Proton
Suscríbase mediante RSS
A book and a smart phone with an education app filled with trackers that reports data to data brokers.

Our kids are under surveillance: The hidden privacy crisis in Ed Tech

Richie Koch

Compartir esta página

In 2020, there was a rush to connect students to remote classrooms during the pandemic. In the years since, we’ve discovered most education apps and websites (referred to as Ed Tech) and platforms are spying on our children. 

In 2022, Researchers at the Internet Safety Labs found that up to 96% of apps used in US schools(nueva ventana) share student information with third parties, and 78% of them shared this data with advertisers and data brokers. Human Rights Watch’s (HRW) 2022 global analysis of 164 Ed Tech products(nueva ventana) across 49 countries revealed that 89% of them risk children’s privacy by embedding trackers that report back to the advertising industry. Another study by the Internet Safety Labs, this one published in 2024, found that the average Ed Tech app with trackers forwarded data to 6.7 different data broker companies(nueva ventana) every time a student logged on. This means every students’ click, keystroke, and physical location can be traced by companies with commercial motives — often without parents or teachers even knowing.

The findings from all these studies are remarkably consistent. Most Ed Tech services collect far more student data than parents and schools realize.

What data do Ed Tech apps collect?

The scope of information Ed Tech services access and collect is broad. In particularly egregious cases, some Ed Tech services were caught secretly collecting students’ information. This behavior is unacceptable for any app, especially one that schools require children to use.  

Examples of the sensitive data these apps collect include:

Location data: Many apps can track students’ precise GPS location or IP-based whereabouts. As HRW(nueva ventana) warns, such data can reveal where a child lives and where they go to school, trips between divorced parents’ homes, and visits to a doctor’s office specializing in childhood cancer.

Biometric and media access: Many virtual classroom tools need access to cameras, microphones, and even keyboards so children can talk to their teachers or share answers. But there’s no need for an app to share this information with third parties. Adobe Connect, for instance, was found logging keystrokes and phone numbers; accessing students’ cameras and microphones; and sharing this information with Google(nueva ventana).

Personal and social data: Many education apps ask for or harvest contact lists, email addresses, and demographic information. HRW found three particularly egregious apps(nueva ventana) (Kelas Pintar, Shad, and Extramarks) that collected this information without disclosing it in their privacy policies. This ability to map social networks is extremely valuable, and something all data brokers try to do.

Behavior and usage data: Every click, quiz answer, or timestamp is often logged. Ed Tech systems capture what pages students visit, how long they spend on tasks, and which problems they struggle with. Alone this sounds benign, but when combined with third-party trackers, it can be correlated with behavior outside school.

Sensitive records: Some learning apps inevitably touch on private subjects. For example, online counseling tools, mental health quizzes, or special education resources could reveal health conditions or disabilities. An Internet Safety Labs report found that mental health records(nueva ventana) and similarly sensitive information were being shared with ad networks.

For most Ed Tech services, no data source is too sensitive or off limits. Advertising trackers embedded in school apps can log everything from your child’s reading level to the names of their siblings. The worry is that companies then aggregate these details into profiles, essentially creating a dossier on your child. 

Sophisticated ad-tech firms can combine students’ school data with the data they collect from social media and e-marketers to target children and their families, predict behavior, and influence minds that are still taking shape.

How is this data used?

In the vast majority of cases, students’ sensitive data is used to fuel the advertising and profiling industries. When children’s devices ping dozens of ad trackers, that information typically goes to marketing platforms, analytics firms, and data brokers. These entities then use that data to build detailed profiles and optimize advertising campaigns.

A 2022 investigation by the Markup(nueva ventana) shows just how detailed these profiles can be. It found an Illinois school district’s records created by PowerSchool, an Ed Tech provider that supports over 45 million students worldwide, had nearly 7,000 data fields(nueva ventana) on students, parents, and educators.

The HRW report looks at the app from South Korea’s Educational Broadcasting System (EBS), the nation’s public broadcaster, as an example. When a student visited the EBS homepage, 24 ad trackers began monitoring their activity and reporting that information to 15 advertising companies and data brokers, including Facebook, Google, Criteo, and Appier.

