield wipers, lights, like all of the safety features. That’s what we have with technology right now. It’s all, ‘Do it yourself, try to be safe. Godspeed you’re on your own.’ ”

Help fund stories like this. Donate now!