This post contains excerpts from my newly released book, Digital and Media Literacy in the Age of the Internet: Practical Classroom Applications, which is now available on Amazon.

In the classroom, there is not much that individual educators can do about how companies and ISPs track their students since browsing the Internet often requires users to give up some of their privacy. Schools are not using Virtual Private Networks (VPNs) to mask IP addresses (more on that later) and in the age of Google Suite for Education (GSFE) and Chromebooks and a number of educational software and cloud-based tools, student information is part of that playing field.  

In 2014, Google was sued for scanning the emails of students using its education service. Google claimed that the scanning helped with virus protection and spell check. However, this scanning occurred without notification of the users and while GSFE is ad-free and Google claimed that none of the scanning was related to targeted advertising, the plaintiffs in the case were not convinced. After the lawsuit concluded, a group of educational technology companies banded together to create the Student Privacy Pledge, a public pledge to maintain the privacy of K–12 students who use their services. As of the writing of this book, over 340 companies have signed the pledge, which holds companies legally responsible for protecting the privacy of the students they serve. Google’s current policy states that they do not scan student emails for advertising purposes. 

2014 was a big year for student privacy. It was also the year that Class Dojo, an online classroom management tool that allows teachers to create student profiles used to track and manage student behavior, was under fire for how it collected information about student behaviors in class without much transparency for how that information was stored or shared. It has since updated its privacy policy and has, it appears, made every effort to jump through every privacy hoop to reach a high standard of transparency and care with how it treats student information. It has also signed the Student Privacy Pledge. 

Privacy concerns in the classroom aren’t limited to data scraping from apps and websites, though. In October 2017, the EdTech publication Edsurge reported on a company that built headsets that track student brain waves and report the activity to a teacher through a dashboard. The idea is that teachers can easily gauge engagement by seeing the brain activity of their students. It also markets the device as a way for students to train their brains to learn better. The company, BrainCo, is also working on building a database of brain waves to increase the potential of the devices they make.  

The privacy concerns around the kind of data being collected by the company from users, including those under 13, has earned the company a lot of negative press. Their privacy policy has a very long list of things that it collects from users, including things like “dominant hand” and the EEG (brain wave) raw data. While the company has a page dedicated to explaining its commitment to user privacy, BrainCo is not a signatory of the Student Privacy Pledge. Most of its pilot programs have occurred in China, where privacy protections are much different than in the United States. Still, as more devices like this are brought into the classroom, it becomes even more important to consider what kind of data is being sent to EdTech companies, especially as that data moves from simple email scanning into the storing of biometric data about children under the age of 13. 

Another consideration with all of this data being collected by edtech companies is what happens to that data if a company is sold. Does the company have a clear policy on how student data is handled in the case of a hand off? These transactions are easy ways for the acquiring company to turn a profit from the data they have inherited if the rules aren’t made clear in the first place.  

Classroom teachers should also be considering the privacy that students have when using tools that teachers implement in the classroom. There are some tools that allow teachers and/or administrators to view communications between students. Any schools that use Google Suite for Education can easily view all of the emails, chat messages, documents, and other information attached to a student account. In addition, some classroom tools such as Schoology (http://www.schoology.com) allows students to message each other. Technically, a System Administrator could reset a student’s password and login to see what messages a student may have been sending if there are any concerns about bullying or inappropriate content. School and district-based Acceptable Use Policies should make this lack of privacy clear and this should be communicated to students before they start using any service that allows for this.  

Schools have a big role in protecting student privacy in the classroom, and educators in the classroom are on the front lines. Tracking and online privacy concerns are a reality for adults as well as students, however, COPPA law makes this reality a legal concern, especially when educators work with students under 13. It is vital that schools, districts, and educators implement tools thoughtfully and carefully and research privacy policies before sharing student data with digital tools.