In 2020, there was a rush to connect students to remote classrooms during the pandemic. In the years since, we’ve discovered most education apps and websites (referred to as Ed Tech) and platforms are spying on our children. 

In 2022, Researchers at the Internet Safety Labs found that up to 96% of apps used in US schools(ventana nueva) share student information with third parties, and 78% of them shared this data with advertisers and data brokers. Human Rights Watch’s (HRW) 2022 global analysis of 164 Ed Tech products(ventana nueva) across 49 countries revealed that 89% of them risk children’s privacy by embedding trackers that report back to the advertising industry. Another study by the Internet Safety Labs, this one published in 2024, found that the average Ed Tech app with trackers forwarded data to 6.7 different data broker companies(ventana nueva) every time a student logged on. This means every students’ click, keystroke, and physical location can be traced by companies with commercial motives — often without parents or teachers even knowing.

The findings from all these studies are remarkably consistent. Most Ed Tech services collect far more student data than parents and schools realize.

What data do Ed Tech apps collect?

The scope of information Ed Tech services access and collect is broad. In particularly egregious cases, some Ed Tech services were caught secretly collecting students’ information. This behavior is unacceptable for any app, especially one that schools require children to use.  

Examples of the sensitive data these apps collect include:

Location data: Many apps can track students’ precise GPS location or IP-based whereabouts. As HRW(ventana nueva) warns, such data can reveal where a child lives and where they go to school, trips between divorced parents’ homes, and visits to a doctor’s office specializing in childhood cancer

Biometric and media access: Many virtual classroom tools need access to cameras, microphones, and even keyboards so children can talk to their teachers or share answers. But there’s no need for an app to share this information with third parties. Adobe Connect, for instance, was found logging keystrokes and phone numbers; accessing students’ cameras and microphones; and sharing this information with Google(ventana nueva).

Personal and social data: Many education apps ask for or harvest contact lists, email addresses, and demographic information. HRW found three particularly egregious apps(ventana nueva) (Kelas Pintar, Shad, and Extramarks) that collected this information without disclosing it in their privacy policies. This ability to map social networks is extremely valuable, and something all data brokers try to do. 

Behavior and usage data: Every click, quiz answer, or timestamp is often logged. Ed Tech systems capture what pages students visit, how long they spend on tasks, and which problems they struggle with. Alone this sounds benign, but when combined with third-party trackers, it can be correlated with behavior outside school.

Sensitive records: Some learning apps inevitably touch on private subjects. For example, online counseling tools, mental health quizzes, or special education resources could reveal health conditions or disabilities. An Internet Safety Labs report found that mental health records(ventana nueva) and similarly sensitive information were being shared with ad networks. 

For most Ed Tech services, no data source is too sensitive or off limits. Advertising trackers embedded in school apps can log everything from your child’s reading level to the names of their siblings. The worry is that companies then aggregate these details into profiles, essentially creating a dossier on your child. 

Sophisticated ad-tech firms can combine students’ school data with the data they collect from social media and e-marketers to target children and their families, predict behavior, and influence minds that are still taking shape.

How is this data used?

In the vast majority of cases, students’ sensitive data is used to fuel the advertising and profiling industries. When children’s devices ping dozens of ad trackers, that information typically goes to marketing platforms, analytics firms, and data brokers. These entities then use that data to build detailed profiles and optimize advertising campaigns.

A 2022 investigation by the Markup(ventana nueva) shows just how detailed these profiles can be. It found an Illinois school district’s records created by PowerSchool, an Ed Tech provider that supports over 45 million students worldwide, had nearly 7,000 data fields(ventana nueva) on students, parents, and educators. 

The HRW report looks at the app from South Korea’s Educational Broadcasting System (EBS), the nation’s public broadcaster, as an example. When a student visited the EBS homepage, 24 ad trackers began monitoring their activity and reporting that information to 15 advertising companies and data brokers, including Facebook, Google, Criteo, and Appier.

While these last two data brokers are not as well known as Facebook and Google, they advertise themselves as AI-powered marketing platforms(ventana nueva) that allow for hyper-personalized targeting(ventana nueva). In other words, a child’s math homework clicks could feed into ad algorithms that start serving products or messages tailored just for them.

This might sound innocent — who wouldn’t want to filter out irrelevant ads? — but it can lead to real-life harm. Once a data broker gets a student’s information, it can use it to play on their vulnerabilities. The Technology Director of Internet Safety Labs, Irene Knapp, noted to The 74 Million(ventana nueva), a news service about the American education system, the profiles these data brokers built using sensitive data (like a history of anxiety or patterns in educational performance) could make it harder for a student to get services later (like health insurance) or be used to sell them inappropriate products. She gave the example of a student who displayed a propensity for addiction being targeted by e-games like Candy Crush. This kind of predictive targeting is especially toxic for children, who don’t have the maturity to understand or resist such manipulative advertising.

Student data collected by learning tools often funds big business. And parents and schools rarely know the full extent. Even diligent parents or educators who take the time to review all the different privacy policies they’re signing their children up for can be misled. The Internet Safety Lab found in 2024 that schools that attempted to review the apps they used(ventana nueva) did not appreciably reduce the percentage of “Very High Risk” apps in their portfolio or the rates of apps with digital ads. 

Why this matters

We all should be alarmed by these practices. Children deserve privacy, and constant surveillance — especially without consent — threatens their safety, rights, and development. Location-tracking apps can make children targets. Detailed advertising profiles can exploit kids’ insecurities or identities (for example, targeting LGBTQ+ youth with manipulative content). 

