Privacy & Security

Districts, Take Note: Privacy Is Rare in Apps Used in Schools

By Arianna Prothero — July 20, 2023 4 min read
PC tablet with cloud of application icons floating from off the screen.
  • Save to favorites
  • Print

Schools are falling short on vetting the apps and internet services they require or recommend that students use.

That’s among the findings of a comprehensive analysis of school technology practices by Internet Safety Labs, a nonprofit group that researches tech product safety.

Researchers analyzed more than 1,300 apps used in 600 schools across the country looking at what information the apps—and the browser versions of those apps—are collecting on students and who that information is shared with or sold to.

Not protecting students’ personal information in the digital space can cause real-world harms, said Lisa LeVasseur, the founder and executive director of Internet Safety Labs and one of the co-authors of the report. Strangers can glean a lot of sensitive information about individuals, she said, from even just their location and calendar data.

“It’s like pulling a thread,” LeVassuer said. “Even data that may seem innocuous can be used maliciously, potentially—certainly in ways unanticipated and undesired. These kids are not signing up for data broker profiles. None of us are, actually.”

(Data brokers are companies that collect people’s personal data from various sources, package it together into profiles, and sell it to other companies for marketing purposes.)

Only 29 percent of schools appear to be vetting all apps used by students, the analysis found. Schools that systematically vet all apps were less likely to recommend or require students use apps that feature ads.

But in an unusual twist, those schools that vet their tech were actually more likely to require students use apps with poor safety ratings from the Internet Research Labs. Although LeVassuer said she’s not sure why that is the case, it might be because schools with systematic vetting procedures wound up requiring that students use more apps, giving schools a false sense of security that the apps they approved were safe to use.

It’s also hard for families to find information online about the technology their children are required to use for school and difficult to opt out of using that tech, according to the report.

Less than half of schools—45 percent—provide a technology notice that clearly lists all of the technology products students must use, the researchers found. While not required under federal or most state laws, it is considered a best practice, the report said.

Only 14 percent of schools gave parents and students older than 18 years of age the opportunity to consent to technology use.

Certifications can give a false sense of security

Researchers for the Internet Safety Lab also found that apps with the third-party COPA certification called Safe Harbor—which indicates that an app follows federal privacy-protection laws for children—are frequently sharing student data with the likes of Facebook and Twitter. Safe Harbor certified apps also have more advertising than the overall sample of apps the report examined.

The certification verifies that the apps abstain from some important data privacy practices, like behavioral advertising, said LeVasseur. But school leaders may not be getting the data privacy protection for students that they believe they are.

“Third-party certifications may not be doing what you think they are,” said LeVassuer.

See also

Low angle view of a blue padlock made to resemble a circuit board and placed on binary computer code background

But overall, apps with third-party certifications, such as 1EdTech, and pledges or promises, such as the Student Privacy Pledge or the Student Data Privacy Consortium, received better data privacy safety ratings under the rubric developed by the Internet Safety Labs.

In all, the Internet Safety Labs examined and tested 1,357 apps that schools across the country either recommend or require students and families to use. It created its sample of apps by assessing the apps recommended or required in a random sample of 13 schools from each of the 50 states and the District of Columbia, totaling 663 schools serving 456,000 students.

While researchers for Internet Safety Labs were only able to analyze the off-the-shelf versions of the apps schools used (they did not have access to school versions of these apps), the group estimates that 8 out of every 10 apps recommended by schools to students are of the off-the-shelf variety.

This is the second report from an ambitious evaluation of the technology used in schools by Internet Safety Labs. The first report, released in December, labeled the vast majority of those apps—96 percent—as not safe for children to use because they share information with third parties or contain ads.

That report also flagged that the custom-built apps some districts use to communicate with families often have more privacy issues than regular apps.

The big takeaway for school and district leaders? LeVasseur said it’s to be on high alert.

While new technology can be exciting, and schools might be eager to adopt it, education leaders should be picky about what apps students are required or recommended to use. “Less is more” should be a guiding star for schools, LeVasseur said.

“I really have a lot of sympathy for schools because they need probably a lot more support than they have, given the risks of technology and the confusing nature of the laws” at both the state and federal level, she said. “I think they’re struggling. I don’t think they know what best practices are.”


This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Classroom Technology Webinar
How to Leverage Virtual Learning: Preparing Students for the Future
Hear from an expert panel how best to leverage virtual learning in your district to achieve your goals.
Content provided by Class
English-Language Learners Webinar AI and English Learners: What Teachers Need to Know
Explore the role of AI in multilingual education and its potential limitations.
Education Webinar The K-12 Leader: Data and Insights Every Marketer Needs to Know
Which topics are capturing the attention of district and school leaders? Discover how to align your content with the topics your target audience cares about most. 

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide — elementary, middle, high school and more.
View Jobs
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
View Jobs
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
View Jobs
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.
View Jobs

Read Next

Privacy & Security 7 Data Breaches That Left Schools in the Lurch
K-12 schools are increasingly vulnerable to cyberattacks.
3 min read
Conceptual photo of blue locks and red locks that are "unlocked" and each placed in a honeycomb grid.
Privacy & Security Schools Are a Top Target of Ransomware Attacks, and It's Getting Worse
Eighty percent of school IT professionals reported that their schools were hit by ransomware in the last year, according to a Sophos survey.
3 min read
Conceptual illustration of computer with a pixelated lock on screen.
Nanzeeba Ibnat/iStock/Getty Images Plus
Privacy & Security Biden Administration Announces Cybersecurity Initiative for K-12 Schools
K-12 schools have become a big target for hackers in recent years and the cyberattacks are more sophisticated than ever.
4 min read
Special Report Cybersecurity
Privacy & Security Newly Proposed Grants Could Help Districts Extinguish a Cybersecurity '4-Alarm Fire'
School districts could apply for grants to protect against the mounting threat of cyberattacks, FCC chairwoman says.
5 min read
Illustration of cloud computing and lock.
iStock / Getty Images Plus