While these last two data brokers are not as well known as Facebook and Google, they advertise themselves as AI-powered marketing platforms(nueva ventana) that allow for hyper-personalized targeting(nueva ventana). In other words, a child’s math homework clicks could feed into ad algorithms that start serving products or messages tailored just for them.

This might sound innocent — who wouldn’t want to filter out irrelevant ads? — but it can lead to real-life harm. Once a data broker gets a student’s information, it can use it to play on their vulnerabilities. The Technology Director of Internet Safety Labs, Irene Knapp, noted to The 74 Million(nueva ventana), a news service about the American education system, the profiles these data brokers built using sensitive data (like a history of anxiety or patterns in educational performance) could make it harder for a student to get services later (like health insurance) or be used to sell them inappropriate products. She gave the example of a student who displayed a propensity for addiction being targeted by e-games like Candy Crush. This kind of predictive targeting is especially toxic for children, who don’t have the maturity to understand or resist such manipulative advertising.

Student data collected by learning tools often funds big business. And parents and schools rarely know the full extent. Even diligent parents or educators who take the time to review all the different privacy policies they’re signing their children up for can be misled. The Internet Safety Lab found in 2024 that schools that attempted to review the apps they used(nueva ventana) did not appreciably reduce the percentage of “Very High Risk” apps in their portfolio or the rates of apps with digital ads.

Why this matters

We all should be alarmed by these practices. Children deserve privacy, and constant surveillance — especially without consent — threatens their safety, rights, and development. Location-tracking apps can make children targets. Detailed advertising profiles can exploit kids’ insecurities or identities (for example, targeting LGBTQ+ youth with manipulative content). 

A deeper burden for marginalized families

Families in marginalized communities feel this acutely. According to a 2024 survey by the Center for Democracy and Technology (CDT), minority parents and parents of children with special needs(nueva ventana) are significantly more concerned about data collection. A child’s private struggles should never be used for profit, yet that is the reality in today’s unregulated Ed Tech world.

Surveillance in a place of trust

Schools should be spaces dedicated to learning and growth. Children and parents place their trust in schools to be nurturing and safe spaces. The fact that so many corporations, advertisers, and Big Tech companies have found a way to plant their trackers in the classroom makes it hard for students to trust their teachers and schools.   

A myth of secure data

Parents and students are also forced to trust these companies to keep this data secure, something they’ve failed to do. In 2025, PowerSchool suffered a breach(nueva ventana) that exposed names, addresses, contact information, and in rare cases, social security numbers and medical information.

The data will follow them

Finally, there are long-term consequences. Data collected now can follow a student for years. Hidden profiles in advertising networks could affect their college admissions, job offers, loans, or insurance in the future, especially if their profile includes sensitive health or identity information. In a world where data is power, giving away a child’s personal information is effectively handing strangers influence over them. 

Patchwork protections aren’t enough

This is why society has generally provided children with extra privacy safeguards, like The Children’s Online Privacy Protection Act (COPPA(nueva ventana)) in the US. But the current reality is a patchwork of protections at best. Many major Ed Tech providers operate in a legal gray zone, handling data in ways that exploit loopholes. Without stricter rules and enforcement, parents and educators are left to find safe services on their own.

Students, teachers, and parents are speaking up

The good news is that awareness and concern about these issues are widespread and growing. The 2024 survey by the CDT(nueva ventana) found that 60% of parents and 50% of students in the US are worried about the privacy of student data. Parents who have been notified of a school data breach — and likely inadvertently learned the amount of data that was collected — are twice as likely to say they are very concerned (86% vs 56%). This shows that when privacy issues become real, families become very anxious.

Teachers, administrators, and tech experts are calling for change. Leaders in school districts are starting to ask tough questions about vendor contracts. The Student Data Privacy Consortium(nueva ventana) helps school districts and universities band together to share data on vendors and demand standard privacy terms.

This public sentiment has sparked meaningful progress in the US at the federal level. In April 2025, the FTC began enforcing an update to COPPA(nueva ventana) that limits how long companies can store data and requires apps to get parents’ explicit opt-in consent to show targeted ads. While this is a good start, the FTC should reconsider the reform it abandoned(nueva ventana) that would prevent companies from using students’ data for commercial gain at all.

