In the rush to procure education technology (EdTech) products for online learning in the pandemic, governments did not check that they were safe for children to use, a Human Rights Watch report has found. As a result, children were exposed to unsafe privacy practices of EdTech products they were told, or required to use. 146 authorised products were found to have monitored children and harvested their personal data.

The report examined 164 education technology (EdTech) products endorsed by 49 countries around the world. With the exception of Morocco, all governments were found to have endorsed at least one product that risked or undermined children’s rights. Of the 164 products reviewed, 146 (89%) “appeared to engage in data practices that put children’s rights at risk”. These products monitored, or had the capacity to monitor children in most cases secretly and without the consent of children or their parents.

Children paid for ‘free’ learning via EdTech with their privacy and data

Most EdTech products were offered to governments in the pandemic at no direct financial cost. But, by endorsing and enabling the wide adoption of EdTech products, children ultimately paid for their education with access to their personal information. The Human Right’s Watch report found that EdTech products breached children’s privacy in two main ways;

• Most online learning software installed tracking technologies that trailed children outside of their virtual classrooms and across the internet.
• Most online learning software sent, or granted access to, children’s data to advertising technology (AdTech) companies. Some EdTech products then targeted children with behavioural advertising.

“Children should be safe in school, whether that’s in person or online. By failing to ensure that their recommended online learning products protected children and their data, governments flung open the door for companies to surveil children online, outside school hours, and deep into their private lives.”

Hye Jung Han, children’s rights and technology researcher and advocate at Human Rights Watch

Most of the parties involved in online learning – children, their teachers, and parents – were ignorant about these data practices. Human Rights Watch found that the data surveillance took place in virtual classrooms and educational settings where children could not reasonably object.

Most EdTech companies did not allow children or parents to opt-out of being tracked. Most of the monitoring happened secretly, without the child’s knowledge or consent. Some EdTech products were found to have invisibly tagged children in ways that were impossible to avoid without destroying the device.

Children are being monitored at scale

The pandemic necessitated a rapid escalation of online learning. But, children’s reliance on the digital world for education will continue long after the end of the pandemic. In the current environment that means surveillance of their online activities will also continue.

A previous piece of research by the Center for Democracy and Technology (CDT) found that, “86% of teachers reported that, during the pandemic, US schools provided tablets or laptops to students at twice the rate (43%) prior to the pandemic.” But, devices provided were also then used to monitor children in the name of ‘protecting’ them.

Thousands of US school districts installed surveillance software on school-provided devices to monitor children’s online interactions. Software, such as Gaggle, Lightspeed and Bark can be configured to search for language indicating suicidal ideation, drug use, eating disorders etc. So that, if one child emails or messages another at the same school saying they’ve been thinking of hurting themselves, an AI bot can send an alert to their teacher allowing them to check in.

Students are mostly aware they are being monitored, according to surveys, but are not aware of the extent. Including that teachers can access their device remotely, closing tabs and overriding keyboards – even after school hours.

More countries need child-specific data protection laws

As in many areas of the digital world, legislation globally lags technology and its use. Human Rights Watch urge that governments around the world should pass and enforce child-specific data protection laws that provide safeguards around the collection, processing, and use of children’s data, in ways that risk or infringe on their rights.

The Federal Trade Commission in the US have voted to approve a policy reminding EdTech providers to follow the federal limits on the collection and use of kids’ data. In the EU a company/organisation can only process a child’s personal data with the explicit consent of their parent or guardian up to ages between 13 and 16 (depending on each EU Member State).

If your child is not covered by either of those pieces of legislation, you would do well to investigate what your own government’s position is on collection of your child’s data by EdTech products.