In the rush to procure education technology (EdTech) products for online learning in the pandemic, governments did not check that they were safe for children to use, a Human Rights Watch report has found. As a result, children were exposed to unsafe privacy practices of EdTech products they were told, or required to use. 146 authorised products were found to have monitored children and harvested their personal data.
The report examined 164 education technology (EdTech) products endorsed by 49 countries around the world. With the exception of Morocco, all governments were found to have endorsed at least one product that risked or undermined children’s rights. Of the 164 products reviewed, 146 (89%) “appeared to engage in data practices that put children’s rights at risk”. These products monitored, or had the capacity to monitor children in most cases secretly and without the consent of children or their parents.
Children paid for ‘free’ learning via EdTech with their privacy and data
Most EdTech products were offered to governments in the pandemic at no direct financial cost. But, by endorsing and enabling the wide adoption of EdTech products, children ultimately paid for their education with access to their personal information. The Human Right’s Watch report found that EdTech products breached children’s privacy in two main ways;
- Most online learning software installed tracking technologies that trailed children outside of their virtual classrooms and across the internet.
- Most online learning software sent, or granted access to, children’s data to advertising technology (AdTech) companies. Some EdTech products then targeted children with behavioural advertising.
Most of the parties involved in online learning – children, their teachers, and parents – were ignorant about these data practices. Human Rights Watch found that the data surveillance took place in virtual classrooms and educational settings where children could not reasonably object.
Most EdTech companies did not allow children or parents to opt-out of being tracked. Most of the monitoring happened secretly, without the child’s knowledge or consent. Some EdTech products were found to have invisibly tagged children in ways that were impossible to avoid without destroying the device.
Children are being monitored at scale
The pandemic necessitated a rapid escalation of online learning. But, children’s reliance on the digital world for education will continue long after the end of the pandemic. In the current environment that means surveillance of their online activities will also continue.
A previous piece of research by the Center for Democracy and Technology (CDT) found that, “86% of teachers reported that, during the pandemic, US schools provided tablets or laptops to students at twice the rate (43%) prior to the pandemic.” But, devices provided were also then used to monitor children in the name of ‘protecting’ them.
Thousands of US school districts installed surveillance software on school-provided devices to monitor children’s online interactions. Software, such as Gaggle, Lightspeed and Bark can be configured to search for language indicating suicidal ideation, drug use, eating disorders etc. So that, if one child emails or messages another at the same school saying they’ve been thinking of hurting themselves, an AI bot can send an alert to their teacher allowing them to check in.
Students are mostly aware they are being monitored, according to surveys, but are not aware of the extent. Including that teachers can access their device remotely, closing tabs and overriding keyboards – even after school hours.
More countries need child-specific data protection laws
As in many areas of the digital world, legislation globally lags technology and its use. Human Rights Watch urge that governments around the world should pass and enforce child-specific data protection laws that provide safeguards around the collection, processing, and use of children’s data, in ways that risk or infringe on their rights.
The Federal Trade Commission in the US have voted to approve a policy reminding EdTech providers to follow the federal limits on the collection and use of kids’ data. In the EU a company/organisation can only process a child’s personal data with the explicit consent of their parent or guardian up to ages between 13 and 16 (depending on each EU Member State).
If your child is not covered by either of those pieces of legislation, you would do well to investigate what your own government’s position is on collection of your child’s data by EdTech products.
For more about how the digital world is impacting our behaviour – and how to be an informed digital citizen – pick up a copy of my new book.