These are all signs that awareness is growing — and that privacy must be a non-negotiable feature of any Ed Tech tool.

How to protect your child’s privacy

The situation may seem overwhelming, but there are concrete steps you can take to reduce the risks and demand better practices:

  • Ask questions and read policies: Start by asking your child’s school which apps they use and what data those apps collect. Many schools publish an approved list online that you can use to review each app’s privacy policy or consult resources like the Student Privacy Compass(nueva ventana). If an app shares data with third parties or won’t commit to a privacy-safe contract, that’s a red flag.
  • Push for transparency: Speak up at school board meetings — many schools don’t realize how riddled with data trackers Ed Tech apps can be. Share articles(nueva ventana) or reports to help raise awareness and encourage open conversation. Push your school district to join the Student Data Privacy Consortium(nueva ventana) so it can learn from and coordinate with other schools.
  • Limit sharing of sensitive information: Help your child turn off apps’ location-tracking features where possible and deny their access to cameras or microphones unless it’s essential for learning. Where possible, turn off tracking features and use tools like privacy-focused browsers and search engines for research.
  • Use encrypted tools: Where possible, choose secure tools like encrypted email to keep conversations private. Remind your child not to access personal accounts on school devices to avoid unwanted tracking or data leaks. If your child uses a note-taking app, choose one with end-to-end encryption(nueva ventana) to keep your data safe even if the provider is breached.
  • Advocate for better laws: Support stronger privacy laws by contacting your local representatives and asking why student data doesn’t get the same protection as medical or financial records. Join groups like the Parent Coalition for Student Privacy(nueva ventana) or local digital rights organizations to amplify your voice. Advocacy works and has led to new data protections for students in Minnesota(nueva ventana) and Ohio(nueva ventana).

Importantly, no single solution will fix everything. Ed Tech is here to stay — it brought many benefits during the pandemic and continues to support diverse learning. But it must not come at the cost of our children’s privacy. By staying informed and pushing for change, parents and educators can ensure that their tech serves education and not the other way around.

A privacy-first education

Every child should have the opportunity to learn and grow without being tracked. The good news is that alternatives exist. Human Rights Watch (HRW) identified a dozen Ed Tech websites(nueva ventana) (from countries like France, Germany, Japan, and Argentina) that had zero trackers. These examples prove that educational innovation can respect privacy — it’s a matter of choice and will.

At Proton, we’re proud to offer tools built with privacy in mind. Our services ensure that we can’t see your information. As more parents and schools demand accountability, we hope to see an ecosystem of Ed Tech that treats student data with the care it deserves.

Our children’s curiosity and potential should not be data points for corporate tracking. They deserve safe learning environments,  online and off. By working together, we can ensure that Ed Tech fulfills its promise without endangering student privacy.

Proteja su privacidad con Proton
Crear una cuenta gratuita

Artículos relacionados

en
  • Guías de privacidad
How to change your default Google account
If you use multiple Google accounts and want to learn how to change your default Google account once and for all, this guide will help.
A person and a shield on a computer screen, suggesting how Proton parents guide their kids on online privacy
en
See how Proton parents guide their kids on online privacy to raise critical thinkers in a world built for surveillance and manipulation.
A photo icon and synchronization symbol overlaying a cloud, representing automatic photo backup to the cloud
en
  • Guías de privacidad
How to back up photos securely and privately
See how to back up photos while protecting your privacy using encrypted cloud storage that shields you from scanning, tracking, and profiling.
Learn the best professional email sign-offs, common mistakes to avoid, and real-world examples.
en
Struggling with how to end an email? Learn about the best professional email sign-offs, common mistakes to avoid, and real-world examples.
A phone screen with a speech bubble with a phone number in it
en
Your email address and passwords aren't the only information hackers can use to scam you. Here's what someone can do with your phone number — and how to protect it.
A web application screen with an unlock icon in the bottom right corner
en
Your best defense against a data breach could be improving your web application security: Find out how Proton Pass can help.