Schools are falling short on vetting the apps and internet services they require or recommend that students use.
That’s among the findings of a comprehensive analysis of school technology practices by Internet Safety Labs, a nonprofit group that researches tech product safety.
Researchers analyzed more than 1,300 apps used in 600 schools across the country looking at what information the apps—and the browser versions of those apps—are collecting on students and who that information is shared with or sold to.
Not protecting students’ personal information in the digital space can cause real-world harms, said Lisa LeVasseur, the founder and executive director of Internet Safety Labs and one of the co-authors of the report. Strangers can glean a lot of sensitive information about individuals, she said, from even just their location and calendar data.
“It’s like pulling a thread,” LeVassuer said. “Even data that may seem innocuous can be used maliciously, potentially—certainly in ways unanticipated and undesired. These kids are not signing up for data broker profiles. None of us are, actually.”
(Data brokers are companies that collect people’s personal data from various sources, package it together into profiles, and sell it to other companies for marketing purposes.)
Only 29 percent of schools appear to be vetting all apps used by students, the analysis found. Schools that systematically vet all apps were less likely to recommend or require students use apps that feature ads.
But in an unusual twist, those schools that vet their tech were actually more likely to require students use apps with poor safety ratings from the Internet Research Labs. Although LeVassuer said she’s not sure why that is the case, it might be because schools with systematic vetting procedures wound up requiring that students use more apps, giving schools a false sense of security that the apps they approved were safe to use.
It’s also hard for families to find information online about the technology their children are required to use for school and difficult to opt out of using that tech, according to the report.
Less than half of schools—45 percent—provide a technology notice that clearly lists all of the technology products students must use, the researchers found. While not required under federal or most state laws, it is considered a best practice, the report said.
Only 14 percent of schools gave parents and students older than 18 years of age the opportunity to consent to technology use.
Certifications can give a false sense of security
Researchers for the Internet Safety Lab also found that apps with the third-party COPA certification called Safe Harbor—which indicates that an app follows federal privacy-protection laws for children—are frequently sharing student data with the likes of Facebook and Twitter. Safe Harbor certified apps also have more advertising than the overall sample of apps the report examined.
The certification verifies that the apps abstain from some important data privacy practices, like behavioral advertising, said LeVasseur. But school leaders may not be getting the data privacy protection for students that they believe they are.
“Third-party certifications may not be doing what you think they are,” said LeVassuer.
But overall, apps with third-party certifications, such as 1EdTech, and pledges or promises, such as the Student Privacy Pledge or the Student Data Privacy Consortium, received better data privacy safety ratings under the rubric developed by the Internet Safety Labs.
In all, the Internet Safety Labs examined and tested 1,357 apps that schools across the country either recommend or require students and families to use. It created its sample of apps by assessing the apps recommended or required in a random sample of 13 schools from each of the 50 states and the District of Columbia, totaling 663 schools serving 456,000 students.
While researchers for Internet Safety Labs were only able to analyze the off-the-shelf versions of the apps schools used (they did not have access to school versions of these apps), the group estimates that 8 out of every 10 apps recommended by schools to students are of the off-the-shelf variety.
This is the second report from an ambitious evaluation of the technology used in schools by Internet Safety Labs. The first report, released in December, labeled the vast majority of those apps—96 percent—as not safe for children to use because they share information with third parties or contain ads.
That report also flagged that the custom-built apps some districts use to communicate with families often have more privacy issues than regular apps.
The big takeaway for school and district leaders? LeVasseur said it’s to be on high alert.
While new technology can be exciting, and schools might be eager to adopt it, education leaders should be picky about what apps students are required or recommended to use. “Less is more” should be a guiding star for schools, LeVasseur said.
“I really have a lot of sympathy for schools because they need probably a lot more support than they have, given the risks of technology and the confusing nature of the laws” at both the state and federal level, she said. “I think they’re struggling. I don’t think they know what best practices are.”
