Privacy & Security

State and District Education Websites Fail to Disclose Ad Trackers, Study Finds

By Sarah Schwartz — January 31, 2018 4 min read
  • Save to favorites
  • Print

Many state and local education agency websites aren’t disclosing the presence of third-party tracking services, which can use information about users’ browsing history and online activity to target advertisements, according to a study released this week by EdTech Strategies, an education consulting group.

A large majority of education agencies—over 90 percent of all state departments of education, and all but one of a sample of 159 school districts—are using free, cloud-based tracking tools offered by tech giants Google, Facebook, and Twitter to gather and analyze information about their audience, the study found.

These free site analytics come with a cost. Companies provide them in exchange for the ability to track users’ internet activity and browsing history over time, gathering information they can use to show targeted ads.

This use of this practice—known as ad tracking—and the use of third-party surveillance tools in general, are hardly unique to education websites. Just under two-thirds of the top 10,000 most popular sites on the internet use Google Analytics, according to BuiltWith, a company that tracks what technologies are being used in websites.

But ad tracking has seen scrutiny for collecting and using data in ways that could violate users’ expectations of privacy—including in ed-tech products. Edmodo, a popular classroom learning system, came under fire last May when it was discovered to have embedded ad tracking in its platform.

If states and districts choose to use this technology, they have a responsibility to clearly define the privacy and security implications for the students, parents, educators, and community members using the site, said Doug Levin, the president of EdTech Strategies, in an interview.

“School districts should be intentional about this,” said Levin. The study, he said, demonstrates that most education agencies aren’t currently fulfilling this obligation.

About a third of state departments of education that allowed ad tracking on their websites either didn’t reference it on their sites, or provided misleading information in a site privacy policy that suggested users’ activity was not being recorded and stored by a third party. Omitting this information can also be a violation of the partner company’s policies: Google Analytics requires that websites disclose that they’re using the service, and explain that Google will be collecting data on the site’s visitors.

Only 30 of the 159 school districts (19 percent) included in the sample published a district privacy policy on their website. Of those, about two-thirds mentioned the use of tracking—but, similar to the state departments of education, some mischaracterized how the site would track users.

For example, one district’s policy said that their website doesn’t “place a ‘cookie,’” a small data file that can keep track of a user, on visitors’ computers. But the study found that the same district website used Google Analytics and two Twitter trackers—all tools that use cookies.

Privacy and Security Gaps Likely Are Not Intentional

To determine which trackers and analytics software education agency websites deployed, EdTech Strategies used Tracker Tracker, an automated website scanner that identifies ad tracking and other surveillance tools, to review the homepages of all state departments of education and a national sample of 159 districts. Districts represented were either recipients of the Consortium for School Networking’s Trusted Learning Environment Seal, members of the Council of Great City Schools, or members of Digital Promise’s League of Innovative Schools, with some overlap.

The report also found that many websites in the study did not support secure browsing—the “https” protocol that provides increased privacy protections, compared to “http"—leaving their users vulnerable to threats like malware and hackers.

Just over half of the state websites and 43 percent of the district websites didn’t reliably support secure browsing, according to an analysis of results from Observatory, a Mozilla tool that evaluates website security.

In many cases, these privacy and security gaps are most likely not intentional, said Levin. States and districts with thin IT staffs may be overwhelmed with other security concerns, or education agencies that contracted out their website development might not be aware of, as he put it, “the data collection and sharing that is happening under the hood.”

The report includes a list of action steps for states and districts looking to implement secure browsing or evaluate their use of third party tracking tools.

Levin said there are other free website analytics tools available that take more steps to protect users’ privacy than the solutions offered by Google, for example. The report also identifies free tools that can be used to test a website’s ability to support secure browsing.


See more:

Related Tags:

A version of this news article first appeared in the Digital Education blog.


Commenting has been disabled on edweek.org effective Sept. 8. Please visit our FAQ section for more details. To get in touch with us visit our contact page, follow us on social media, or submit a Letter to the Editor.


Events

This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
Teaching Webinar
6 Key Trends in Teaching and Learning
As we enter the third school year affected by the pandemic—and a return to the classroom for many—we come better prepared, but questions remain. How will the last year impact teaching and learning this school
Content provided by Instructure
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
School & District Management Webinar
Ensuring Continuity of Learning: How to Prepare for the Next Disruption
Across the country, K-12 schools and districts are, again, considering how to ensure effective continuity of learning in the face of emerging COVID variants, politicized debates, and more. Learn from Alexandria City Public Schools superintendent
Content provided by Class
Teaching Profession Live Online Discussion What Have We Learned From Teachers During the Pandemic?
University of California, Santa Cruz, researcher Lora Bartlett and her colleagues spent months studying how the pandemic affected classroom teachers. We will discuss the takeaways from her research not only for teachers, but also for

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide — elementary, middle, high school and more.
View Jobs
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
View Jobs
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
View Jobs
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.
View Jobs

Read Next

Privacy & Security Spotlight Spotlight on Lessons Learned: Digital Safety
In this Spotlight, review ways you should be approaching student and system data, discover how others teach digital safety, and more.
Privacy & Security Quiz Quiz: How Much Do You Know About Protecting Students During Remote Learning?
Quiz Yourself: What should you know about storing video content involving students?
Privacy & Security Spotlight Spotlight: Online Student Safety
In this Spotlight, assess possible digital vulnerabilities, learn how students may be partaking in digital self-harm, and more.
Privacy & Security Hackers Post 26,000 Broward School Files Online After District Doesn't Pay Ransom
Hackers who demanded up to $40 million from the Broward School District have now published nearly 26,000 files stolen from district servers.
Scott Travis, South Florida Sun-Sentinel
3 min read
Image shows a glowing futuristic background with lock on digital integrated circuit.
iStock/Getty Images Plus