By Willie Boag
On September 1, 2020, The International Digital Accountability Council (IDAC) and Digital Promise co-hosted a webinar, “Privacy Considerations as Schools Lean in to Education Technology,” to discuss IDAC’s ed tech investigation results and how those results relate to privacy risks, policy considerations, and student protection. Moderated by Digital Promise President & CEO Director, Karen Cator, we heard from IDAC President Quentin Palfrey, Future of Privacy Forum Privacy Counsel Anisha Reddy, and Fairfax County Public Schools Technical Architect Jim Siegel.
IDAC released a report surveying the privacy and security practices of nearly 500 education technology (ed tech) apps spanning 22 countries. The investigation revealed that ed tech apps generally take care to incorporate privacy principles. However, IDAC’s investigation also revealed areas where some apps could be doing better, including with respect to practices related to data sharing, security exposure of personal data, and the use of potentially invasive third-party tools.
Amid the global COVID-19 pandemic, US schools are shifting to online learning, impacting millions of students. Quentin Palfrey recounted his own experience as a father of three young children: his kids’ teachers converted to online classrooms and provided a list of relevant apps the children could use to practice skills during allotted periods. However, the app vetting process is challenging because parents do not come armed with the tools or expertise to evaluate whether a given ed tech app is safe. The purpose of IDAC’s report is to contribute to that conversation by looking at the privacy landscape of apps which educators may use.
As Anisha Reddy commented, most school districts do have some kind of app vetting process in place, often out of necessity to be compliant with federal laws like FERPA and COPPA, as well as over 100 state-level laws related to privacy and digitization. However, school districts are under-resourced and would benefit from the assistance of reports like IDAC’s. As Jim Siegel described, school district procurement efforts scrutinize the privacy policy of apps based vendor promises, but investigations like IDAC’s allow for more information because IDAC has the tools to observe actual behavior. As the report found, some apps fail to disclose data sharing practices in their Terms of Service and privacy policies.
To promote trust in the ed tech app ecosystem and to help distance learning succeed, IDAC is taking a system-wide view of the app ecosystem, which includes developers, platforms, regulators, school districts, and parents, and making actionable recommendations. IDAC would like to thank the participants and Digital Promise for hosting this webinar.
IDAC’s investigation was recently featured in The Wall Street Journal and CNET. IDAC’s full report on the ed tech mobile app investigation can be found here.