A deeper burden for marginalized families

Families in marginalized communities feel this acutely. According to a 2024 survey by the Center for Democracy and Technology (CDT), minority parents and parents of children with special needs(ventana nueva) are significantly more concerned about data collection. A child’s private struggles should never be used for profit, yet that is the reality in today’s unregulated Ed Tech world.

Surveillance in a place of trust

Schools should be spaces dedicated to learning and growth. Children and parents place their trust in schools to be nurturing and safe spaces. The fact that so many corporations, advertisers, and Big Tech companies have found a way to plant their trackers in the classroom makes it hard for students to trust their teachers and schools.   

A myth of secure data

Parents and students are also forced to trust these companies to keep this data secure, something they’ve failed to do. In 2025, PowerSchool suffered a breach(ventana nueva) that exposed names, addresses, contact information, and in rare cases, social security numbers and medical information. 

The data will follow them

Finally, there are long-term consequences. Data collected now can follow a student for years. Hidden profiles in advertising networks could affect their college admissions, job offers, loans, or insurance in the future, especially if their profile includes sensitive health or identity information. In a world where data is power, giving away a child’s personal information is effectively handing strangers influence over them. 

Patchwork protections aren’t enough

This is why society has generally provided children with extra privacy safeguards, like The Children’s Online Privacy Protection Act (COPPA(ventana nueva)) in the US. But the current reality is a patchwork of protections at best. Many major Ed Tech providers operate in a legal gray zone, handling data in ways that exploit loopholes. Without stricter rules and enforcement, parents and educators are left to find safe services on their own.

Students, teachers, and parents are speaking up

The good news is that awareness and concern about these issues are widespread and growing. The 2024 survey by the CDT(ventana nueva) found that 60% of parents and 50% of students in the US are worried about the privacy of student data. Parents who have been notified of a school data breach — and likely inadvertently learned the amount of data that was collected — are twice as likely to say they are very concerned (86% vs 56%). This shows that when privacy issues become real, families become very anxious.

Teachers, administrators, and tech experts are calling for change. Leaders in school districts are starting to ask tough questions about vendor contracts. The Student Data Privacy Consortium(ventana nueva) helps school districts and universities band together to share data on vendors and demand standard privacy terms.

This public sentiment has sparked meaningful progress in the US at the federal level. In April 2025, the FTC began enforcing an update to COPPA(ventana nueva) that limits how long companies can store data and requires apps to get parents’ explicit opt-in consent to show targeted ads. While this is a good start, the FTC should reconsider the reform it abandoned(ventana nueva) that would prevent companies from using students’ data for commercial gain at all. 

These are all signs that awareness is growing — and that privacy must be a non-negotiable feature of any Ed Tech tool.

How to protect your child’s privacy

The situation may seem overwhelming, but there are concrete steps you can take to reduce the risks and demand better practices:

  • Ask questions and read policies: Start by asking your child’s school which apps they use and what data those apps collect. Many schools publish an approved list online that you can use to review each app’s privacy policy or consult resources like the Student Privacy Compass(ventana nueva). If an app shares data with third parties or won’t commit to a privacy-safe contract, that’s a red flag.
  • Push for transparency: Speak up at school board meetings — many schools don’t realize how riddled with data trackers Ed Tech apps can be. Share articles(ventana nueva) or reports to help raise awareness and encourage open conversation. Push your school district to join the Student Data Privacy Consortium(ventana nueva) so it can learn from and coordinate with other schools.
  • Limit sharing of sensitive information: Help your child turn off apps’ location-tracking features where possible and deny their access to cameras or microphones unless it’s essential for learning. Where possible, turn off tracking features and use tools like privacy-focused browsers and search engines for research.
  • Use encrypted tools: Where possible, choose secure tools like encrypted email to keep conversations private. Remind your child not to access personal accounts on school devices to avoid unwanted tracking or data leaks. If your child uses a note-taking app, choose one with end-to-end encryption(ventana nueva) to keep your data safe even if the provider is breached.
  • Advocate for better laws: Support stronger privacy laws by contacting your local representatives and asking why student data doesn’t get the same protection as medical or financial records. Join groups like the Parent Coalition for Student Privacy(ventana nueva) or local digital rights organizations to amplify your voice. Advocacy works and has led to new data protections for students in Minnesota(ventana nueva) and Ohio(ventana nueva)

Importantly, no single solution will fix everything. Ed Tech is here to stay — it brought many benefits during the pandemic and continues to support diverse learning. But it must not come at the cost of our children’s privacy. By staying informed and pushing for change, parents and educators can ensure that their tech serves education and not the other way around.

A privacy-first education

Every child should have the opportunity to learn and grow without being tracked. The good news is that alternatives exist. Human Rights Watch (HRW) identified a dozen Ed Tech websites(ventana nueva) (from countries like France, Germany, Japan, and Argentina) that had zero trackers. These examples prove that educational innovation can respect privacy — it’s a matter of choice and will.

At Proton, we’re proud to offer tools built with privacy in mind. Our services ensure that we can’t see your information. As more parents and schools demand accountability, we hope to see an ecosystem of Ed Tech that treats student data with the care it deserves.

Our children’s curiosity and potential should not be data points for corporate tracking. They deserve safe learning environments,  online and off. By working together, we can ensure that Ed Tech fulfills its promise without endangering student privacy.